tcpdump

arp

# tcpdump
$ sudo tcpdump arp
$ sudo tcpdump arp -vv
# Wireshark
$ tshark -O arp -w log.pcap
# show
$ arp -n
$ ip -s -s neigh

# clear
$ sudo arp -d $IP
$ arp -n | awk '/^[1-9]/ {print "arp -d "$1}' | sudo sh
$ sudo ip -s -s neigh flush all

# request
$ sudo arping -I $INTERFACE -b $IP
$ ping $IP

用 tcpdump 攔截封包

所有

$ tcpdump
$ tcpdump -tttt -qn -vvv

UDP

tcpdump -tttt -qn -vvv udp
tcpdump -tttt -qn -vvv host 54.191.179.231 and udp
tcpdump -n udp dst portrange 40000-60000

寫成 pcap 檔

tcpdump -tttt -qn -vvv -w webrtc.pcap