You can use -s after the data length to set the data display length: You can see that the result only shows a part of the https header, not the whole, because tcpdump truncates the displayed data length by default. For example, I want to display the content of the http header of the captured https data packet: If you want to display the content of the data packet, you need to use the -X parameter. Use the wireless network card wlan0 to monitor the tcp protocol on port 443 on the IP address of 172.16.86.111: If you do not use -i to define the monitoring adapter, the first one in the list will be used by default ģ.
Apt get install tcpdump full#
Tcpdump: verbose output suppressed, use -v or -vv for full protocol decode tcpdump -i, for example, if I want to monitor my wireless network card wlan0, use tcpdump -i tcpdump -i 2 tcpdump -D gets the list of network adapters, the following are the results obtained on tcpdump -DĨ.any (Pseudo-device that captures on all interfaces)Ģ. (If you encounter the problem of tcpdump: no suitable device found, check if you are running tcpdump with root privileges, tcpdump can only work under root privileges)ġ.
Apt get install tcpdump install#
If it is not installed, use sudo apt-get install tcpdump to download and install it. Ubuntu has installed the tcpdump tool by default. Today, I can’t handle installing wireshark on my Ubuntu virtual machine, so I have to take out the command line stuff again.