1.tcpdump -s 1024 -l -A dst www.cnn.com
2.
Type the following command at shell prompt:
# tcpdump -n -i eth0 -s 0 -w output.txt src or dst port 80
Where,
- -n : Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
- -i eth0 : Specify interface to capture data.
- -s 0 : Snarf snaplen[snapshot length] bytes of data from each packet rather than the default of 68. Setting to 0 means use the required length to catch whole packets.
- -w output.txt : Save data to output.txt file
- src or dst port 80 : Capture port 80.
11:04:31.674686 IP 10.1.246.215.61709 > 157.166.248.11.http: Flags [.], ack 1478957458, win 65535, length 0
.....C...(....E..(k.@.@.9/
.P/.2.X'..P...TU..
11:04:31.674907 IP 10.1.246.215.61709 > 157.166.248.11.http: Flags [P.], seq 0:369, ack 1, win 65535, length 369
.....C...(....E.....@.@...
.P/.2.X'..P...u\..GET / HTTP/1.1
Host: www.cnn.com
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-TW,zh;q=0.8,en-US;q=0.6,en;q=0.4
11:04:31.675385 IP 10.1.246.215.61710 > 157.166.248.11.http: Flags [.], ack 3228182788, win 65535, length 0
.....C...(....E..(2P@.@.q.
..........P..[?.j).P.......
11:04:32.087077 IP 10.1.246.215.61709 > 157.166.248.11.http: Flags [.], ack 426, win 65535, length 0