首先查看當前設備上有幾個網卡

#ifconfig em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 172.20.1.232 netmask 255.255.255.0 broadcast 172.20.1.255inet6 fe80::569f:35ff:fe1d:90ce prefixlen 64 scopeid 0x20<link>ether 54:9f:35:1d:90:ce txqueuelen 1000 (Ethernet)RX packets 41967785 bytes 12381472598 (11.5 GiB)RX errors 0 dropped 9565 overruns 0 frame 0TX packets 10415926 bytes 5771086680 (5.3 GiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0device interrupt 16 em2: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500ether 54:9f:35:1d:90:d0 txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0device interrupt 17 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 0 (Local Loopback)RX packets 6733776 bytes 5017337440 (4.6 GiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 6733776 bytes 5017337440 (4.6 GiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

使用tcpdump命令，如果我們想查看網卡em1上的通信包，就添加參數-i em1；tcp port 554指的是過濾條件，多個過濾條件之間用and連接。

#tcpdump -i em1 tcp port 554 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes 14:32:21.535221 IP 172.20.1.177.49444 > 172.20.1.232.rtsp: Flags [S], seq 773779494, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:32:21.535286 IP 172.20.1.232.rtsp > 172.20.1.177.49444: Flags [R.], seq 0, ack 773779495, win 0, length 0 14:32:22.034397 IP 172.20.1.177.49444 > 172.20.1.232.rtsp: Flags [S], seq 773779494, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:32:22.034456 IP 172.20.1.232.rtsp > 172.20.1.177.49444: Flags [R.], seq 0, ack 1, win 0, length 0 14:32:22.538449 IP 172.20.1.177.49444 > 172.20.1.232.rtsp: Flags [S], seq 773779494, win 8192, options [mss 1460,nop,nop,sackOK], length 0 14:32:22.538494 IP 172.20.1.232.rtsp > 172.20.1.177.49444: Flags [R.], seq 0, ack 1, win 0, length 0 14:32:22.538924 IP 172.20.1.177.49447 > 172.20.1.232.rtsp: Flags [S], seq 1476281833, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:32:22.538964 IP 172.20.1.232.rtsp > 172.20.1.177.49447: Flags [R.], seq 0, ack 1476281834, win 0, length 0 14:32:23.048457 IP 172.20.1.177.49447 > 172.20.1.232.rtsp: Flags [S], seq 1476281833, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:32:23.048529 IP 172.20.1.232.rtsp > 172.20.1.177.49447: Flags [R.], seq 0, ack 1, win 0, length 0 14:32:23.548504 IP 172.20.1.177.49447 > 172.20.1.232.rtsp: Flags [S], seq 1476281833, win 8192, options [mss 1460,nop,nop,sackOK], length 0 14:32:23.548560 IP 172.20.1.232.rtsp > 172.20.1.177.49447: Flags [R.], seq 0, ack 1, win 0, length 0 14:32:23.558961 IP 172.20.1.177.49452 > 172.20.1.232.rtsp: Flags [S], seq 1537317808, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:32:23.559010 IP 172.20.1.232.rtsp > 172.20.1.177.49452: Flags [R.], seq 0, ack 1537317809, win 0, length 0 14:32:24.068521 IP 172.20.1.177.49452 > 172.20.1.232.rtsp: Flags [S], seq 1537317808, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:32:24.068578 IP 172.20.1.232.rtsp > 172.20.1.177.49452: Flags [R.], seq 0, ack 1, win 0, length 0 14:32:24.568551 IP 172.20.1.177.49452 > 172.20.1.232.rtsp: Flags [S], seq 1537317808, win 8192, options [mss 1460,nop,nop,sackOK], length 0 14:32:24.568606 IP 172.20.1.232.rtsp > 172.20.1.177.49452: Flags [R.], seq 0, ack 1, win 0, length 0

tcpdump命令需要在root用戶下執行。如果想要保存通信報文，可將輸出結果重定向到一個snoop文件。snoop文件可以用wireshark等工具軟件打開。

總結

以上是生活随笔為你收集整理的Linux抓包的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。