Content #
tcpdump -w file.pcap 'tcp[tcpflags]&(tcp-rst) != 0'
如果是用偏移量的写法,会是下面这样:
tcpdump -w file.pcap 'tcp[13]&4 != 0'
Viewpoints #
From #
02 | 抓包分析技术初探:你会用tcpdump和Wireshark吗?
抓取TCP RST报文
October 27, 2023
抓取TCP RST报文
October 27, 2023
October 27, 2023