1.tcpdump

我的命令：

tcpdump -s0 -x -i eth0 host 192.168.5.21 or host 192.168.5.22 -w wd.cap抓取IP为192.168.5.21和192.168.5.22的包，以wd.cap名称进行保存

tcpdump -s0 -i any udp port 8500 or port 8600

tcpdump -s0 -x host 192.168.16.139

抓包结束时，使用Ctrl+z

sz wd.cap，使用sz命令将wd.cap的包放到“..\SecureCRT\download”命令下（用的SecureCRT运行的linux）

使用wireshark可以打开抓取到的包 

使用man tcpdump可以得到tcpdump命令的详细说明，下面是man tcpdump的一部分

NAME
       tcpdump - dump traffic on a network

DESCRIPTION
       Tcpdump  prints  out  the  headers of packets on a network interface that match the boolean expression.  It can
       also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with
       the -r flag, which causes it to read from a saved packet file rather than to read packets from a network inter-
       face.  In all cases, only packets that match expression will be processed by tcpdump.

       Tcpdump will, if not run with the -c flag, continue capturing packets until it is interrupted by a SIGINT  sig-
       nal (generated, for example, by typing your interrupt character, typically control-C) or a SIGTERM signal (typ-
       ically generated with the kill(1) command); if run with the -c flag, it will capture packets until it is inter-
       rupted by a SIGINT or SIGTERM signal or the specified number of packets have been processed.

       When tcpdump finishes capturing packets, it will report counts of:

              packets ‘‘captured’’ (this is the number of packets that tcpdump has received and processed);

              packets  ‘‘received  by filter’’ (the meaning of this depends on the OS on which you’re running tcpdump,
              and possibly on the way the OS was configured - if a filter was specified on the command line,  on  some
              OSes  it  counts  packets  regardless of whether they were matched by the filter expression and, even if
              they were matched by the filter expression, regardless of whether tcpdump has read  and  processed  them
              yet,  on  other  OSes  it  counts  only packets that were matched by the filter expression regardless of
              whether tcpdump has read and processed them yet, and on other OSes it  counts  only  packets  that  were
              matched by the filter expression and were processed by tcpdump);

              packets  ‘‘dropped by kernel’’ (this is the number of packets that were dropped, due to a lack of buffer
              space, by the packet capture mechanism in the OS on which tcpdump is running, if  the  OS  reports  that
              information to applications; if not, it will be reported as 0).

2.nc

我的命令：

nc -rn -kl port侦听端口

使用man nc可以得到nc命令的详细说明，下面是man nc的一部分

NAME
     nc - arbitrary TCP and UDP connections and listens

DESCRIPTION
     The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP.  It can open TCP
     connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4
     and IPv6.  Unlike telnet(1), nc scripts nicely, and separates error messages onto standard error instead of send-
     ing them to standard output, as telnet(1) does with some.