#tshark -i 1 -w /usr/tmp/icmp.cap -f"icmp" -b duration:3
測試每三秒捕獲icmp網絡包
#tshark -i 1 -w /usr/tmp/icmp.cap -f"icmp&&dst 10.166.253.92" -b duration:10
過濾icmp且ip是10.166.253.92
#ps -ef|grep tshark|grep -w 10.166.253.92|awk '{printf $2}'
管道輸出上面指令的具體進程ID
#kill -9 `ps -ef|grep tshark|grep -w 10.166.253.92|awk '{printf $2}'`
直接中斷該進程
#ps -ef|grep tshark|grep -w 'tshark -i 1 -w /usr/tmp/error.cap -f"icmp&&dst 10.166.253.90" -b duration:30'|awk '{printf $2}'
更精確的查找,直接查找剛纔運行指令對應的pid