TCPDUMP Command Examples
tcpdump command is also called as packet analyzer.
tcpdump command will work on most flavors of unix operating system. tcpdump allows us to save the packets that are captured, so that we can use it for future analysis. The saved file can be viewed by the same tcpdump command. We can also use open source software like wireshark to read the tcpdump pcap files.
In this tcpdump tutorial, let us discuss some practical examples on how to use the tcpdump command.
1. Capture packets from a particular ethernet interface using tcpdump -i
When you execute tcpdump command without any option, it will capture
all the packets flowing through all the interfaces. -i option with
tcpdump command, allows you to filter on a particular ethernet
interface.
$ tcpdump -i eth1
14:59:26.608728 IP xx.domain.netbcp.net.52497 > valh4.lell.net.ssh: . ack 540 win 16554
14:59:26.610602 IP resolver.lell.net.domain > valh4.lell.net.24151: 4278 1/0/0 (73)
14:59:26.611262 IP valh4.lell.net.38527 > resolver.lell.net.domain: 26364+ PTR? 244.207.104.10.in-addr.arpa. (45)
In this example, tcpdump captured all the packets flows in the interface eth1 and displays in the standard output.
Note: Editcap utility is used to select or remove specific packets from dump file and translate them into a given format.
2. Capture only N number of packets using tcpdump -c
When you execute tcpdump command it gives packets until you cancel the tcpdump command. Using -c option you can specify the number of packets to capture.
$ tcpdump -c 2 -i eth0
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:38:38.184913 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 1457255642:1457255758(116) ack 1561463966 win 63652
14:38:38.690919 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 116:232(116) ack 1 win 63652
2 packets captured
13 packets received by filter
0 packets dropped by kernel
The above tcpdump command captured only 2 packets from interface eth0.
Note:Mergecap and TShark: Mergecap is a packet dump combining tool, which will combine multiple dumps into a single dump file. Tshark is a powerful tool to capture network packets, which can be used to analyze the network traffic. It comes with wireshark network analyzer distribution.
3. Display Captured Packets in ASCII using tcpdump -A
The following tcpdump syntax prints the packet in ASCII.
$ tcpdump -A -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:34:50.913995 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 1457239478:1457239594(116) ack 1561461262 win 63652
E.....@.@..]..i...9...*.V...]...P....h....E...>{..U=...g.
......G..7\+KA....A...L.
14:34:51.423640 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 116:232(116) ack 1 win 63652
E.....@.@..\..i...9...*.V..*]...P....h....7......X..!....Im.S.g.u:*..O&....^#Ba...
E..(R.@.|.....9...i.*...]...V..*P..OWp........
Note: Ifconfig command is used to configure network interfaces
4. Display Captured Packets in HEX and ASCII using tcpdump -XX
Some users might want to analyse the packets in hex values. tcpdump provides a way to print packets in both ASCII and HEX format.
$tcpdump -XX -i eth0
18:52:54.859697 IP zz.domain.innetbcp.net.63897 > valh4.lell.net.ssh: . ack 232 win 16511
0x0000: 0050 569c 35a3 0019 bb1c 0c00 0800 4500 .PV.5.........E.
0x0010: 0028 042a 4000 7906 c89c 10b5 aaf6 0f9a .(.*@.y.........
0x0020: 69c4 f999 0016 57db 6e08 c712 ea2e 5010 i.....W.n.....P.
0x0030: 407f c976 0000 0000 0000 0000 @..v........
18:52:54.877713 IP 10.0.0.0 > all-systems.mcast.net: igmp query v3 [max resp time 1s]
0x0000: 0050 569c 35a3 0000 0000 0000 0800 4600 .PV.5.........F.
0x0010: 0024 0000 0000 0102 3ad3 0a00 0000 e000 .$......:.......
0x0020: 0001 9404 0000 1101 ebfe 0000 0000 0300 ................
0x0030: 0000 0000 0000 0000 0000 0000 ............
5. Capture the packets and write into a file using tcpdump -w
tcpdump allows you to save the packets to a file, and later you can use the packet file for further analysis.
$ tcpdump -w 08232010.pcap -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
32 packets captured
32 packets received by filter
0 packets dropped by kernel
-w option writes the packets into a given file. The file extension should be .pcap, which can be read by any network protocol
analyzer.
6. Reading the packets from a saved file using tcpdump -r
You can read the captured pcap file and view the packets for analysis, as shown below.
$tcpdump -tttt -r data.pcap
2010-08-22 21:35:26.571793 00:50:56:9c:69:38 (oui Unknown) > Broadcast, ethertype Unknown (0xcafe), length 74:
0x0000: 0200 000a ffff 0000 ffff 0c00 3c00 0000 ............<...
0x0010: 0000 0000 0100 0080 3e9e 2900 0000 0000 ........>.).....
0x0020: 0000 0000 ffff ffff ad00 996b 0600 0050 ...........k...P
0x0030: 569c 6938 0000 0000 8e07 0000 V.i8........
2010-08-22 21:35:26.571797 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.50570: P 800464396:800464448(52) ack 203316566 win 71
2010-08-22 21:35:26.571800 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.50570: P 52:168(116) ack 1 win 71
2010-08-22 21:35:26.584865 IP valh5.lell.net.ssh > 11.154.12.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADC
7. Capture packets with IP address using tcpdump -n
In all the above examples, it prints packets with the DNS address, but not the ip address. The following example captures the packets and it will display the IP address of the machines involved.
$ tcpdump -n -i eth0
15:01:35.170763 IP 10.0.19.121.52497 > 11.154.12.121.ssh: P 105:157(52) ack 18060 win 16549
15:01:35.170776 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 23988:24136(148) ack 157 win 113
15:01:35.170894 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 24136:24380(244) ack 157 win 113
8. Capture packets with proper readable timestamp using tcpdump -tttt
$ tcpdump -n -tttt -i eth0 2010-08-22 15:10:39.162830 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 49800 win 16390
2010-08-22 15:10:39.162833 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 50288 win 16660
2010-08-22 15:10:39.162867 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 50584 win 16586
9. Read packets longer than N bytes
You can receive only the packets greater than n number of bytes using a filter ‘greater’ through tcpdump command
$ tcpdump -w g_1024.pcap greater 1024
10. Receive only the packets of a specific protocol type
You can receive the packets based on the protocol type. You can specify one of these protocols — fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. The following example captures only arp packets flowing through the eth0 interface.
$ tcpdump -i eth0 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:41:52.809642 arp who-has valh5.lell.net tell valh9.lell.net
19:41:52.863689 arp who-has 11.154.12.1 tell valh6.lell.net
19:41:53.024769 arp who-has 11.154.12.1 tell valh7.lell.net
11. Read packets lesser than N bytes
You can receive only the packets lesser than n number of bytes using a filter ‘less’ through tcpdump command
$ tcpdump -w l_1024.pcap less 1024
12. Receive packets flows on a particular port using tcpdump port
If you want to know all the packets received by a particular port on a machine, you can use tcpdump command as shown below.
$ tcpdump -i eth0 port 22
19:44:44.934459 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 18932:19096(164) ack 105 win 71
19:44:44.934533 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 19096:19260(164) ack 105 win 71
19:44:44.934612 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 19260:19424(164) ack 105 win 71
13. Capture packets for particular destination IP and Port
The packets will have source and destination IP and port numbers. Using tcpdump we can apply filters on source or destination IP and port number. The following command captures packets flows in eth0, with a particular destination ip and port number 22.
$ tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22
14. Capture TCP communication packets between two hosts
If two different process from two different machines are communicating through tcp protocol, we can capture those packets using tcpdump as shown below.
$tcpdump -w comm.pcap -i eth0 dst 16.181.170.246 and port 22
You can open the file comm.pcap using any network protocol analyzer tool to debug any potential issues.
15. tcpdump Filter Packets – Capture all the packets other than arp and rarp
In tcpdump command, you can give “and”, “or” and “not” condition to filter the packets accordingly.
$ tcpdump -i eth0 not arp and not rarp
20:33:15.479278 IP resolver.lell.net.domain > valh4.lell.net.64639: 26929 1/0/0 (73)
20:33:15.479890 IP valh4.lell.net.16053 > resolver.lell.net.domain: 56556+ PTR? 255.107.154.15.in-addr.arpa. (45)
20:33:15.480197 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 540:1504(964) ack 1 win 96
20:33:15.487118 IP zz.domain.innetbcp.net.63897 > valh4.lell.net.ssh: . ack 540 win 16486
20:33:15.668599 IP 10.0.0.0 > all-systems.mcast.net: igmp query v3 [max resp time 1s] -----------------------------------
tcpdump
is the premier network analysis tool for information security professionals. Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP. Many prefer to use higher level analysis tools such as Ethereal Wireshark, but I believe this to usually be a mistake.
In a discipline so dependent on a true understanding of concepts vs. rote learning, it's important to stay fluent in the underlying mechanics of the TCP/IP suite. A thorough grasp of these protocols allows one to troubleshoot at a level far beyond the average analyst, but mastery of the protocols is only possible through continued exposure to them.
When using a tool that displays network traffic a more natural (raw) way the burden of analysis is placed directly on the human rather than the application. This approach cultivates continued and elevated understanding of the TCP/IP suite, and for this reason I strongly advocate using tcpdump
instead of other tools whenever possible.
15:31:34.079416 IP (tos 0x0, ttl 64, id 20244, offset 0, flags [DF],
proto: TCP (6), length: 60) source.35970 > dest.80: S, cksum 0x0ac1
(correct), 2647022145:2647022145(0) win 5840 0x0000: 4500 003c 4f14 4000
4006 7417 0afb 0257 E.. 0x0010: 4815 222a 8c82 0050 9dc6 5a41 0000
0000 H."*...P..ZA.... 0x0020: a002 16d0 0ac1 0000 0204 05b4
0402 080a ................ 0x0030: 14b4 1555 0000 0000 0103 0302
Options
Below are a few options (with examples) that will help you greatly when working with the tool. They're easy to forget and/or confuse with other types of filters, i.e. ethereal, so hopefully this page can serve as a reference for you, as it does me.
First off, I like to add a few options to the tcpdump
command itself, depending on what I'm looking at. The first of these is -n, which requests that names are not resolved, resulting in the IPs themselves always being displayed. The second is -X, which displays both hex and ascii content within the packet. The final one is -S, which changes the display of sequence numbers to absolute rather than relative. The idea there is that you can't see weirdness in the sequence numbers if they're being hidden from you. Remember, the advantage of using tcpdump
vs. another tool is getting manual interaction with the packets.
It's also important to note that tcpdump
only takes the first 68 96 bytes of data from a packet by default. If you would like to look at more, add the -s number option to the mix, where number is the number of bytes you want to capture. I recommend using 0 (zero) for a snaplength, which gets everything. Here's a short list of the options I use most:
-i any
: Listen on all interfaces just to see if you're seeing any traffic.-n
: Don't resolve hostnames.-nn
: Don't resolve hostnames or port names.-X
: Show the packet's contents in both hex and ASCII.-XX
: Same as-X
, but also shows the ethernet header.-v, -vv, -vvv
: Increase the amount of packet information you get back.-c
: Only get x number of packets and then stop.-s
: Define the snaplength (size) of the capture in bytes. Use-s0
to get everything, unless you are intentionally capturing less.-S
: Print absolute sequence numbers.-e
: Get the ethernet header as well.-q
: Show less protocol information.-E
: Decrypt IPSEC traffic by providing an encryption key.
[ The default snaplength as of tcpdump
4.0 has changed from 68 bytes to 96 bytes. While this will give you more of a packet to see, it still won't get everything. Use -s 1514
to get full coverage ]
Basic Usage
So, based on the kind of traffic I'm looking for, I use a different combination of options to tcpdump
, as can be seen below:
- Basic communication // see the basics without many options
# tcpdump -nS
- Basic communication (very verbose) // see a good amount of traffic, with verbosity and no name help
# tcpdump -nnvvS
- A deeper look at the traffic // adds -X for payload but doesn't grab any more of the packet
# tcpdump -nnvvXS
- Heavy packet viewing // the final "s" increases the snaplength, grabbing the whole packet
# tcpdump -nnvvXSs 1514
Here's a capture of exactly two (-c2
) ICMP packets (a ping and pong) using some of the options described above. Notice how much we see about each packet.
hermes root # tcpdump -nnvXSs 0 -c2 icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), 23:11:10.370321 IP
(tos 0x20, ttl 48, id 34859, offset 0, flags [none], length: 84)
69.254.213.43 > 72.21.34.42: icmp 64: echo request seq 0 0x0000: 4520 0054 882b 0000 3001 7cf5 45fe d52b E..T.+..0.|.E..+
0x0010: 4815 222a 0800 3530 272a 0000 25ff d744 H."*..50'*..%..D
0x0020: ae5e 0500 0809 0a0b 0c0d 0e0f 1011 1213 .^..............
0x0030: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050: 3435 3637 4567
23:11:10.370344 IP (tos 0x20, ttl 64, id 35612, offset 0, flags [none],
length: 84) 72.21.34.42 > 69.254.213.43: icmp 64: echo reply seq 0
0x0000: 4520 0054 8b1c 0000 4001 6a04 4815 222a E..T....@.j.H."*
0x0010: 45fe d52b 0000 3d30 272a 0000 25ff d744 E..+..=0'*..%..D
0x0020: ae5e 0500 0809 0a0b 0c0d 0e0f 1011 1213 .^..............
0x0030: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050: 3435 3637 4567
2 packets captured
2 packets received by filter
0 packets dropped by kernel
hermes root #
Common Syntax
Expressions allow you to trim out various types of traffic and find exactly what you're looking for. Mastering the expressions and learning to combine them creatively is what makes one truly powerful with tcpdump
. There are three main types of expression: type
, dir
, and proto
.
Type options are host
, net
, and port
. Direction is indicated by dir
, and there you can have src
, dst
, src or dst
, and src and dst
. Here are a few that you should definitely be comfortable with:
host
// look for traffic based on IP address (also works with hostname if you're not using -n)# tcpdump host 1.2.3.4
src
,dst
// find traffic from only a source or destination (eliminates one side of a host conversation)# tcpdump src 2.3.4.5
# tcpdump dst 3.4.5.6
net
// capture an entire network using CIDR notation# tcpdump net 1.2.3.0/24
proto
// works for tcp, udp, and icmp. Note that you don't have to typeproto
# tcpdump icmp
port
// see only traffic to or from a certain port# tcpdump port 3389
src, dst port
// filter based on the source or destination port# tcpdump src port 1025
# tcpdump dst port 389
src/dst, port, protocol
// combine all three# tcpdump src port 1025 and tcp
# tcpdump udp and src port 53
You also have the option to filter by a range of ports instead of declaring them individually, and to only see packets that are above or below a certain size.
- Port Ranges // see traffic to any port in a range
tcpdump portrange 21-23
- Packet Size Filter // only see packets below or above a certain size (in bytes)
tcpdump less 32
tcpdump greater 128
[ You can use the symbols for less than, greater than, and less than or equal / greater than or equal signs as well. ]
// filtering for size using symbols
tcpdump > 32
tcpdump <= 128
Writing to a File
tcpdump
allows you to send what you're capturing to a file for later use using the -w
option, and then to read it back using the -r
option. This is an excellent way to capture raw traffic and then run it through various tools later.
The traffic captured in this way is stored in tcpdump
format, which is pretty much universal in the network analysis space. This means it can be read in by all sorts of tools, including Wireshark, Snort, etc.
Capture all Port 80 Traffic to a File
# tcpdump -s 1514 port 80 -w capture_file
Then, at some point in the future, you can then read the traffic back in like so:
Read Captured Traffic back into tcpdump
# tcpdump -r capture_file
Getting Creative
Expressions are nice, but the real magic of tcpdump
comes from the ability to combine them in creative ways in order to isolate exactly what you're looking for. There are three ways to do combinations, and if you've studied computers at all they'll be pretty familar to you:
- AND
and
or&&
- OR
or
or||
- EXCEPT
not
or!
More Examples
# TCP traffic from 10.5.2.3 destined for port 3389
tcpdump -nnvvS and src 10.5.2.3 and dst port 3389
# Traffic originating from the 192.168 network headed for the 10 or 172.16 networks
tcpdump -nvX src net 192.168.0.0/16 and dst net 10.0.0.0/8 or 172.16.0.0/16
# Non-ICMP traffic destined for 192.168.0.2 from the 172.16 network
tcpdump -nvvXSs 1514 dst 192.168.0.2 and src net and not icmp
# Traffic originating from Mars or Pluto that isn't to the SSH port
tcpdump -vv src mars and not dst port 22
As you can see, you can build queries to find just about anything you need. The key is to first figure out precisely what you're looking for and then to build the syntax to isolate that specific type of traffic.
Grouping
Also keep in mind that when you're building complex queries you might
have to group your options using single quotes. Single quotes are used
in order to tell tcpdump
to ignore certain special
characters -- in this case the "( )" brackets. This same technique can
be used to group using other expressions such as host
, port
, net
, etc. Take a look at the command below:
# Traffic that's from 10.0.2.4 AND destined for ports 3389 or 22 (incorrect)
tcpdump src 10.0.2.4 and (dst port 3389 or 22)
If you tried to run this otherwise very useful command, you'd get an
error because of the parenthesis. You can either fix this by escaping
the parenthesis (putting a \ before each one), or by putting the entire
command within single quotes:
# Traffic that's from 10.0.2.4 AND destined for ports 3389 or 22 (correct)
tcpdump 'src 10.0.2.4 and (dst port 3389 or 22)'
Advanced
You can also filter based on specific portions of a packet, as well
as combine multiple conditions into groups. The former is useful when
looking for only SYNs or RSTs, for example, and the latter for even more
advanced traffic isolation.
[ Hint: An anagram for the TCP flags: Unskilled Attackers Pester Real Security Folk ]
Show me all URGENT (URG) packets...
# tcpdump 'tcp[13] & 32!=0'
Show me all ACKNOWLEDGE (ACK) packets...
# tcpdump 'tcp[13] & 16!=0'
Show me all PUSH (PSH) packets...
# tcpdump 'tcp[13] & 8!=0'
Show me all RESET (RST) packets...
# tcpdump 'tcp[13] & 4!=0'
Show me all SYNCHRONIZE (SYN) packets...
# tcpdump 'tcp[13] & 2!=0'
Show me all FINISH (FIN) packets...
# tcpdump 'tcp[13] & 1!=0'
Show me all SYNCHRONIZE/ACKNOWLEDGE (SYNACK) packets...
# tcpdump 'tcp[13]=18'
[ Note: Only the PSH, RST, SYN, and FIN flags are displayed in tcpdump
's flag field output. URGs and ACKs are displayed, but they are shown elsewhere in the output rather than in the flags field ]
Keep in mind the reasons these filters work. The filters above find these various packets because tcp[13]
looks at offset 13 in the TCP header, the number represents the location within the byte, and the !=0 means that the flag in question is set to 1, i.e. it's on.
As with most powerful tools, however, there are multiple ways to do
things. The example below shows another way to capture packets with
specific TCP flags set.
Capture TCP Flags Using the tcpflags
Option...
# tcpdump 'tcp[tcpflags] & & tcp-syn != 0'
Specialized Traffic
Finally, there are a few quick recipes you'll want to remember for
catching specific and specialized traffic, such as IPv6 and
malformed/likely-malicious packets.
IPv6 traffic
# tcpdump ip6
Packets with both the RST and SYN flags set (why?)
# tcpdump 'tcp[13] = 6'
Traffic with the 'Evil Bit' Set
# tcpdump 'ip[6] & 128 != 0'
Conclusion
Well, this primer should get you going strong, but the man page
should always be handy for the most advanced and one-off usage
scenarios. I truly hope this has been useful to you, and feel free to contact me if you have any questions. ::
----------------------------------------------------------------
tcpdump and IPv6
- not connected with Facebook
- not connected with Twitter
- not connected with Google+
- Einstellungen
Published: 2011-10-23,
Last Updated: 2011-10-23 23:24:07 UTC
by Guy Bruneau (Version: 1)
I have been experimenting with IPv6 and tcpdump libpcap over the past
several weeks and here are some of the filters that I have found
working for me to look for certain types of IPv6 traffic. tcpdump and
IPv6 still has some limitations but it is still able to zoom in on some
of the data you might be looking for. Here is the list of libpcap
filters:
IPv6 and TCP
tcpdump -nr ipv6_traffic.pcap ip6 proto 6
tcpdump -nr ipv6_traffic.pcap ip6 protochain 6
IPv6 and UDP
tcpdump -nr ipv6_traffic.pcap ip6 proto 17
tcpdump -nr ipv6_traffic.pcap ip6 and udp
IPv6, hostIPv6 and host fec0:0:0:bebe::2
tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2
IPv6, host fec0:0:0:bebe::2 and TCP port 22
tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and tcp port 22
IPv6, host fec0:0:0:bebe::2 and everything except TCP port 22
tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and not tcp port 22
tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and protochain 6 and not tcp port 22
IPv6, host fec0:0:0:bebe::2, and all traffic to destination port TCP 22
tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and tcp dst port 22
IPv6, host fec0:0:0:bebe::2, and all traffic from source port TCP 22
tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and tcp src port 22
TCPDUMP Command Examples的更多相关文章
- 15 Linux Split and Join Command Examples to Manage Large Files--reference
by HIMANSHU ARORA on OCTOBER 16, 2012 http://www.thegeekstuff.com/2012/10/15-linux-split-and-join-co ...
- 18 Tar Command Examples in Linux
FROM: http://www.tecmint.com/18-tar-command-examples-in-linux/ 18 Tar Command Examples in Linux By R ...
- Top 30 Nmap Command Examples For Sys/Network Admins
Nmap is short for Network Mapper. It is an open source security tool for network exploration, securi ...
- 13 Basic Cat Command Examples in Linux(转) Linux中cat命令的13中基本用法
Cat (串联) 命令是Linux/Unix开源系统中比较常用的一个命令.我们可以通过Cat命令创建一个或多个文件,查看文件内容,串联文件并将内容输出到终端设备或新的文件当中,这篇文章我们将会以实例的 ...
- 12 Linux Which Command, Whatis Command, Whereis Command Examples
This Linux tutorial will explain the three "W" commands. The three "W"s are what ...
- 10 Linux DIG Command Examples for DNS Lookup--reference
by RAMESH NATARAJAN on FEBRUARY 29, 2012 http://www.thegeekstuff.com/2012/02/dig-command-examples/ D ...
- 13 Basic Cat Command Examples in Linux
FROM: http://www.tecmint.com/13-basic-cat-command-examples-in-linux/ The cat (short for “concatenate ...
- 15 Basic ‘ls’ Command Examples in Linux
FROM: http://www.tecmint.com/15-basic-ls-command-examples-in-linux/ ls command is one of the most fr ...
- 15 Practical Grep Command Examples In Linux / UNIX
You should get a grip on the Linux grep command. This is part of the on-going 15 Examples series, wh ...
随机推荐
- Visual Studio原生开发的10个调试技巧(转)
本文由 伯乐在线 - JingerJoe 翻译自 Marius Bancila.转载请参见文章末尾处的要求. [感谢@_La_Isla_Bonita 的热心翻译.如果其他朋友也有不错的原创或译文, ...
- [Android] 修改设备访问权限
在硬件抽象层模块中,我们是调用open函数来打开对应的设备文件的.例如,在2.3.2小节中开发的硬件抽象层模块freg中,函数freg_device_open调用open函数来打开设备文件/dev/f ...
- 【HDOJ】3660 Alice and Bob's Trip
就是一个基本的dfs.可关键问题是c/c++/g++光输入就超时了.还是写java过的,毕竟时限4s.都放弃希望了,没想到还真过了. import java.lang.*; import java.i ...
- Android开发UI之ViewPager及PagerAdapter
ViewPager,官网链接--http://developer.android.com/reference/android/support/v4/view/ViewPager.html ViewPa ...
- Aspcms所有标签调用
错误号3002: 出现此问题一般是有些频道模板不全,或者缺少一部分模板导致,或者没有单独设置html文件夹,并将所有html页面放进去 基本语法 {aspcms:sitepath} 网站终极目录(可放 ...
- easyui 中的treegrid添加checkbox
<script type="text/javascript"> function show(checkid){ var s = '#check_'+checkid; / ...
- 采用软件nginx实现web服务器集群
nginx:软件负载均衡器 是高并发量http/反向代理服务器.实现windows下IIS的负载均衡 条件:2台服务器 1.cpu:Inter(R) 酷睿 i5 cpu 2.26GHz 内存:2G ...
- 关于css样式的看法
1.通常有两种方式,第一种是直接写在页面标签中,通过属性style,另一种是通过标签选择器赋样式 第一种方式,就是每一个标签都需要写一遍样式,同时没有做到样式和内容的分离,不方便以后的样式替换,主题的 ...
- POJ --- 2918 求解数独
Tudoku Description Tom is a master in several mathematical-theoretical disciplines. He recently fo ...
- vxworks一个超级奇怪的错误(parse error before `char')
void tserver(int id) { if(debug){ useResource(,id);} char msgBuf[MAX_MSG_LEN]; if (msgQReceive(myMsg ...