Mac 패킷 캡쳐

OS/Mac OS 2016. 5. 10. 23:24

Getting Started With tcpdump

To get started with tcpdump, try the following command.

sudo tcpdump -i en0 -w trace.pcap

The elements of this command line are:

  • The sudo command causes tcpdump to run with privileges, which is necessary in order to capture network traffic.

  • The -i en0 option tells tcpdump to capture packets on the first Ethernet interface. By default, tcpdump will use the first non-loopback interface it can find (usually en0). To specify a different interface, just change en0 to the BSD name of that interface. For example, the AirPort interface is typically en1.

    To get a list of network interfaces and their user-visible names, run the networksetup tool with the -listallhardwareports argument.

  • The -w trace.pcap parameter tells tcpdump to write the packets to a file called trace.pcap.


Posted by 知彼知己百戰不殆
,