计算机网络 – 马谦的博客

参考：[linux 速成案例](/linux/linux-maintenance/quick-guide-of-tcpdump-html.html)

一、基本用法

最简单的用法就是直接输入 tcpdump，监控所有的数据包：

[ma@ma ~]$ tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on usbmon1, link-type USB_LINUX_MMAPPED (USB with padded Linux header), capture size 65535 bytes
10:53:08.002434 CONTROL SUBMIT to 1:2:0
10:53:08.004461 CONTROL COMPLETE from 1:2:0
10:53:08.004502 CONTROL SUBMIT to 1:1:0
10:53:08.004502 CONTROL COMPLETE from 1:1:0
10:53:10.850080 CONTROL SUBMIT to 1:1:0
10:53:10.850102 CONTROL COMPLETE from 1:1:0

[ma@ma ~]$ tcpdump

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on usbmon1, link-type USB_LINUX_MMAPPED (USB with padded Linux header), capture size 65535 bytes

10:53:08.002434 CONTROL SUBMIT to 1:2:0

10:53:08.004461 CONTROL COMPLETE from 1:2:0

10:53:08.004502 CONTROL SUBMIT to 1:1:0

10:53:08.004502 CONTROL COMPLETE from 1:1:0

10:53:10.850080 CONTROL SUBMIT to 1:1:0

10:53:10.850102 CONTROL COMPLETE from 1:1:0

一	二	三	四	五	六	日
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

tcpdump 速成指南

tcpdump 的基本用法

一、基本用法