tcpdump常用命令

1. 只抓syn包

 tcpdump -i eth1 'tcp[tcpflags] = tcp-syn'

 2. 只抓ack包

tcpdump -nni xgbe1 dst host 191.168.100.199  and tcp  and 'tcp[tcpflags] & (tcp-ack) != 0' and 'tcp[tcpflags] & (tcp-fin|tcp-syn|tcp-push|tcp-rst) == 0'