tcpdump抓包，抓包导出.pcap文件用wireshark看

1、抓所有口的包
tcpdump -i any host 设备的ip

2、抓特定口的包
tcpdump -i eth2 port 61182 -nne

3、将抓到的包导出到pacb文件

tcpdump -i eth2 port 61182 -nne -s0 -w /tmp/61182.pcap

• -s0: Sets the snapshot length to capture the entire packet. The 0 means that tcpdump will capture the entire packet regardless of its size.
• -w /tmp/61182.pcap: Writes the raw packets to a file (/tmp/61182.pcap) instead of parsing and printing them out.