tcpdump

$ sudo yum install tcpdump
$ whereis tcpdump
tcpdump: /usr/sbin/tcpdump /usr/share/man/man8/tcpdump.8.gz

-i [interface name]
-w [file name]
-D, --list-interfaces: 네트워크 인터페이스 리스트 보기 (ifconfig)
-nn: 포트를 그대로 출력.
-vvv: Even more verbose output. For example, telnet SB … SE options are printed in full. With -X Telnet options are printed in hex as well.
-vv: Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB packets are fully decoded.
-A: Print each packet (minus its link level header) in ASCII. Handy for capturing web pages.
-X: When parsing and printing, in addition to printing the headers of each packet, print the data of each packet, including its link level header, in hex and ASCII.
https://jojoldu.tistory.com/316

$ sudo tcpdump -i eth1 -nn -vvv -A -w tcpdump1.pcap

pcap 파일 읽기

packet capture; pcap
패킷 캡쳐, 피캡
네트워크 트래픽 캡쳐 API 구성
네트워크 트래픽 포착용 API를 구성하는 소프트웨어
https://zetawiki.com/wiki/%EB%A6%AC%EB%88%85%EC%8A%A4_pcap_%ED%8C%8C%EC%9D%BC_%EB%B3%B4%EA%B8%B0

$ tcpdump -qns 0 -A -r 파일명
$ tcpdump -qns 0 -X -r 파일명