使用tcpdump抓包实例

tcpdump通过调用网卡驱动进行网络抓包，在网络诊断，数据包分析的时候，特别有用。例子如下：

tcpdump  -i  eno16777728  host 192.168.52.1 
#抓取本机到192.168.52.1主机的数据包

tcpdump  -i  eno16777728  -nnn host 192.168.52.1  and tcp   port 25
#指定端口

tcpdump  -i  eno16777728  -nnn dst 192.168.52.10
#指定目标主机为192.168.52.10

tcpdump  -i  eno16777728  -nnn dst www.qq.com  
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno16777728, link-type EN10MB (Ethernet), capture size 262144 bytes
18:49:56.006662 IP 192.168.52.132 > 121.51.77.195: ICMP echo request, id 15911, seq 1, length 64
18:49:57.008153 IP 192.168.52.132 > 121.51.77.195: ICMP echo request, id 15911, seq 2, length 64
18:49:58.010066 IP 192.168.52.132 > 121.51.77.195: ICMP echo request, id 15911, seq 3, length 64
18:49:59.011174 IP 192.168.52.132 > 121.51.77.195: ICMP 


tcpdump  -i  eno16777728  -nnn arp  #指定抓取arp协议的数据包

tcpdump  -i  eno16777728  -nnn dst 192.168.52.1  and  tcp  port ! 22   #！取反