如何让 tcpdump 将其捕获的每个数据包写入文件？

Question

-U将选项与选项结合使用-w，并检查您是否拥有支持的 libcap 版本pcap_dump_flush()。从手册页（版本 4.3.0-1）：

   -U     If  the  -w  option  is  not  specified,  make  the  printed packet output ``packet-
          buffered''; i.e., as the description of the contents of each packet is  printed,  it
          will be written to the standard output, rather than, when not writing to a terminal,
          being written only when the output buffer fills.

          If the -w option is specified, make the saved raw packet output ``packet-buffered'';
          i.e.,  as  each  packet is saved, it will be written to the output file, rather than
          being written only when the output buffer fills.

          The -U flag will not be supported if tcpdump was built  with  an  older  version  of
          libpcap that lacks the pcap_dump_flush() function.

Answer 1

-U将选项与选项结合使用-w，并检查您是否拥有支持的 libcap 版本pcap_dump_flush()。从手册页（版本 4.3.0-1）：

   -U     If  the  -w  option  is  not  specified,  make  the  printed packet output ``packet-
          buffered''; i.e., as the description of the contents of each packet is  printed,  it
          will be written to the standard output, rather than, when not writing to a terminal,
          being written only when the output buffer fills.

          If the -w option is specified, make the saved raw packet output ``packet-buffered'';
          i.e.,  as  each  packet is saved, it will be written to the output file, rather than
          being written only when the output buffer fills.

          The -U flag will not be supported if tcpdump was built  with  an  older  version  of
          libpcap that lacks the pcap_dump_flush() function.

如何让 tcpdump 将其捕获的每个数据包写入文件？

答案1

相关内容