首页 > 代码库 > tcpdump Demo
tcpdump Demo
tcpdump Demo
lxw ~$ tcpdump -i eth0tcpdump: eth0: You don‘t have permission to capture on that device(socket: Operation not permitted)lxw ~$ sudo tcpdump -i eth0 -c 2 #-i指定监听接口interface -c指定监听个数tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes15:43:32.336082 IP6 fe80::7520:2ee6:ac6f:c9a4.55407 > ff02::1:3.hostmon: UDP, length 2215:43:32.336178 IP 192.168.236.1.61092 > 224.0.0.252.hostmon: UDP, length 222 packets captured11 packets received by filter0 packets dropped by kernellxw ~$ sudo tcpdump -i eth0 -c 3 -w 20141227_1546.pcap #-w写入文件tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes3 packets captured11 packets received by filter0 packets dropped by kernellxw ~$ tcpdump -r 20141227_1546.pcap #-r从文件中读取reading from file 20141227_1546.pcap, link-type EN10MB (Ethernet)15:47:20.602350 IP 192.168.236.156.21639 > 192.168.236.2.domain: 21637+ A? tiles.services.mozilla.com. (44)15:47:20.603151 IP 192.168.236.156.24878 > 192.168.236.2.domain: 24280+ AAAA? tiles.services.mozilla.com. (44)15:47:20.606409 IP 192.168.236.156.10932 > 192.168.236.2.domain: 59168+ A? tiles.services.mozilla.com. (44)lxw ~$ sudo tcpdump -i eth0 -tttt #-t/-tt/-ttt/-tttt/-ttttt时间戳(各个含义,参见man tcpdump)tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes2014-12-27 15:58:15.480571 IP 192.168.236.156.56103 > assets-ubuntu-com.eggfruit.canonical.com.http: Flags [.], ack 967272532, win 30248, length 0...76 packets captured83 packets received by filter0 packets dropped by kernellxw ~$ sudo tcpdump -i eth0 arp #指定抓包的协议类型(ip/ip6/arp/tcp/udp)lxw ~$ sudo tcpdump -i eth0 tcp and port 80 #指定抓包端口porttcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes16:04:46.460864 IP 192.168.236.156.55641 > 59.24.3.173.http: Flags [S], seq 3612921085, win 29200, options [mss 1460,sackOK,TS val 1308393 ecr 0,nop,wscale 7], length 0lxw ~$ sudo tcpdump -i eth0 tcp and src 192.168.236.156 and port 80
Reference:
tcpdump使用9个实例: http://blog.csdn.net/zj0910/article/details/12869977
tcpdump Demo
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。