tcpdump

-n     Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.

-N     Don't print domain name qualification of host names.  E.g., if you give this flag then tcpdump  will  print
              ``nic'' instead of ``nic.ddn.mil''.

-v     When  parsing and printing, produce (slightly more) verbose output.  For example, the time to live, identi-
              fication, total length and options in an IP packet are printed.  Also enables additional  packet  integrity
              checks such as verifying the IP and ICMP header checksum.

              When writing to a file with the -w option, report, every 10 seconds, the number of packets captured.

       -vv    Even more verbose output.  For example, additional fields are printed from NFS reply packets, and SMB pack-
              ets are fully decoded.

       -vvv   Even more verbose output.  For example, telnet SB ... SE options are  printed  in  full.   With  -X  Telnet
              options are printed in hex as well.

host

dst/src host

-c 抓取包的個數

-w 將抓取的包寫入文件

tcpdump -vnN port 22

/usr/sbin/tcpdump -vnN -c 10000 -i eth0  -w /tmp/tcpdump_log 2>/dev/null