Linux 好用的命令（tcpdump，nc）

1.tcpdump

我的命令：

tcpdump -s0 -x -i eth0 host 192.168.5.21 or host 192.168.5.22 -w wd.cap抓取IP为192.168.5.21和192.168.5.22的包，以wd.cap名称进行保存

tcpdump -s0 -i any udp port 8500 or port 8600

tcpdump -s0 -x host 192.168.16.139

抓包结束时，使用Ctrl+z

sz wd.cap，使用sz命令将wd.cap的包放到“..\SecureCRT\download”命令下（用的SecureCRT运行的linux）

使用wireshark可以打开抓取到的包

使用man tcpdump可以得到tcpdump命令的详细说明，下面是man tcpdump的一部分

NAME
tcpdump - dump traffic on a network

DESCRIPTION
Tcpdump prints out the headers of packets on a network interface that match the boolean expression. It can
also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with
the -r flag, which causes it to read from a saved packet file rather than to read packets from a network inter-
face. In all cases, only packets that match expression will be processed by tcpdump.

Tcpdump will, if not run with the -c flag, continue capturing packets until it is interrupted by a SIGINT sig-
nal (generated, for example, by typing your interrupt character, typically control-C) or a SIGTERM signal (typ-
ically generated with the kill(1) command); if run with the -c flag, it will capture packets until it is inter-
rupted by a SIGINT or SIGTERM signal or the specified number of packets have been processed.

When tcpdump finishes capturing packets, it will report counts of:

packets ‘‘captured’’ (this is the number of packets that tcpdump has received and processed);

packets ‘‘received by filter’’ (the meaning of this depends on the OS on which you’re running tcpdump,
and possibly on the way the OS was configured - if a filter was specified on the command line, on some
OSes it counts packets regardless of whether they were matched by the filter expression and, even if
they were matched by the filter expression, regardless of whether tcpdump has read and processed them
yet, on other OSes it counts only packets that were matched by the filter expression regardless of
whether tcpdump has read and processed them yet, and on other OSes it counts only packets that were
matched by the filter expression and were processed by tcpdump);

packets ‘‘dropped by kernel’’ (this is the number of packets that were dropped, due to a lack of buffer
space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that
information to applications; if not, it will be reported as 0).

2.nc

我的命令：

nc -rn -kl port侦听端口

使用man nc可以得到nc命令的详细说明，下面是man nc的一部分

NAME
nc - arbitrary TCP and UDP connections and listens

DESCRIPTION
The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP. It can open TCP
connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4
and IPv6. Unlike telnet(1), nc scripts nicely, and separates error messages onto standard error instead of send-
ing them to standard output, as telnet(1) does with some.