linux tcpdump 抓包

?

1）抓取百度80端口数据包

localhost:~ # tcpdump -i eth0 host hostname and src port 80
tcpdump: unknown host 'hostname'
localhost:~ # tcpdump -i eth0 host www.baidu.cm? and src port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
^C
0 packets captured
8 packets received by filter
0 packets dropped by kernel

?

2）将抓取的数据包保存到指定的文件中
localhost:~ # tcpdump -l >/mnt/hgfs/tools/baidutcp.txt
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
^C54 packets captured
54 packets received by filter
0 packets dropped by kernel

?

3）查看文件大小
localhost:~ # du -sh /mnt/hgfs/tools/baidutcp.txt
2.5K??? /mnt/hgfs/tools/baidutcp.txt
localhost:~ #