想看到连接的SYN\SRT\FIN\ACK等包,用tcpdump,命令是怎样的

发布网友 发布时间：2022-04-25 07:16

我来回答

共1个回答

热心网友 时间：2023-11-06 07:11

默认情况下tcpmp将一直抓包，直到按下”ctrl+c”中止，使用-c选项我们可以指定抓包的数量：

bash代码
slot10_suse10sp2:/tmp/lx # tcpmp -c 2 -i eth0
tcpmp: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

10:58:05.656104 IP 10.71.171.140.ssh > 10.70.121.92.autodesk-lm: P 1210443473:12104435(116) ack2583117929 win 128
10:58:05.657074 IP 10.70.121.92.autodesk-lm > 10.71.171.140.ssh: . ack 116 win 65211

2 packets captured
6 packets received by filter
0 packets dropped by kernel

以上例子中，只针对eth0网口抓2个包。

热心网友 时间：2023-11-06 07:11

默认情况下tcpmp将一直抓包，直到按下”ctrl+c”中止，使用-c选项我们可以指定抓包的数量：

bash代码
slot10_suse10sp2:/tmp/lx # tcpmp -c 2 -i eth0
tcpmp: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

10:58:05.656104 IP 10.71.171.140.ssh > 10.70.121.92.autodesk-lm: P 1210443473:12104435(116) ack2583117929 win 128
10:58:05.657074 IP 10.70.121.92.autodesk-lm > 10.71.171.140.ssh: . ack 116 win 65211

2 packets captured
6 packets received by filter
0 packets dropped by kernel

以上例子中，只针对eth0网口抓2个包。