如果我使用它是否会产生更详细的输出
tcpdump -vvv -w FILENAME
与如果我使用:
tcpdump -w FILENAME
或者在使用“-w FILENAME”时使用“-vvv”没有任何意义?
不,我不这么认为,从联机帮助页:
-w Write the raw packets to file rather than parsing and printing
them out. They can later be printed with the -r option. Stan?
dard output is used if file is ``-''.
——注意“原始数据包”——
-v When parsing and printing, produce (slightly more) verbose out?
put. [...]
When writing to a file with the -w option, report, every 10 sec?
onds, the number of packets captured.
因此,有意义的是使用tcpdump -vvv -r FILENAME解析和打印写入的内容FILENAME——原始数据包。