tcpdump抓包抓某个地址host，并写入文件时以时间命令

admin

[root@xa-radb-01 ~]# tcpdump  -i br0 host 192.168.0.232 -vv -nn
0 H# s, r' d3 P, t- I2 Vdropped privs to tcpdump
5 c. S) n4 {2 q5 [- Itcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
7 [0 o( m4 v0 {: Y/ T: \09:43:25.469439 IP (tos 0x0, ttl 64, id 60063, offset 0, flags [DF], proto ICMP (1), length 84)
" l, ?9 p+ l# P. G7 i3 c+ e* Y7 A    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11076, seq 1, length 64
09:43:28.617495 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.41 tell 192.168.0.232, length 28
$ a5 A! x, E' [* }/ ?09:43:28.617529 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.0.41 is-at e8:61:1f:3e:ea:0f, length 28
09:43:28.617630 IP (tos 0x0, ttl 64, id 1210, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.41: ICMP echo request, id 11077, seq 1, length 64
09:43:28.617657 IP (tos 0x0, ttl 64, id 35091, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.0.41 > 192.168.0.232: ICMP echo reply, id 11077, seq 1, length 64
09:43:29.619053 IP (tos 0x0, ttl 64, id 1479, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.41: ICMP echo request, id 11077, seq 2, length 64
09:43:29.619067 IP (tos 0x0, ttl 64, id 35130, offset 0, flags [none], proto ICMP (1), length 84)
* m; |2 r7 ]2 {    192.168.0.41 > 192.168.0.232: ICMP echo reply, id 11077, seq 2, length 64
$ d. g9 {3 T, \7 ^5 u; `; _09:43:30.620547 IP (tos 0x0, ttl 64, id 1534, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.41: ICMP echo request, id 11077, seq 3, length 64
4 Y- a6 [3 Z2 T5 h& j0 b09:43:30.620566 IP (tos 0x0, ttl 64, id 35321, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.0.41 > 192.168.0.232: ICMP echo reply, id 11077, seq 3, length 64
09:43:31.621869 IP (tos 0x0, ttl 64, id 1857, offset 0, flags [DF], proto ICMP (1), length 84)
  R2 M) d0 R* v8 F) q6 e8 Z9 s    192.168.0.232 > 192.168.0.41: ICMP echo request, id 11077, seq 4, length 64
09:43:31.621890 IP (tos 0x0, ttl 64, id 35473, offset 0, flags [none], proto ICMP (1), length 84)
7 S9 J4 d' g& C7 Z; j& [: _    192.168.0.41 > 192.168.0.232: ICMP echo reply, id 11077, seq 4, length 64
! L3 T- W; j6 }09:43:33.536520 IP (tos 0x0, ttl 64, id 62363, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11078, seq 1, length 64
09:43:33.819142 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.232 tell 192.168.0.41, length 28
09:43:33.819270 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.0.232 is-at 52:54:00:3a:43:52, length 28
* {# B" B" o% |# d7 Q8 ]1 e0 H% W8 ?09:43:34.536049 IP (tos 0x0, ttl 64, id 62471, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11078, seq 2, length 64
# y% A' |, m2 T) @09:43:35.536039 IP (tos 0x0, ttl 64, id 63261, offset 0, flags [DF], proto ICMP (1), length 84)
/ v! d$ j; ]2 g( Y8 V. _" g6 b$ k    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11078, seq 3, length 64
09:43:36.536014 IP (tos 0x0, ttl 64, id 63451, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11078, seq 4, length 64
09:43:37.536025 IP (tos 0x0, ttl 64, id 64171, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11078, seq 5, length 64
& p# L& a- w& V( ?. W; Z09:43:38.535994 IP (tos 0x0, ttl 64, id 64546, offset 0, flags [DF], proto ICMP (1), length 84)
  O2 e( e; g* z' r    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11078, seq 6, length 64
09:43:39.535993 IP (tos 0x0, ttl 64, id 65261, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11078, seq 7, length 64
09:43:40.535978 IP (tos 0x0, ttl 64, id 590, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11078, seq 8, length 64
09:43:47.885238 IP (tos 0x0, ttl 64, id 6499, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11080, seq 1, length 64
09:43:48.884913 IP (tos 0x0, ttl 64, id 6872, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11080, seq 2, length 64
! y- Y1 k6 S1 }# P# }8 R: s09:43:49.884924 IP (tos 0x0, ttl 64, id 6895, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11080, seq 3, length 64
09:43:50.884893 IP (tos 0x0, ttl 64, id 7013, offset 0, flags [DF], proto ICMP (1), length 84)
3 Z# F- J! j' A2 v: o" \" ^! I    192.168.0.232 > 192.168.0.1: ICMP echo request, id 11080, seq 4, length 64
1 l! e2 F' ^2 S& G8 T" m09:44:52.844611 IP (tos 0x0, ttl 62, id 43536, offset 0, flags [DF], proto TCP (6), length 60)