Network Analysis Using Wireshark 2 Cookbook(Second Edition)
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Start capturing data – capture data on Linux/Unix machines

In Linux and Unix devices, we have the good old TCPDUMP utility, actually the command that the Wireshark came from.

For using TCPDUMP, you have the following commands (the most common ones):

  • Capture packets on a specific interface:
    • Syntax is tcpdump -i <interface_name>
    • Example is tcpdump -i eth0
  • Capture and save packets in a file:
    • Syntax is tcpdump -w <file_name> -i <interface_name>
    • Example is tcpdump -w test001 -i eth1
  • Read captured packets' file:
    • Syntax is tcpdump -r <file_name>
    • Example is tcpdump -r test001

To use capture filters, use the capture filters format described in Chapter 3, Using Capture Filters.

上一章目录下一章