tcpdump tcp -i wlan0 -t -s 0 -c 100 and (src net 192.168.199.176 or dst net 192.168.199.176 ) and ( tcp[20:2]=0x4745 or tcp[20:2]=0x4854) -w ./t arget.cap
抓取192.168.199.176所有HTTP包
详情:http://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html
http://www.cnblogs.com/jiangz/archive/2013/04/04/2997047.html