我尝试查看是否通过一个接口获取 ping 数据包,但 tcpdump 什么都没显示。但是,一旦我停止它(Ctrl + C),所有数据包都会出现,摘要看起来不错。
例如:
11:49:45.486887 IP 11.0.0.1 > 11.0.0.9: ICMP echo reply, id 13532, seq 1, length 64
以下是摘要:
10 packets captured
10 packets received by filter
0 packets dropped by kernel
我通常可以“实时”看到流量,但我不明白为什么现在流量被隐藏了,除非我停止 tcpdump。有人能告诉我可能发生了什么吗?
答案1
您可能需要-l或-U选项。请参阅手册页中的信息...
-l Make stdout line buffered. Useful if you want to see the data
while capturing it.
...
-U is similar to -l in its behavior, but it will cause output to
be ``packet-buffered'', so that the output is written to stdout
at the end of each packet rather than at the end of each line;