tcpdump -X -s 0 -w test.cap port 1813 -X Print each packet (minus its link level header) in hex and ASCII. -s snaplen Setting snaplen to 0 means use the required length to catch whole packets. -w file Write the raw packets to file rather than parsing and printing them out.
然後在本地可以用Ethereal圖形化界面查看所抓到包的詳細信息。這在通過遠程登錄在服務器上工作的情況下特別有用,因為終端模式無法用圖形化工具抓包。