To capture only TCP SYN packets:
# tcpdump -i <interface> "tcp[tcpflags] & (tcp-syn) != 0"
To capture only TCP ACK packets:
# tcpdump -i <interface> "tcp[tcpflags] & (tcp-ack) != 0"
To capture only TCP FIN packets:
# tcpdump -i <interface> "tcp[tcpflags] & (tcp-fin) != 0"
To capture only TCP SYN or ACK packets:
# tcpdump -r <interface> "tcp[tcpflags] & (tcp-syn|tcp-ack) != 0"
H
0 개의 댓글