0x0800 ipv40x0806 arp0x8100 tags vlan0x8137 ipx0x8808 flow control0x86dd ipv60x8863 pppoe discovery 发现帧0x8864 pppoe session 会话帧0x8870 巨帧# mac 过滤tcpdump '((icmp) and ((ether dst host 00:01:02:03:04:05)))'# tcpdump -i eth0 ether proto 0x0800抓vlan包:# tcpdump -i eth0 ether proto 0x8100抓pppoe包:# tcpdump -i eth0 -n ether proto 0x8863 '||' ether proto 0x8864
tshark -d tcp.port==8888:3,http
tshark -d tcp.port==8888:3,http will decode any traffic running over TCP ports 8888, 8889 or 8890 as HTTP
tshark -d tcp.port==8888-8890,http will decode any traffic running over TCP ports 8888, 8889 or 8890 as HTTP
tshark -d ethertype==0x0800 ptp.v2.flags.unicast == 0
tshark -e frame.number
tshark -i eth0 -Y "ip.addr==192.168.1.1"
-O <protocols> shows packet details of listed protocol(s), comma-separated
-P show packet summary even when writing to a file
-V shows the packet tree (Packet Details window information)
-S <separator> add a line separator between packets
-t ad flag to TShark will add timestamps to the beginning of each packet capture
若有收获,就点个赞吧
0 人点赞
