tcpdump高级使用和TCP/IP协议了解

1. 打印数据长度大于0的数据包

       To  print  all  IPv4  HTTP  packets to and from port 80, i.e. print only packets that contain data, not, for
       example, SYN and FIN packets and ACK-only packets.  (IPv6 is left as an exercise for the reader.)
              tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

 

 

posted @ 2023-01-08 00:17  littlevigra  阅读(51)  评论(0编辑  收藏  举报