举例:抓本机1813端口上的数据,并将抓包结果保存在test.cap文件中
引用:tcpdump -X -s 0 -w test.cap port 1813
-X Print each packet (minus its link level header) in hex and ASCII.
-s snaplen Setting snaplen to 0 means use the required length to catch whole packets.
-w file Write the raw packets to file rather than parsing and printing them out.
然后在本地可以用Ethereal图形化界面查看所抓到包的详细信息。这在通过远程登录在服务器上工作的情况下特别有用,因为终端模式无法用图形化工具抓包。