抓包
tcpdump
- 可以将网络
- -i:interface监听网卡
-
[root@server5 ~]# tcpdump -i ens33
11:09:26.967399 IP server5.example.com.ssh > localhost.53420: Flags [P.], seq 3438092:3438272, ack 521, win 251, length 180
- - nn:以ip和port方式显示来源主机和目的主机
-
[root@server3 ~]# ping -c 5 192.168.109.138
PING 192.168.109.138 (192.168.109.138) 56(84) bytes of data.
64 bytes from 192.168.109.138: icmp_seq=1 ttl=64 time=1.50 ms
64 bytes from 192.168.109.138: icmp_seq=2 ttl=64 time=0.215 ms
64 bytes from 192.168.109.138: icmp_seq=3 ttl=64 time=0.584 ms
64 bytes from 192.168.109.138: icmp_seq=4 ttl=64 time=0.236 ms
64 bytes from 192.168.109.138: icmp_seq=5 ttl=64 time=0.226 ms
root@server5 ~]# tcpdump -i ens33 -nn 'icmp'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 65535 bytes
11:13:52.860920 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 1, length 64
11:13:52.860972 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 1, length 64
11:13:53.862829 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 2, length 64
11:13:53.862874 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 2, length 64
11:13:54.864056 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 3, length 64
11:13:54.864115 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 3, length 64
11:13:55.864911 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 4, length 64
11:13:55.864961 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 4, length 64
11:13:56.865994 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 5, length 64
11:13:56.866044 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 5, length 64
-