tcpdump抓包,抓包导出.pcap文件用wireshark看
1、抓所有口的包
tcpdump -i any host 设备的ip
2、抓特定口的包
tcpdump -i eth2 port 61182 -nne
3、将抓到的包导出到pacb文件
tcpdump -i eth2 port 61182 -nne -s0 -w /tmp/61182.pcap
-s0
: Sets the snapshot length to capture the entire packet. The0
means thattcpdump
will capture the entire packet regardless of its size.-w /tmp/61182.pcap
: Writes the raw packets to a file (/tmp/61182.pcap
) instead of parsing and printing them out.