linux抓包

tcpdump -i em1 host 192.168.1.1 or host 192.168.1.2 -w  111.pcap

tcpdump -i eth1

监听指定网络端口的数据，eth1是具体网卡

 

tcpdump host 192.168.1.1

监听指定IP

 

tcpdump host 192.168.1.1 or host 192.168.1.2

监听多个指定IP

 

tcpdump -i em1 host 192.168.1.1 or host 192.168.1.2 -w  111.pcap

监听通过em1端口的多个指定地址，保存为111.pcap文件