问题描述

我希望tcpdump将原始数据包数据写入文件，并在捕获数据包时在标准输出中显示数据包分析(通过分析，我的意思是当-w丢失时它正常显示的行).有人可以告诉我该怎么做吗?

I want to have tcpdump write raw packet data into a file and display packet analysis in standard output as the packets are captured (by analysis I mean the lines it displays normally when -w is missing).Can anybody please tell me how to do that?

推荐答案

这是一种执行所需操作的简洁方法:

Here's a neat way to do what you want:

tcpdump -w - | tee somefile | tcpdump -r -

它的作用:

• -w -告诉tcpdump将二进制数据写入stdout
• tee将该二进制数据写入文件并写入其自己的stdout
• -r -告诉第二个tcpdump从其stdin
获取其数据

• -w - tells tcpdump to write binary data to stdout
• tee writes that binary data to a file AND to its own stdout
• -r - tells the second tcpdump to get its data from its stdin

这篇关于我如何让tcpdump写入文件并标准输出适当的数据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！