Linux common commands-109: tcpdump

The function of the tcpdump command is to monitor network traffic. It is a commonly used data packet capture software in Linux systems. It can record all data packets passing through the server. The command requires root privileges.

Syntax format: tcpdump [parameter]

Common parameters:

Example

 # 监听指定网口的数据包sudo tcpdump -i enp0s25

 # 监听指定主机的数据包,可以使用ip 地址,也可以域名sudo tcpdump host 192.168.1.140
 # 根据源端口进行过滤sudo tcpdump src port 8080 # 根据目标端口进行过滤sudo tcpdump dst port 8080 # 同时过滤多个端口sudo tcpdump port 80 or port 8080 # 多个条件的组合,使用and 关键字,其它的还有not 和or sudo tcpdump src 192.168.1.140 and dst port 3306 # 有时候需要保存抓包结果,交由其它工具分析,如wireshark sudo tcpdump icmp -w icmp.pcap

This article is reprinted from https://xugaoxiang.com/2022/09/28/linux-cmds-109-tcpdump/
This site is for inclusion only, and the copyright belongs to the original author.