tcpdump安装略过。
1.监听eth0网卡HTTP 80端口的request和response
tcpdump -i eth0 -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
2.监听eth0网卡HTTP 80端口的request(不包括response),指定来源域名"example.com",也可以指定IP"192.168.1.107"
tcpdump -i eth0 -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
3.监听本机发送至本机的HTTP 80端口的request和response
tcpdump -i lo -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
4.监听eth0网卡HTTP 80端口的request和response,结果另存为cap文件
tcpdump -i eth0 -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -w ./dump.cap
注1:如果报错"tcpdump: Bluetooth link-layer type filtering not implemented",是因为默认网卡不是ech0,需要用-i参数指定
注2:通过ifconfig命令查看网卡
作者:带鱼兄
来源:CSDN
原文:https://blog.csdn.net/daiyudong2020/article/details/71375256
版权声明:本文为博主原创文章,转载请附上博文链接!
