listen on the specified udp port with -n which tells tcpdump not to reverse lookup IPs Capture packets that are less than 52 bytes in a detailed format viewable by wireshark tcpdump -i any -n less 52 -w /root/kr3.log -s0 -vvv capture SYN and FIN packets only tcpdump -i any -n "tcp[tcpflags] & (tcp-syn | tcp-fin) != 0" |
Linux >