1
2
3
4
5
6

tcpdump -i bond0 port 8716
tcpdump -i bond0 host 10.248.13.11 and port 18009 -w 20150804.pcap
tcpdump -i bond0 host 10.27.10.140 or 10.27.10.141 or 10.27.10.142 -w new_memc.pcap

# 解析报文 - 只能简单解析
tcpdump -i bond0 port 8716 -A

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

http.response.code==500

http.request.method=="GET"              # 请求方法类型
http.request.method==POST

http.request.uri matches "V4=..1"       # 正则

http.request                            # 过滤所有的http请求
http.request==1

http.request.uri=="/online/setpoint"
http.request.uri contains "/dll/test.htm?"
http.request.full_uri=="http://task.xxxx.xxxx.cn/online/setpoint"