Analyze TCP packet headers using tcpdump

-E Each packet intercepted shows the link layer header: source MAC address > destination MAC address, Ethernet type IPV4 (0X0800), packet data length. -n Do not address into a name: show ip address instead of the host name and port number -nn Do agreement into a service name: for example, display port 80 instead of HTTP

-x to 16 in the form of a decimal number to display each message (after removing the link layer header) may exhibit less complete message example:. #tcpdump -ennx -c 1

-xx hexadecimal The number format displays each message (including the link layer header) -X displays each message in hexadecimal notation (without the link layer header) and displays the ASCII code. -XX displays each message in hexadecimal (including the link layer header) and displays the ASCII code. -s Redefines the size of the intercepted packet. The default value is 96 (or 68). If it is defined as 0, it means that the complete packet is obtained. This parameter should be as small as possible, especially in a busy network environment. -w Outputs the intercepted message to a file. -r Reads a message from a file. Example: #tcpdump -en -s 0 -XX -i eth0 host www.sina.com.cn -w telnet.out2 Outputs the intercepted message to the file telnet.out2. Example: #tcpdump -en -s 0 -XX -i eth0 host www.sina.com.cn -r telnet.out2 Read messages from telnet.out2