tcpdump:
-i interface
-w file
-nn:
-X:hex and ASCII
-r file
expression:
关键字:
type:host,net,port,portrange
direction:src,dst,src or dst,src and dst
protocol:ether,ip,arp,tcp,udp,wlan
组合条件:
and
or
not