https://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html
tcpdump -i [interface] -w cap.cap抓到后的cap.cap包可以在Windows上用wireshark进行筛查。