tcpdump

One important difference with tcpdump is that, unlike iptrace, it can look at only one network interface at a time.

tcpdump的一个重要区别是，与iptrace不同，它一次只能查看一个网络接口。

互联网摘选

Tcpdump, for example, is not just a tool for diagnosing network problems, but is invaluable for understanding how the protocols work.

比如说Tcpdump吧，它不仅仅是一个诊断网络问题的工具，更是一个辅助理解协议原理的无价之宝。

互联网摘选

Another way to process the content from tcpdump is to save the raw network packet data to a file and then process the file to find and decode the information that you want.

处理来自tcpdump的另一个方法是将原始网络数据包数据保存到一个文件中，然后处理这个文件以便查找和解码出您想要的信息。

互联网摘选

The Net:: TcpDumpLog parses the raw network data saved by tcpdump.

TcpDumpLog会解析tcpdump所保存的原始网络数据。

互联网摘选

The tcpdump and tcpflow tools give you a huge number of options, including the ability to create complex filter expressions.

tcpdump和tcpflow工具有大量的选项，包括创建复杂过滤表达式的能力。

互联网摘选

Depending on the nature of the problem, it is sometimes good practice to run a tcpdump for a period of time while capturing packet information to a file using the-w switch.

根据问题的性质，有时候最好运行tcpdump一段时间，同时使用-w选项把数据包信息捕捉到文件中。

互联网摘选

S0 tells tcpdump that you want all data in every packet body.

s0告诉tcpdump您想得到每个数据包主体中的所有数据。

互联网摘选

A newer tool called tcpflow complements tcpdump and provides a way to do protocol flow analysis and to properly reconstruct data streams, regardless of packet order or retransmissions.

一个叫做tcpflow的新工具与tcpdump相辅相成，它提供协议流分析和适当地重构数据流的方法，而不管数据包的顺序或重发。

互联网摘选

You can also try the cross-platform tcpdump tool, which is supported on most UNIX and Linux operating systems.

您也可以尝试使用跨平台的tcpdump工具，它支持大多数的UNIX和Linux操作系统。

互联网摘选

There are a number of modules in different languages that provide functionality for reading and decoding the data captured by tcpdump and snoop.

有许多使用不同语言编写的模块具有读取和解码tcpdump和snoop捕捉的数据的功能。

互联网摘选

You used netstat and drilled down to the packet level using tracing tools, such as iptrace and tcpdump.

在本文中，您使用了netstat，并且使用iptrace和tcpdump等跟踪工具深入到了数据包级别。

互联网摘选

With tcpdump, you can also limit the amount of data to be traced.

使用tcpdump，您还可以限制要跟踪的数据的总量。

互联网摘选

If you want tcpdump to keep only a set number of bytes per packet, enter the number of bytes desired in place of zero here.

如果您想让tcpdump只保持每个数据包一定数量的字节，请输入所期望的字节数来代替此处的零。

互联网摘选

Using this basic framework you can perform more complex lookups and decoding that do not rely on the automated solutions provided by tcpdump or snoop.

通过使用这个基本的框架，您就能够执行不依赖于tcpdump或snoop的自动化解决方案的更复杂查询和解码。

互联网摘选

Tcpdump is an essential tool for exploring low-level packet exchanges and verifying that your firewall is working correctly.

tcpdump是研究低级信息包交换和验证防火墙是否正常工作的必备工具。

互联网摘选

The main benefit of tcpdump is that you can specify filters so that you can select only particular protocols, sources, destinations, ports and other combinations.

tcpdump的主要好处是可以指定过滤器，这样您就可以仅选择特定的协议、源、目标和端口等。

互联网摘选

Also, you do not need to use an ipreport type of command to format binary data, because tcpdump does the trace and the output.

另外，您不需要使用ipreport类型的命令来格式化二进制的数据，因为tcpdump将进行跟踪并产生格式化的输出。

互联网摘选

As shown in this article, using tools like tcpdump, snoop or iptrace, you can extract a wide range of data at the command line.

如本文所述，通过使用诸如tcpdump、snoop或iptrace的工具，您可以在命令行上提取大量的数据。

互联网摘选

In the UNIX world, useful tools are tcpdump, iftop, and bandwidth monitors such as wmnet.

在UNIX领域中，tcpdump、iftop和带宽监视工具（如wmnet）都是非常有价值的。

互联网摘选

For example, snoop and tcpdump both provide detailed information on different protocols under both UDP and TCP to varying levels.

例如，snoop和tcpdump都提供了关于UDP和TCP上不同协议的不同级别的详细信息。

互联网摘选

The message packets between client and server can be traced using the tcpdump command in AIX.

在AIX中，可以使用tcpdump命令跟踪客户机和服务器之间传输的消息包。

互联网摘选

The-i lo option tells tcpdump what interface to listen on ( the loopback device, in this case).

i lo选项告诉tcpdump要侦听哪个接口（在这个例子中要侦听回送设备）。

互联网摘选

The transaction between the client and server should be completed and then the tcpdump can be killed.

客户机和服务器之间的事务完成之后，可以停止tcpdump进程。

互联网摘选

Although, as already mentioned, tools like tcpdump, iptrace and snoop provide basic network analysis and decoding, there are GUI-based tools that make the process even easier.

虽然，正如之前提到的，诸如tcpdump、iptrace和snoop等工具都提供了基本的网络分析和解码功能，但是还有一些基于GUI的工具使这个过程更简单。

互联网摘选

You can do this either by typing an expression ( like those provided to tcpdump, snoop or iptrace) into the Filter box.

您可以通过在Filter输入框中输入一个表达式（类似于tcpdump、snoop或iptract）。

互联网摘选

Tcpdump continues to capture packets until you hit Ctrl+ C.

tcpdump将持续地捕获数据包，直到您键入Ctrl+C为止。

互联网摘选

You can monitor outgoing data sent from a particular adapter using tcpdump, which displays the content of each packet as it is sent.

可以使用tcpdump监视从特定适配器发送出的数据，这个命令在发送每个数据包时显示其内容。

互联网摘选

Instead of writing Snort rules or analyzing Tcpdump output, use Argus and some command-line switches to provide a minimal list of network connections.

本文并没有编写Snort规则或分析Tcpdump输出，而是使用Argus和一些命令行转换来提供最少的网络连接列表。

互联网摘选

The tcpdump command is much more feature rich than the simple examples shown here, so I recommend that you familiarize yourself with its man pages.

tcpdump命令的特性比这些简单的示例丰富得多，所以我建议您熟悉它的手册页。

互联网摘选

The tcpdump tool is an older tool that "sniffs" network packets from a network and either prints them to stdout or logs them to a file.

tcpdump工具是一个比较老的工具，它从网上“嗅探”网络数据包，打印到stdout或记录在一个文件中。

互联网摘选