Linux使用tcpdump命令抓包保存pcap文件wireshark分析 |
您所在的位置:网站首页 › tcpdump抓包保存文件位置 › Linux使用tcpdump命令抓包保存pcap文件wireshark分析 |
[root@ok Desktop]# yum search tcpdump
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
======================================================================= N/S Matched: tcpdump ========================================================================
tcpdump.x86_64 : A network traffic monitoring tool
Name and summary matches only, use "search all" for everything.
[root@ok Desktop]# which tcpdump
/usr/sbin/tcpdump
[root@ok Desktop]# tcpdump -h
tcpdump version 4.1-PRE-CVS_2015_07_23
libpcap version 1.4.0
Usage: tcpdump [-aAdDefhIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -j tstamptype ] [ -M secret ]
[ -P in|out|inout ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -z command ]
[ -Z user ] [ expression ]
[root@ok Desktop]# yum search wireshark
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
================================================ N/S Matched: wireshark ================================================
wireshark-devel.i686 : Development headers and libraries for wireshark
wireshark-devel.x86_64 : Development headers and libraries for wireshark
wireshark-gnome.x86_64 : Gnome desktop integration for wireshark and wireshark-usermode
wireshark.i686 : Network traffic analyzer
wireshark.x86_64 : Network traffic analyzer
Name and summary matches only, use "search all" for everything.
安装: [root@ok Desktop]# yum install wireshark* -y [root@ok Desktop]# which wireshark /usr/sbin/wireshark [root@ok Desktop]# rpm -qa|grep wiresharkwireshark-devel-1.8.10-17.el6.x86_64wireshark-1.8.10-17.el6.x86_64wireshark-gnome-1.8.10-17.el6.x86_64保存tcpdump抓包结果 [root@bass Desktop]# tcpdump -i eth0 -w dump.pcap -i #是指定要抓取的网卡 -w #指定结果保存的位置 [root@bass Desktop]# tcpdump -i eth0 -w dump.pcap -v tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 189 packets captured 189 packets received by filter 0 packets dropped by kernel -v#主要是为了得到Got 15这个数,当想要停止的时候,按下ctrl + c [root@bass Desktop]# ll -h dump.pcap -rw-r--r--. 1 tcpdump tcpdump 18K Aug 30 13:19 dump.pcap在wireshark中打开 [root@bass Desktop]# wireshark dump.pcap #linux下查看我们用tcpdump抓包的时候,默认是显示这样的 使用-c参数指定要监听到的数据包数量 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |