Linux抓包工具

tcpdump -i any host 1.203.80.138 port 8080 -w ./a.cap

host: 目的或源地址是1.203.80.138的网络数据
port: 目的或源端口是8080的网络数据
-w ./a.cap: 将抓包转换成wireshark工具识别的格式

3145573    2025-10-24 17:42:59.846258    10.240.102.205    10.240.19.207    TCP    80    [TCP Window Update] 80 → 55846 [ACK] Seq=6565 Ack=7845 Win=331 Len=0 TSval=2341661974 TSecr=2409802833 SLE=7532 SRE=7845

10.240.102.205 发送方
10.240.19.207 接收方
Seq=6565 10.240.102.205已经发送6565字节数据
Ack=7845 10.240.102.205已经接收7845字节数据
Win=331 10.240.102.205接收缓冲区还剩331字节