来源:http://blog.csdn.net/armeasy/article/details/6005703
tcp 0 1 10.12.4.24:717 10.12.13.11:2049 SYN_SENT
udp 0 0 10.12.4.24:37291 10.12.13.11:* ESTABLISHED
13:14:42.210567 IP 172.16.4.134.818 > 10.12.13.11.nfs: Flags [.], ack 3365250555, win 115, options [nop,nop,TS val 3321390889 ecr 298615938], length 0
13:14:42.210626 IP 172.16.4.134.1152395164 > 10.12.13.11.2049: 40 null
13:14:42.212157 IP 172.16.4.134.818 > 10.12.13.11.nfs: Flags [.], ack 37, win 115, options [nop,nop,TS val 3321390890 ecr 298615940], length 0
13:14:42.212236 IP 172.16.4.134.818 > 10.12.13.11.nfs: Flags [F.], seq 44, ack 37, win 115, options [nop,nop,TS val 3321390890 ecr 298615940], length 0
13:14:42.213883 IP 172.16.4.134.818 > 10.12.13.11.nfs: Flags [.], ack 38, win 115, options [nop,nop,TS val 3321390892 ecr 298615941], length 0
13:14:42.220327 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [S], seq 4275201135, win 14600, options [mss 1460,sackOK,TS val 3321390899 ecr 0,nop,wscale 7], length 0
13:14:42.222117 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [.], ack 2204017511, win 115, options [nop,nop,TS val 3321390900 ecr 298615949], length 0
13:14:42.228992 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [P.], seq 0:60, ack 1, win 115, options [nop,nop,TS val 3321390907 ecr 298615949], length 60
13:14:42.230805 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [.], ack 33, win 115, options [nop,nop,TS val 3321390909 ecr 298615958], length 0
13:14:42.230868 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [F.], seq 60, ack 33, win 115, options [nop,nop,TS val 3321390909 ecr 298615958], length 0
13:14:42.230930 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [S], seq 3487179920, win 14600, options [mss 1460,sackOK,TS val 3321390909 ecr 0,nop,wscale 7], length 0
13:14:42.232507 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [.], ack 34, win 115, options [nop,nop,TS val 3321390911 ecr 298615960], length 0
13:14:42.232658 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [.], ack 3914232987, win 115, options [nop,nop,TS val 3321390911 ecr 298615960], length 0
13:14:42.232731 IP 172.16.4.134.3326872918 > 10.12.13.11.2049: 40 null
13:14:42.234326 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [.], ack 29, win 115, options [nop,nop,TS val 3321390913 ecr 298615962], length 0
13:14:42.234387 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [F.], seq 44, ack 29, win 115, options [nop,nop,TS val 3321390913 ecr 298615962], length 0
13:14:42.234554 IP 172.16.4.134.41320 > 10.12.13.11.sunrpc: UDP, length 56
13:14:42.236058 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [.], ack 30, win 115, options [nop,nop,TS val 3321390914 ecr 298615963], length 0
13:14:42.236356 IP 172.16.4.134.33212 > 10.12.13.11.acp-proto: UDP, length 40
13:14:42.238234 IP 172.16.4.134.944 > 10.12.13.11.acp-proto: UDP, length 40
13:14:42.240047 IP 172.16.4.134.944 > 10.12.13.11.acp-proto: UDP, length 88
13:14:42.241996 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [S], seq 525024676, win 14600, options [mss 1460,sackOK,TS val 3321390920 ecr 0,nop,wscale 7], length 0
13:14:42.243782 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [.], ack 2351267448, win 115, options [nop,nop,TS val 3321390922 ecr 298615971], length 0
13:14:42.243809 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [P.], seq 0:88, ack 1, win 115, options [nop,nop,TS val 3321390922 ecr 298615971], length 88
13:14:42.245561 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [.], ack 33, win 115, options [nop,nop,TS val 3321390924 ecr 298615973], length 0
13:14:42.245592 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [F.], seq 88, ack 33, win 115, options [nop,nop,TS val 3321390924 ecr 298615973], length 0
13:14:42.245646 IP 172.16.4.134.846 > 10.12.13.11.nfs: Flags [S], seq 1850298836, win 14600, options [mss 1460,sackOK,TS val 3321390924 ecr 0,nop,wscale 7], length 0
13:14:42.247281 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [.], ack 34, win 115, options [nop,nop,TS val 3321390926 ecr 298615975], length 0
13:14:42.247581 IP 172.16.4.134.846 > 10.12.13.11.nfs: Flags [.], ack 2793687147, win 115, options [nop,nop,TS val 3321390926 ecr 298615975], length 0
13:14:42.247634 IP 172.16.4.134.822659610 > 10.12.13.11.2049: 40 null
13:14:42.249445 IP 172.16.4.134.846 > 10.12.13.11.nfs: Flags [.], ack 29, win 115, options [nop,nop,TS val 3321390928 ecr 298615977], length 0
13:14:42.250671 IP 172.16.4.134.839436826 > 10.12.13.11.2049: 40 null
13:14:42.252384 IP 172.16.4.134.856214042 > 10.12.13.11.2049: 108 fsinfo fh 0,64/1073741824
13:14:42.254330 IP 172.16.4.134.872991258 > 10.12.13.11.2049: 108 pathconf fh 0,64/1073741824
13:14:42.256247 IP 172.16.4.134.889768474 > 10.12.13.11.2049: 108 fsinfo fh 0,64/1073741824
13:14:42.297329 IP 172.16.4.134.846 > 10.12.13.11.nfs: Flags [.], ack 537, win 140, options [nop,nop,TS val 3321390976 ecr 298615985], length 0
其他好用的tcpdump命令
[root@monitor ~]# tcpdump tcp port 111 and dst host 10.12.13.11 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
13:32:30.070052 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags
[S], seq 3437328233, win 14600, options [mss 1460,sackOK,TS val
3322458748 ecr 0,nop,wscale 7], length 0
13:32:30.071842 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags
[.], ack 1251460408, win 115, options [nop,nop,TS val 3322458750 ecr
299683835], length 0
13:32:30.073784 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags
[P.], seq 0:60, ack 1, win 115, options [nop,nop,TS val 3322458752 ecr
299683835], length 60
13:32:30.075537 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags
[.], ack 33, win 115, options [nop,nop,TS val 3322458754 ecr 299683839],
length 0
13:32:30.075618 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags
[F.], seq 60, ack 33, win 115, options [nop,nop,TS val 3322458754 ecr
299683839], length 0
13:32:30.077275 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags
[.], ack 34, win 115, options [nop,nop,TS val 3322458755 ecr 299683841],
length 0
13:32:30.087082 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags
[S], seq 2174267455, win 14600, options [mss 1460,sackOK,TS val
3322458765 ecr 0,nop,wscale 7], length 0
13:32:30.088851 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags
[.], ack 3403567045, win 115, options [nop,nop,TS val 3322458767 ecr
299683852], length 0
13:32:30.088893 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags
[P.], seq 0:88, ack 1, win 115, options [nop,nop,TS val 3322458767 ecr
299683852], length 88
13:32:30.090598 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags
[.], ack 33, win 115, options [nop,nop,TS val 3322458769 ecr 299683854],
length 0
13:32:30.090637 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags
[F.], seq 88, ack 33, win 115, options [nop,nop,TS val 3322458769 ecr
299683854], length 0
13:32:30.092522 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags
[.], ack 34, win 115, options [nop,nop,TS val 3322458771 ecr 299683856],
length 0
tcpdump -i eht0 udp port 111 and dst host 10.12.13.11
13:21:29.656365 IP 172.16.4.134.42505 > 10.12.13.11.sunrpc: UDP, length 56