截获192.168.1.142收到的和发出的所有的数据包:
命令:
root@root:~# tcpdump host 192.168.1.142
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:00:53.355644 IP 192.168.1.142.1047 > 192.168.1.1.52869: Flags [R.], seq 820912674, ack 2629537824, win 0, length 0
20:00:53.631939 IP 192.168.1.142.1049 > 192.168.1.1.52869: Flags [R.], seq 3570878162, ack 2633542136, win 0, length 0
20:00:57.281899 IP 192.168.1.142.netbios-dgm > 192.168.1.255.netbios-dgm: NBT UDP PACKET(138)
20:01:31.548895 IP 192.168.1.142.netbios-dgm > 192.168.1.255.netbios-dgm: NBT UDP PACKET(138)
在192.168.1.109上ping 192.168.1.142出来数据:
20:03:57.127033 ARP, Request who-has 192.168.1.109 tell 192.168.1.142, length 46
20:03:57.127068 ARP, Reply 192.168.1.109 is-at 70:f1:a1:91:1b:ed (oui Unknown), length 46
20:03:57.127728 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 1792, length 40
20:03:58.124096 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 2048, length 40
20:03:58.124562 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 2048, length 40
20:03:59.125889 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 2304, length 40
20:03:59.126131 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 2304, length 40
20:04:00.127925 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 2560, length 40
20:04:00.128182 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 2560, length 40
命令:
root@root:~# tcpdump src 192.168.1.142
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes在192.168.1.142上ping 192.168.1.109出来数据:
20:13:06.776405 IP 192.168.1.142 > 192.168.1.109: ICMP echo request, id 512, seq 2304, length 40
20:13:07.771439 IP 192.168.1.142 > 192.168.1.109: ICMP echo request, id 512, seq 2560, length 40
20:13:08.771544 IP 192.168.1.142 > 192.168.1.109: ICMP echo request, id 512, seq 2816, length 40
20:13:09.771456 IP 192.168.1.142 > 192.168.1.109: ICMP echo request, id 512, seq 3072, length 40
在192.168.1.109上ping 192.168.1.142出来数据:
20:13:53.685576 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 3840, length 40
20:13:54.687905 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 4096, length 40
20:13:55.688725 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 4352, length 40
20:13:56.689860 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 4608, length 40
命令:
root@root:~# tcpdump dst 192.168.1.142
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes在192.168.1.109上ping 192.168.1.142出来数据:
20:10:47.158844 ARP, Request who-has 192.168.1.142 tell 192.168.1.109, length 46
20:10:47.159061 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 2816, length 40
20:10:48.161190 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 3072, length 40
20:10:49.166951 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 3328, length 40
20:10:50.166953 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 3584, length 40
在192.168.1.142上ping 192.168.1.109出来数据:
20:11:46.395332 IP 192.168.1.109 > 192.168.1.142: ICMP echo reply, id 512, seq 1280, length 40
20:11:47.400434 IP 192.168.1.109 > 192.168.1.142: ICMP echo reply, id 512, seq 1536, length 40
20:11:48.396376 IP 192.168.1.109 > 192.168.1.142: ICMP echo reply, id 512, seq 1792, length 40
20:11:49.396444 IP 192.168.1.109 > 192.168.1.142: ICMP echo reply, id 512, seq 2048, length 40
命令:
root@root:~# tcpdump net 192.168.1.0/24
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:15:41.268402 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 3277304079:3277304195, ack 3808577780, win 17920, length 116
20:15:41.268737 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 116:168, ack 1, win 17920, length 52
20:15:41.268896 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 168, win 64267, length 0
20:15:41.269079 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 168:284, ack 1, win 17920, length 116
20:15:41.269300 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 284:336, ack 1, win 17920, length 52
20:15:41.269407 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 336, win 64099, length 0
20:15:41.271010 IP 192.168.1.11.55446 > ns-px.online.sh.cn.domain: 54143+ PTR? 109.1.168.192.in-addr.arpa. (44)
20:15:41.277026 IP ns-px.online.sh.cn.domain > 192.168.1.11.55446: 54143 NXDomain* 0/1/0 (103)
20:15:41.277769 IP 192.168.1.11.48653 > ns-px.online.sh.cn.domain: 51157+ PTR? 11.1.168.192.in-addr.arpa. (43)
20:15:41.289119 IP ns-px.online.sh.cn.domain > 192.168.1.11.48653: 51157 NXDomain* 0/1/0 (102)
20:15:41.289475 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 336:516, ack 1, win 17920, length 180
20:15:41.289751 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 516:568, ack 1, win 17920, length 52
20:15:41.289869 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 568, win 65535, length 0
20:15:41.290056 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 568:732, ack 1, win 17920, length 164
20:15:41.290301 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 732:784, ack 1, win 17920, length 52
20:15:41.290437 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 784, win 65319, length 0
20:15:41.290609 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 784:932, ack 1, win 17920, length 148
20:15:41.290824 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 932:984, ack 1, win 17920, length 52
20:15:41.290929 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 984, win 65119, length 0
20:15:41.291153 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 984:1148, ack 1, win 17920, length 164
20:15:41.291605 IP 192.168.1.11.50814 > ns-px.online.sh.cn.domain: 50085+ PTR? 5.209.96.202.in-addr.arpa. (43)
20:15:41.291961 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 1148:1408, ack 1, win 17920, length 260
20:15:41.292069 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 1408, win 64695, length 0
20:15:41.295947 IP ns-px.online.sh.cn.domain > 192.168.1.11.50814: 50085 1/0/0 PTR ns-px.online.sh.cn. (75)
^C20:15:41.296422 IP 192.168.1.109.16232 > 255.255.255.255.2654: UDP, length 312
25 packets captured
42 packets received by filter
0 packets dropped by kernel
root@root:~#
命令:
root@root:~# tcpdump icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes在192.168.1.109上ping 192.168.1.142出来数据:
20:17:00.662423 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 4864, length 40
20:17:00.662631 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 4864, length 40
20:17:01.664525 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 5120, length 40
20:17:01.664680 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 5120, length 40
20:17:02.669464 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 5376, length 40
20:17:02.669608 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 5376, length 40
20:17:03.674373 IP 192.168.1.109 > 192.168.1.142: ICMP echo request, id 1024, seq 5632, length 40
20:17:03.674707 IP 192.168.1.142 > 192.168.1.109: ICMP echo reply, id 1024, seq 5632, length 40
命令:
root@root:~# tcpdump port 8080
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes在192.168.1.142上telnet 192.168.1.109 8080出来数据:
20:22:45.120277 IP 192.168.1.142.1088 > 192.168.1.109.http-alt: Flags [S], seq 3789552140, win 64240, options [mss 1460,nop,nop,sackOK], length 0
20:22:45.120293 IP 192.168.1.109.http-alt > 192.168.1.142.1088: Flags [S.], seq 183790394, ack 3789552141, win 65535, options [mss 1460,nop,nop,sackOK], length 0
20:22:45.120456 IP 192.168.1.142.1088 > 192.168.1.109.http-alt: Flags [.], ack 1, win 64240, length 0
20:22:46.046559 IP 192.168.1.142.1088 > 192.168.1.109.http-alt: Flags [P.], seq 1:2, ack 1, win 64240, length 1
20:22:46.190493 IP 192.168.1.109.http-alt > 192.168.1.142.1088: Flags [.], ack 2, win 65534, length 0
20:22:46.292897 IP 192.168.1.142.1088 > 192.168.1.109.http-alt: Flags [P.], seq 2:3, ack 1, win 64240, length 1
20:22:46.492024 IP 192.168.1.109.http-alt > 192.168.1.142.1088: Flags [.], ack 3, win 65533, length 0
20:22:46.540352 IP 192.168.1.142.1088 > 192.168.1.109.http-alt: Flags [P.], seq 3:4, ack 1, win 64240, length 1
20:22:46.693195 IP 192.168.1.109.http-alt > 192.168.1.142.1088: Flags [.], ack 4, win 65532, length 0
20:22:46.798134 IP 192.168.1.142.1088 > 192.168.1.109.http-alt: Flags [P.], seq 4:6, ack 1, win 64240, length 2
20:22:46.798530 IP 192.168.1.109.http-alt > 192.168.1.142.1088: Flags [P.], seq 1:145, ack 6, win 65530, length 144
20:22:46.798692 IP 192.168.1.109.http-alt > 192.168.1.142.1088: Flags [F.], seq 145, ack 6, win 65530, length 0
20:22:46.798837 IP 192.168.1.142.1088 > 192.168.1.109.http-alt: Flags [.], ack 146, win 64096, length 0
20:22:46.810448 IP 192.168.1.142.1088 > 192.168.1.109.http-alt: Flags [F.], seq 6, ack 146, win 64096, length 0
20:22:46.810525 IP 192.168.1.109.http-alt > 192.168.1.142.1088: Flags [.], ack 7, win 65530, length 0
命令:
root@root:~# tcpdump src port 8080
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes在192.168.1.142上telnet 192.168.1.109 8080出来数据:
20:25:20.638645 IP 192.168.1.109.http-alt > 192.168.1.142.1092: Flags [S.], seq 3100465684, ack 3724351617, win 65535, options [mss 1460,nop,nop,sackOK], length 0
20:25:21.358450 IP 192.168.1.109.http-alt > 192.168.1.142.1092: Flags [.], ack 2, win 65534, length 0
20:25:21.495151 IP 192.168.1.109.http-alt > 192.168.1.142.1092: Flags [P.], seq 1:145, ack 4, win 65532, length 144
20:25:21.495282 IP 192.168.1.109.http-alt > 192.168.1.142.1092: Flags [F.], seq 145, ack 4, win 65532, length 0
20:25:21.502863 IP 192.168.1.109.http-alt > 192.168.1.142.1092: Flags [.], ack 5, win 65532, length 0
命令:
root@root:~# tcpdump dst port 8080
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes在192.168.1.142上telnet 192.168.1.109 8080出来数据:
20:27:43.633664 IP 192.168.1.142.1096 > 192.168.1.109.http-alt: Flags [S], seq 3459333539, win 64240, options [mss 1460,nop,nop,sackOK], length 0
20:27:43.633910 IP 192.168.1.142.1096 > 192.168.1.109.http-alt: Flags [.], ack 1075945513, win 64240, length 0
20:27:44.090282 IP 192.168.1.142.1096 > 192.168.1.109.http-alt: Flags [P.], seq 0:1, ack 1, win 64240, length 1
20:27:44.304259 IP 192.168.1.142.1096 > 192.168.1.109.http-alt: Flags [P.], seq 1:2, ack 1, win 64240, length 1
20:27:44.466132 IP 192.168.1.142.1096 > 192.168.1.109.http-alt: Flags [P.], seq 2:4, ack 1, win 64240, length 2
20:27:44.466934 IP 192.168.1.142.1096 > 192.168.1.109.http-alt: Flags [.], ack 146, win 64096, length 0
20:27:44.479474 IP 192.168.1.142.1096 > 192.168.1.109.http-alt: Flags [F.], seq 4, ack 146, win 64096, length 0
命令:
root@root:~# tcpdump portrange 21-23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes出来数据:
20:29:44.580080 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 3277649187:3277649303, ack 3808585812, win 19040, length 116
20:29:44.580365 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 116:168, ack 1, win 19040, length 52
20:29:44.580465 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 168, win 64103, length 0
20:29:44.580598 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 168:284, ack 1, win 19040, length 116
20:29:44.580757 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 284:336, ack 1, win 19040, length 52
20:29:44.580771 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 336, win 65535, length 0
20:29:44.592022 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 336:516, ack 1, win 19040, length 180
20:29:44.592254 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 516:568, ack 1, win 19040, length 52
20:29:44.592360 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 568, win 65303, length 0
20:29:44.592501 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 568:732, ack 1, win 19040, length 164
20:29:44.592665 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 732:784, ack 1, win 19040, length 52
20:29:44.592744 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 784, win 65087, length 0
20:29:44.592895 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 784:932, ack 1, win 19040, length 148
20:29:44.593057 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 932:984, ack 1, win 19040, length 52
20:29:44.593137 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 984, win 64887, length 0
20:29:44.593326 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 984:1148, ack 1, win 19040, length 164
20:29:44.593530 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 1148:1312, ack 1, win 19040, length 164
20:29:44.593613 IP 192.168.1.109.14386 > 192.168.1.11.ssh: Flags [.], ack 1312, win 64559, length 0
20:29:44.594002 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 1312:2340, ack 1, win 19040, length 1028
20:29:44.605433 IP 192.168.1.11.ssh > 192.168.1.109.14386: Flags [P.], seq 12004:12264, ack 1, win 19040, length 260
^C
86 packets captured
89 packets received by filter
0 packets dropped by kernel
命令:
root@root:~# tcpdump less 60
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes出来数据:
20:38:00.539961 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 3005117136, win 65107, length 0
20:38:00.540778 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 169, win 64939, length 0
20:38:00.715421 ARP, Request who-has 192.168.1.11 tell 192.168.1.1, length 46
20:38:00.715450 ARP, Reply 192.168.1.11 is-at 00:0c:29:84:62:81 (oui Unknown), length 28
20:38:00.738853 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 369, win 64739, length 0
20:38:00.739690 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 569, win 64539, length 0
20:38:00.749889 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 737, win 64371, length 0
20:38:00.750891 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 921, win 64187, length 0
20:38:00.752141 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 1409, win 65535, length 0
20:38:00.975621 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 1557, win 65387, length 0
20:38:01.176770 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 1705, win 65239, length 0
20:38:01.377971 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [.], ack 1853, win 65091, length 0
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel
命令:
root@root:~# tcpdump greater 100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes出来数据:
20:39:39.283876 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 3005613360:3005613476, ack 3510687885, win 17920, length 116
20:39:39.284263 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 116:168, ack 1, win 17920, length 52
20:39:39.284677 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 168:284, ack 1, win 17920, length 116
20:39:39.285050 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 284:336, ack 1, win 17920, length 52
20:39:39.299767 IP ns-px.online.sh.cn.domain > 192.168.1.11.58767: 42777 NXDomain* 0/1/0 (103)
20:39:39.304822 IP ns-px.online.sh.cn.domain > 192.168.1.11.37582: 26058 NXDomain* 0/1/0 (102)
20:39:39.305296 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 336:516, ack 1, win 17920, length 180
20:39:39.305620 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 516:568, ack 1, win 17920, length 52
20:39:39.306122 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 568:732, ack 1, win 17920, length 164
20:39:39.306476 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 732:784, ack 1, win 17920, length 52
20:39:39.306928 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 784:948, ack 1, win 17920, length 164
20:39:39.307267 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 948:1000, ack 1, win 17920, length 52
20:39:39.308380 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 1000:1164, ack 1, win 17920, length 164
20:39:39.313885 IP ns-px.online.sh.cn.domain > 192.168.1.11.52251: 10705 1/0/0 PTR ns-px.online.sh.cn. (75)
20:39:39.314282 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 1164:1296, ack 1, win 17920, length 132
20:39:39.314733 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 1296:1444, ack 1, win 17920, length 148
20:39:39.315513 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 1444:2392, ack 1, win 17920, length 948
20:39:39.316235 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 2392:2780, ack 1, win 17920, length 388
20:39:39.316674 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 2780:2944, ack 1, win 17920, length 164
20:39:39.317194 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 2944:3108, ack 1, win 17920, length 164
20:39:39.317618 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 3108:3272, ack 1, win 17920, length 164
20:39:39.318060 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 3272:3436, ack 1, win 17920, length 164
20:39:39.318421 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 3436:3600, ack 1, win 17920, length 164
20:39:39.318883 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 3600:3764, ack 1, win 17920, length 164
20:39:39.319322 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 3764:3928, ack 1, win 17920, length 164
20:39:39.319793 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 3928:4092, ack 1, win 17920, length 164
20:39:39.320186 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 4092:4256, ack 1, win 17920, length 164
20:39:39.320692 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 4256:4420, ack 1, win 17920, length 164
20:39:39.321142 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 4420:4584, ack 1, win 17920, length 164
20:39:39.321687 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 4584:4748, ack 1, win 17920, length 164
20:39:39.322063 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 4748:4912, ack 1, win 17920, length 164
20:39:39.322479 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 4912:5076, ack 1, win 17920, length 164
20:39:39.322848 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 5076:5240, ack 1, win 17920, length 164
20:39:39.323234 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 5240:5404, ack 1, win 17920, length 164
20:39:39.323582 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 5404:5568, ack 1, win 17920, length 164
20:39:39.323959 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 5568:5732, ack 1, win 17920, length 164
20:39:39.324296 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 5732:5896, ack 1, win 17920, length 164
20:39:39.324679 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 5896:6060, ack 1, win 17920, length 164
20:39:39.325046 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 6060:6224, ack 1, win 17920, length 164
20:39:39.325505 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 6224:6388, ack 1, win 17920, length 164
20:39:39.325909 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 6388:6552, ack 1, win 17920, length 164
20:39:39.326357 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 6552:6716, ack 1, win 17920, length 164
20:39:39.326698 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 6716:6880, ack 1, win 17920, length 164
20:39:39.327083 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 6880:7044, ack 1, win 17920, length 164
20:39:39.327418 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 7044:7208, ack 1, win 17920, length 164
20:39:39.327794 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 7208:7372, ack 1, win 17920, length 164
20:39:39.328140 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 7372:7536, ack 1, win 17920, length 164
20:39:39.328607 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 7536:7700, ack 1, win 17920, length 164
20:39:39.329064 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 7700:7864, ack 1, win 17920, length 164
20:39:39.329549 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 7864:8028, ack 1, win 17920, length 164
20:39:39.330015 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 8028:8192, ack 1, win 17920, length 164
20:39:39.330492 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 8192:8356, ack 1, win 17920, length 164
20:39:39.330931 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 8356:8520, ack 1, win 17920, length 164
20:39:39.331438 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 8520:8684, ack 1, win 17920, length 164
20:39:39.331784 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 8684:8848, ack 1, win 17920, length 164
20:39:39.332164 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 8848:9012, ack 1, win 17920, length 164
20:39:39.332572 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 9012:9176, ack 1, win 17920, length 164
20:39:39.333002 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 9176:9340, ack 1, win 17920, length 164
20:39:39.333409 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 9340:9504, ack 1, win 17920, length 164
20:39:39.333792 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 9504:9668, ack 1, win 17920, length 164
20:39:39.334159 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 9668:9832, ack 1, win 17920, length 164
20:39:39.334552 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 9832:9996, ack 1, win 17920, length 164
20:39:39.334928 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 9996:10160, ack 1, win 17920, length 164
20:39:39.335354 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 10160:10324, ack 1, win 17920, length 164
20:39:39.335720 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 10324:10488, ack 1, win 17920, length 164
20:39:39.336116 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 10488:10652, ack 1, win 17920, length 164
20:39:39.336454 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 10652:10816, ack 1, win 17920, length 164
20:39:39.336871 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 10816:10980, ack 1, win 17920, length 164
20:39:39.337234 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 10980:11144, ack 1, win 17920, length 164
20:39:39.337675 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 11144:11308, ack 1, win 17920, length 164
20:39:39.338016 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 11308:11472, ack 1, win 17920, length 164
20:39:39.338439 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 11472:11636, ack 1, win 17920, length 164
20:39:39.338784 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 11636:11800, ack 1, win 17920, length 164
20:39:39.339219 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 11800:11964, ack 1, win 17920, length 164
20:39:39.339592 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 11964:12128, ack 1, win 17920, length 164
20:39:39.340017 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 12128:12292, ack 1, win 17920, length 164
20:39:39.340354 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 12292:12456, ack 1, win 17920, length 164
20:39:39.340754 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 12456:12620, ack 1, win 17920, length 164
20:39:39.341122 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 12620:12784, ack 1, win 17920, length 164
20:39:39.341516 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 12784:12948, ack 1, win 17920, length 164
20:39:39.341908 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 12948:13112, ack 1, win 17920, length 164
20:39:39.342290 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 13112:13276, ack 1, win 17920, length 164
20:39:39.342654 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 13276:13440, ack 1, win 17920, length 164
20:39:39.343054 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 13440:13604, ack 1, win 17920, length 164
20:39:39.343399 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 13604:13768, ack 1, win 17920, length 164
20:39:39.343820 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 13768:13932, ack 1, win 17920, length 164
20:39:39.344221 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 13932:14096, ack 1, win 17920, length 164
20:39:39.344637 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 14096:14260, ack 1, win 17920, length 164
20:39:39.345057 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 14260:14424, ack 1, win 17920, length 164
20:39:39.345466 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 14424:14588, ack 1, win 17920, length 164
20:39:39.345832 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 14588:14752, ack 1, win 17920, length 164
20:39:39.346216 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 14752:14916, ack 1, win 17920, length 164
20:39:39.346553 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 14916:15080, ack 1, win 17920, length 164
20:39:39.346972 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 15080:15244, ack 1, win 17920, length 164
20:39:39.347410 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 15244:15408, ack 1, win 17920, length 164
20:39:39.347882 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 15408:15572, ack 1, win 17920, length 164
20:39:39.348247 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 15572:15736, ack 1, win 17920, length 164
20:39:39.348685 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 15736:15900, ack 1, win 17920, length 164
20:39:39.349164 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 15900:16064, ack 1, win 17920, length 164
20:39:39.349326 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 16064:16228, ack 1, win 17920, length 164
20:39:39.349764 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 16228:16392, ack 1, win 17920, length 164
20:39:39.349930 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 16392:16556, ack 1, win 17920, length 164
20:39:39.350392 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 16556:16720, ack 1, win 17920, length 164
20:39:39.350545 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 16720:16884, ack 1, win 17920, l20:39:39.420871 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 46264:46428, ack 53, win 17920, length 164
20:39:39.421608 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 46428:46592, ack 53, win 17920, length 164
20:39:39.421958 IP 192.168.1.109.17792 > 192.168.1.11.ssh: Flags [P.], seq 53:105, ack 46428, win 65535, length 52
20:39:39.422181 IP 192.168.1.11.ssh > 192.168.1.109.17792: Flags [P.], seq 46592:46756, ack 105, win 17920, length 164
^C
289 packets captured
289 packets received by filter
0 packets dropped by kernel
命令:
root@root:~# tcpdump -s 1514 port 8080 -w capture_file
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1514 bytes
^C11 packets captured
11 packets received by filter
0 packets dropped by kernel在192.168.1.142上telnet 192.168.1.109 8080,把抓包得到的数据,写到了capture_file,然后看看里面的内容:
命令:
root@root:~# tcpdump -r capture_file
reading from file capture_file, link-type EN10MB (Ethernet)
20:43:11.754147 IP 192.168.1.142.1103 > 192.168.1.109.http-alt: Flags [S], seq 2001339352, win 64240, options [mss 1460,nop,nop,sackOK], length 0
20:43:11.754163 IP 192.168.1.109.http-alt > 192.168.1.142.1103: Flags [S.], seq 1741319947, ack 2001339353, win 65535, options [mss 1460,nop,nop,sackOK], length 0
20:43:11.756160 IP 192.168.1.142.1103 > 192.168.1.109.http-alt: Flags [.], ack 1, win 64240, length 0
20:43:12.081063 IP 192.168.1.142.1103 > 192.168.1.109.http-alt: Flags [P.], seq 1:2, ack 1, win 64240, length 1
20:43:12.225409 IP 192.168.1.109.http-alt > 192.168.1.142.1103: Flags [.], ack 2, win 65534, length 0
20:43:12.862089 IP 192.168.1.142.1103 > 192.168.1.109.http-alt: Flags [P.], seq 2:4, ack 1, win 64240, length 2
20:43:12.862660 IP 192.168.1.109.http-alt > 192.168.1.142.1103: Flags [P.], seq 1:145, ack 4, win 65532, length 144
20:43:12.862831 IP 192.168.1.109.http-alt > 192.168.1.142.1103: Flags [F.], seq 145, ack 4, win 65532, length 0
20:43:12.867024 IP 192.168.1.142.1103 > 192.168.1.109.http-alt: Flags [.], ack 146, win 64096, length 0
20:43:12.882653 IP 192.168.1.142.1103 > 192.168.1.109.http-alt: Flags [F.], seq 4, ack 146, win 64096, length 0
20:43:12.882674 IP 192.168.1.109.http-alt > 192.168.1.142.1103: Flags [.], ack 5, win 65532, length 0
root@root:~#
命令:
root@root:~# tcpdump -XvvennSs 0 -i eth0 tcp[20:2]=0x4745 or tcp[20:2]=0x4854
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes在192.168.1.142上用IE打开百度首页,出来数据:
20:57:45.008316 00:0c:29:f1:31:d2 > 00:d0:d0:79:6f:d3, ethertype IPv4 (0x0800), length 368: (tos 0x0, ttl 128, id 1887, offset 0, flags [DF], proto TCP (6), length 354)
192.168.1.142.1111 > 115.239.210.27.80: Flags [P.], cksum 0xd1bf (correct), seq 2425074001:2425074315, ack 1951556000, win 64240, length 314
0x0000: 4500 0162 075f 4000 8006 e9f5 c0a8 018e E..b._@.........
0x0010: 73ef d21b 0457 0050 908b b151 7452 61a0 s....W.P...QtRa.
0x0020: 5018 faf0 d1bf 0000 4745 5420 2f20 4854 P.......GET./.HT
0x0030: 5450 2f31 2e31 0d0a 4163 6365 7074 3a20 TP/1.1..Accept:.
0x0040: 2a2f 2a0d 0a41 6363 6570 742d 4c61 6e67 */*..Accept-Lang
0x0050: 7561 6765 3a20 7a68 2d63 6e0d 0a41 6363 uage:.zh-cn..Acc
0x0060: 6570 742d 456e 636f 6469 6e67 3a20 677a ept-Encoding:.gz
0x0070: 6970 2c20 6465 666c 6174 650d 0a55 7365 ip,.deflate..Use
0x0080: 722d 4167 656e 743a 204d 6f7a 696c 6c61 r-Agent:.Mozilla
0x0090: 2f34 2e30 2028 636f 6d70 6174 6962 6c65 /4.0.(compatible
0x00a0: 3b20 4d53 4945 2036 2e30 3b20 5769 6e64 ;.MSIE.6.0;.Wind
0x00b0: 6f77 7320 4e54 2035 2e31 3b20 5356 3129 ows.NT.5.1;.SV1)
0x00c0: 0d0a 486f 7374 3a20 7777 772e 6261 6964 ..Host:.www.baid
0x00d0: 752e 636f 6d0d 0a43 6f6e 6e65 6374 696f u.com..Connectio
0x00e0: 6e3a 204b 6565 702d 416c 6976 650d 0a43 n:.Keep-Alive..C
0x00f0: 6f6f 6b69 653a 2042 4149 4455 4944 3d36 ookie:.BAIDUID=6
0x0100: 4143 4236 3638 3833 3441 3735 4232 3342 ACB668834A75B23B
0x0110: 3444 4238 3330 3842 4344 3145 4641 363a 4DB8308BCD1EFA6:
0x0120: 4647 3d31 3b20 485f 5053 5f50 5353 4944 FG=1;.H_PS_PSSID
0x0130: 3d32 3335 395f 3134 3536 5f32 3434 385f =2359_1456_2448_
0x0140: 3234 3439 5f32 3235 365f 3137 3838 5f32 2449_2256_1788_2
0x0150: 3235 303b 2042 4453 5652 544d 3d32 0d0a 250;.BDSVRTM=2..
0x0160: 0d0a ..
20:57:45.038460 00:d0:d0:79:6f:d3 > 00:0c:29:f1:31:d2, ethertype IPv4 (0x0800), length 417: (tos 0x0, ttl 52, id 61742, offset 0, flags [DF], proto TCP (6), length 403)
115.239.210.27.80 > 192.168.1.142.1111: Flags [P.], cksum 0x070f (correct), seq 1951556000:1951556363, ack 2425074315, win 6432, length 363
0x0000: 4500 0193 f12e 4000 3406 4bf5 73ef d21b E.....@.4.K.s...
0x0010: c0a8 018e 0050 0457 7452 61a0 908b b28b .....P.WtRa.....
0x0020: 5018 1920 070f 0000 4854 5450 2f31 2e31 P.......HTTP/1.1
0x0030: 2032 3030 204f 4b0d 0a44 6174 653a 204d .200.OK..Date:.M
0x0040: 6f6e 2c20 3230 204d 6179 2032 3031 3320 on,.20.May.2013.
0x0050: 3134 3a34 383a 3537 2047 4d54 0d0a 5365 14:48:57.GMT..Se
0x0060: 7276 6572 3a20 4257 532f 312e 300d 0a43 rver:.BWS/1.0..C
0x0070: 6f6e 7465 6e74 2d4c 656e 6774 683a 2034 ontent-Length:.4
0x0080: 3330 330d 0a43 6f6e 7465 6e74 2d54 7970 303..Content-Typ
0x0090: 653a 2074 6578 742f 6874 6d6c 3b63 6861 e:.text/html;cha
0x00a0: 7273 6574 3d75 7466 2d38 0d0a 4361 6368 rset=utf-8..Cach
0x00b0: 652d 436f 6e74 726f 6c3a 2070 7269 7661 e-Control:.priva
0x00c0: 7465 0d0a 5365 742d 436f 6f6b 6965 3a20 te..Set-Cookie:.
0x00d0: 4244 5356 5254 4d3d 323b 2070 6174 683d BDSVRTM=2;.path=
0x00e0: 2f0d 0a53 6574 2d43 6f6f 6b69 653a 2048 /..Set-Cookie:.H
0x00f0: 5f50 535f 5053 5349 443d 3233 3539 5f31 _PS_PSSID=2359_1
0x0100: 3435 365f 3234 3438 5f32 3434 395f 3232 456_2448_2449_22
0x0110: 3536 5f31 3738 385f 3232 3530 3b20 7061 56_1788_2250;.pa
0x0120: 7468 3d2f 3b20 646f 6d61 696e 3d2e 6261 th=/;.domain=.ba
0x0130: 6964 752e 636f 6d0d 0a45 7870 6972 6573 idu.com..Expires
0x0140: 3a20 4d6f 6e2c 2032 3020 4d61 7920 3230 :.Mon,.20.May.20
0x0150: 3133 2031 343a 3438 3a35 3720 474d 540d 13.14:48:57.GMT.
0x0160: 0a43 6f6e 7465 6e74 2d45 6e63 6f64 696e .Content-Encodin
0x0170: 673a 2067 7a69 700d 0a43 6f6e 6e65 6374 g:.gzip..Connect
0x0180: 696f 6e3a 204b 6565 702d 416c 6976 650d ion:.Keep-Alive.
0x0190: 0a0d 0a ...
20:57:45.234453 00:0c:29:f1:31:d2 > 00:d0:d0:79:6f:d3, ethertype IPv4 (0x0800), length 482: (tos 0x0, ttl 128, id 1895, offset 0, flags [DF], proto TCP (6), length 468)
192.168.1.142.1112 > 115.239.211.11.80: Flags [P.], cksum 0x0219 (correct), seq 2153543202:2153543630, ack 3272173507, win 64240, length 428
0x0000: 4500 01d4 0767 4000 8006 e88b c0a8 018e E....g@.........
0x0010: 73ef d30b 0458 0050 805c 7622 c309 67c3 s....X.P.\v"..g.
0x0020: 5018 faf0 0219 0000 4745 5420 2f73 753f P.......GET./su?
0x0030: 7764 3d26 6362 3d77 696e 646f 772e 6264 wd=&cb=window.bd
0x0040: 7375 672e 7375 6750 7265 5265 7175 6573 sug.sugPreReques
0x0050: 7426 7369 643d 3134 3537 5f32 3434 385f t&sid=1457_2448_
0x0060: 3234 3534 5f31 3738 385f 3232 3530 5f32 2454_1788_2250_2
0x0070: 3235 3226 743d 3133 3639 3036 3133 3237 252&t=1369061327
0x0080: 3539 3320 4854 5450 2f31 2e31 0d0a 4163 593.HTTP/1.1..Ac
0x0090: 6365 7074 3a20 2a2f 2a0d 0a52 6566 6572 cept:.*/*..Refer
0x00a0: 6572 3a20 6874 7470 3a2f 2f77 7777 2e62 er:.http://www.b
0x00b0: 6169 6475 2e63 6f6d 2f0d 0a41 6363 6570 aidu.com/..Accep
0x00c0: 742d 4c61 6e67 7561 6765 3a20 7a68 2d63 t-Language:.zh-c
0x00d0: 6e0d 0a41 6363 6570 742d 456e 636f 6469 n..Accept-Encodi
0x00e0: 6e67 3a20 677a 6970 2c20 6465 666c 6174 ng:.gzip,.deflat
0x00f0: 650d 0a55 7365 722d 4167 656e 743a 204d e..User-Agent:.M
0x0100: 6f7a 696c 6c61 2f34 2e30 2028 636f 6d70 ozilla/4.0.(comp
0x0110: 6174 6962 6c65 3b20 4d53 4945 2036 2e30 atible;.MSIE.6.0
0x0120: 3b20 5769 6e64 6f77 7320 4e54 2035 2e31 ;.Windows.NT.5.1
0x0130: 3b20 5356 3129 0d0a 486f 7374 3a20 7375 ;.SV1)..Host:.su
0x0140: 6767 6573 7469 6f6e 2e62 6169 6475 2e63 ggestion.baidu.c
0x0150: 6f6d 0d0a 436f 6e6e 6563 7469 6f6e 3a20 om..Connection:.
0x0160: 4b65 6570 2d41 6c69 7665 0d0a 436f 6f6b Keep-Alive..Cook
0x0170: 6965 3a20 4241 4944 5549 443d 3641 4342 ie:.BAIDUID=6ACB
0x0180: 3636 3838 3334 4137 3542 3233 4234 4442 668834A75B23B4DB
0x0190: 3833 3038 4243 4431 4546 4136 3a46 473d 8308BCD1EFA6:FG=
0x01a0: 313b 2048 5f50 535f 5053 5349 443d 3233 1;.H_PS_PSSID=23
0x01b0: 3539 5f31 3435 365f 3234 3438 5f32 3434 59_1456_2448_244
0x01c0: 395f 3232 3536 5f31 3738 385f 3232 3530 9_2256_1788_2250
0x01d0: 0d0a 0d0a ....
20:57:45.250810 00:d0:d0:79:6f:d3 > 00:0c:29:f1:31:d2, ethertype IPv4 (0x0800), length 265: (tos 0x0, ttl 53, id 34711, offset 0, flags [DF], proto TCP (6), length 251)
115.239.211.11.80 > 192.168.1.142.1112: Flags [P.], cksum 0x6272 (correct), seq 3272173507:3272173718, ack 2153543630, win 6432, length 211
0x0000: 4500 00fb 8797 4000 3506 b434 73ef d30b E.....@.5..4s...
0x0010: c0a8 018e 0050 0458 c309 67c3 805c 77ce .....P.X..g..\w.
0x0020: 5018 1920 6272 0000 4854 5450 2f31 2e31 P...br..HTTP/1.1
0x0030: 2032 3030 204f 4b0d 0a44 6174 653a 204d .200.OK..Date:.M
0x0040: 6f6e 2c20 3230 204d 6179 2032 3031 3320 on,.20.May.2013.
0x0050: 3134 3a34 383a 3538 2047 4d54 0d0a 5365 14:48:58.GMT..Se
0x0060: 7276 6572 3a20 7375 6767 6573 7469 6f6e rver:.suggestion
0x0070: 2e62 6169 6475 2e7a 6262 2e64 660d 0a43 .baidu.zbb.df..C
0x0080: 6f6e 7465 6e74 2d4c 656e 6774 683a 2034 ontent-Length:.4
0x0090: 380d 0a43 6f6e 7465 6e74 2d54 7970 653a 8..Content-Type:
0x00a0: 2062 6169 6475 4170 702f 6a73 6f6e 3b20 .baiduApp/json;.
0x00b0: 7636 2e32 372e 322e 3134 3b20 6368 6172 v6.27.2.14;.char
0x00c0: 7365 743d 6762 6b0d 0a43 6163 6865 2d43 set=gbk..Cache-C
0x00d0: 6f6e 7472 6f6c 3a20 7072 6976 6174 650d ontrol:.private.
0x00e0: 0a43 6f6e 6e65 6374 696f 6e3a 204b 6565 .Connection:.Kee
0x00f0: 702d 416c 6976 650d 0a0d 0a p-Alive....
命令:
root@root:~# tcpdump -i eth0 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes然后用nmap扫描整个网段:
root@root:~# nmap -sn 192.168.1.0/24nmap出来数据:
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2013-05-14 20:03 EDT
Nmap scan report for 192.168.1.1
Host is up (0.0034s latency).
MAC Address: 00:D0:D0:79:6F:D3 (Zhongxing Telecom)
Nmap scan report for 192.168.1.11
Host is up.
Nmap scan report for 192.168.1.109
Host is up (0.00057s latency).
MAC Address: 70:F1:A1:91:1B:ED (Liteon Technology)
Nmap scan report for 192.168.1.188
Host is up (0.027s latency).
MAC Address: CC:78:5F:12:3D:67 (Unknown)
Nmap done: 256 IP addresses (4 hosts up) scanned in 3.71 secondstcpdump出来数据:
20:03:49.558979 ARP, Request who-has 192.168.1.1 (Broadcast) tell 192.168.1.11, length 28
20:03:49.562374 ARP, Reply 192.168.1.1 is-at 00:d0:d0:79:6f:d3 (oui Unknown), length 46
20:03:49.562545 ARP, Request who-has 192.168.1.2 (Broadcast) tell 192.168.1.11, length 28
20:03:49.563032 ARP, Request who-has 192.168.1.3 (Broadcast) tell 192.168.1.11, length 28
20:03:49.563474 ARP, Request who-has 192.168.1.4 (Broadcast) tell 192.168.1.11, length 28
20:03:49.563749 ARP, Request who-has 192.168.1.5 (Broadcast) tell 192.168.1.11, length 28
20:03:49.563972 ARP, Request who-has 192.168.1.6 (Broadcast) tell 192.168.1.11, length 28
20:03:49.564265 ARP, Request who-has 192.168.1.7 (Broadcast) tell 192.168.1.11, length 28
20:03:49.564679 ARP, Request who-has 192.168.1.8 (Broadcast) tell 192.168.1.11, length 28
20:03:49.565049 ARP, Request who-has 192.168.1.9 (Broadcast) tell 192.168.1.11, length 28
20:03:49.565301 ARP, Request who-has 192.168.1.10 (Broadcast) tell 192.168.1.11, length 28
20:03:49.568534 ARP, Request who-has 192.168.1.0 (Broadcast) tell 192.168.1.11, length 28
20:03:49.663732 ARP, Request who-has 192.168.1.2 (Broadcast) tell 192.168.1.11, length 28
20:03:49.664205 ARP, Request who-has 192.168.1.3 (Broadcast) tell 192.168.1.11, length 28
20:03:49.664645 ARP, Request who-has 192.168.1.4 (Broadcast) tell 192.168.1.11, length 28
20:03:49.667555 ARP, Request who-has 192.168.1.5 (Broadcast) tell 192.168.1.11, length 28
20:03:49.667776 ARP, Request who-has 192.168.1.6 (Broadcast) tell 192.168.1.11, length 28
20:03:49.668160 ARP, Request who-has 192.168.1.7 (Broadcast) tell 192.168.1.11, length 28
20:03:49.668496 ARP, Request who-has 192.168.1.8 (Broadcast) tell 192.168.1.11, length 28
20:03:49.668700 ARP, Request who-has 192.168.1.9 (Broadcast) tell 192.168.1.11, length 28
20:03:49.668987 ARP, Request who-has 192.168.1.10 (Broadcast) tell 192.168.1.11, length 28
20:03:49.672407 ARP, Request who-has 192.168.1.0 (Broadcast) tell 192.168.1.11, length 28
20:03:49.923892 ARP, Request who-has 192.168.1.13 (Broadcast) tell 192.168.1.11, length 28
20:03:49.924854 ARP, Request who-has 192.168.1.14 (Broadcast) tell 192.168.1.11, length 28
20:03:49.925238 ARP, Request who-has 192.168.1.15 (Broadcast) tell 192.168.1.11, length 28
20:03:49.925576 ARP, Request who-has 192.168.1.16 (Broadcast) tell 192.168.1.11, length 28
20:03:49.925807 ARP, Request who-has 192.168.1.17 (Broadcast) tell 192.168.1.11, length 28
20:03:49.926169 ARP, Request who-has 192.168.1.18 (Broadcast) tell 192.168.1.11, length 28
20:03:49.926608 ARP, Request who-has 192.168.1.19 (Broadcast) tell 192.168.1.11, length 28
20:03:49.926839 ARP, Request who-has 192.168.1.20 (Broadcast) tell 192.168.1.11, length 28
20:03:49.927066 ARP, Request who-has 192.168.1.21 (Broadcast) tell 192.168.1.11, length 28
20:03:49.927363 ARP, Request who-has 192.168.1.22 (Broadcast) tell 192.168.1.11, length 28
20:03:50.124741 ARP, Request who-has 192.168.1.13 (Broadcast) tell 192.168.1.11, length 28
20:03:50.127567 ARP, Request who-has 192.168.1.14 (Broadcast) tell 192.168.1.11, length 28
20:03:50.127796 ARP, Request who-has 192.168.1.15 (Broadcast) tell 192.168.1.11, length 28
20:03:50.128040 ARP, Request who-has 192.168.1.16 (Broadcast) tell 192.168.1.11, length 28
20:03:50.128408 ARP, Request who-has 192.168.1.17 (Broadcast) tell 192.168.1.11, length 28
20:03:50.128610 ARP, Request who-has 192.168.1.18 (Broadcast) tell 192.168.1.11, length 28
20:03:50.128820 ARP, Request who-has 192.168.1.19 (Broadcast) tell 192.168.1.11, length 28
20:03:50.129120 ARP, Request who-has 192.168.1.20 (Broadcast) tell 192.168.1.11, length 28
20:03:50.129686 ARP, Request who-has 192.168.1.21 (Broadcast) tell 192.168.1.11, length 28
20:03:50.129980 ARP, Request who-has 192.168.1.22 (Broadcast) tell 192.168.1.11, length 28
20:03:50.324999 ARP, Request who-has 192.168.1.29 (Broadcast) tell 192.168.1.11, length 28
20:03:50.327798 ARP, Request who-has 192.168.1.32 (Broadcast) tell 192.168.1.11, length 28
20:03:50.330729 ARP, Request who-has 192.168.1.35 (Broadcast) tell 192.168.1.11, length 28
20:03:50.331103 ARP, Request who-has 192.168.1.36 (Broadcast) tell 192.168.1.11, length 28
20:03:50.331469 ARP, Request who-has 192.168.1.37 (Broadcast) tell 192.168.1.11, length 28
20:03:50.331676 ARP, Request who-has 192.168.1.38 (Broadcast) tell 192.168.1.11, length 28
20:03:50.331869 ARP, Request who-has 192.168.1.39 (Broadcast) tell 192.168.1.11, length 28
20:03:50.332161 ARP, Request who-has 192.168.1.40 (Broadcast) tell 192.168.1.11, length 28
20:03:50.332531 ARP, Request who-has 192.168.1.41 (Broadcast) tell 192.168.1.11, length 28
20:03:50.332839 ARP, Request who-has 192.168.1.42 (Broadcast) tell 192.168.1.11, length 28
20:03:50.526360 ARP, Request who-has 192.168.1.29 (Broadcast) tell 192.168.1.11, length 28
20:03:50.528978 ARP, Request who-has 192.168.1.32 (Broadcast) tell 192.168.1.11, length 28
20:03:50.531861 ARP, Request who-has 192.168.1.35 (Broadcast) tell 192.168.1.11, length 28
20:03:50.532236 ARP, Request who-has 192.168.1.36 (Broadcast) tell 192.168.1.11, length 28
20:03:50.532540 ARP, Request who-has 192.168.1.37 (Broadcast) tell 192.168.1.11, length 28
20:03:50.532753 ARP, Request who-has 192.168.1.38 (Broadcast) tell 192.168.1.11, length 28
20:03:50.535764 ARP, Request who-has 192.168.1.39 (Broadcast) tell 192.168.1.11, length 28
20:03:50.536139 ARP, Request who-has 192.168.1.40 (Broadcast) tell 192.168.1.11, length 28
20:03:50.536470 ARP, Request who-has 192.168.1.41 (Broadcast) tell 192.168.1.11, length 28
20:03:50.536823 ARP, Request who-has 192.168.1.42 (Broadcast) tell 192.168.1.11, length 28
20:03:50.727328 ARP, Request who-has 192.168.1.53 (Broadcast) tell 192.168.1.11, length 28
20:03:50.730272 ARP, Request who-has 192.168.1.56 (Broadcast) tell 192.168.1.11, length 28
20:03:50.733050 ARP, Request who-has 192.168.1.59 (Broadcast) tell 192.168.1.11, length 28
20:03:50.733420 ARP, Request who-has 192.168.1.60 (Broadcast) tell 192.168.1.11, length 28
20:03:50.733721 ARP, Request who-has 192.168.1.61 (Broadcast) tell 192.168.1.11, length 28
20:03:50.733932 ARP, Request who-has 192.168.1.62 (Broadcast) tell 192.168.1.11, length 28
20:03:50.736972 ARP, Request who-has 192.168.1.65 (Broadcast) tell 192.168.1.11, length 28
20:03:50.737351 ARP, Request who-has 192.168.1.66 (Broadcast) tell 192.168.1.11, length 28
20:03:50.737711 ARP, Request who-has 192.168.1.67 (Broadcast) tell 192.168.1.11, length 28
20:03:50.737915 ARP, Request who-has 192.168.1.68 (Broadcast) tell 192.168.1.11, length 28
20:03:50.928494 ARP, Request who-has 192.168.1.53 (Broadcast) tell 192.168.1.11, length 28
20:03:50.931307 ARP, Request who-has 192.168.1.56 (Broadcast) tell 192.168.1.11, length 28
20:03:50.934240 ARP, Request who-has 192.168.1.59 (Broadcast) tell 192.168.1.11, length 28
20:03:50.934622 ARP, Request who-has 192.168.1.60 (Broadcast) tell 192.168.1.11, length 28
20:03:50.934992 ARP, Request who-has 192.168.1.61 (Broadcast) tell 192.168.1.11, length 28
20:03:50.935197 ARP, Request who-has 192.168.1.62 (Broadcast) tell 192.168.1.11, length 28
20:03:50.938147 ARP, Request who-has 192.168.1.65 (Broadcast) tell 192.168.1.11, length 28
20:03:50.938466 ARP, Request who-has 192.168.1.66 (Broadcast) tell 192.168.1.11, length 28
20:03:50.938759 ARP, Request who-has 192.168.1.67 (Broadcast) tell 192.168.1.11, length 28
20:03:50.939508 ARP, Request who-has 192.168.1.68 (Broadcast) tell 192.168.1.11, length 28
20:03:51.129632 ARP, Request who-has 192.168.1.79 (Broadcast) tell 192.168.1.11, length 28
20:03:51.132465 ARP, Request who-has 192.168.1.82 (Broadcast) tell 192.168.1.11, length 28
20:03:51.135448 ARP, Request who-has 192.168.1.85 (Broadcast) tell 192.168.1.11, length 28
20:03:51.135843 ARP, Request who-has 192.168.1.86 (Broadcast) tell 192.168.1.11, length 28
20:03:51.136289 ARP, Request who-has 192.168.1.87 (Broadcast) tell 192.168.1.11, length 28
20:03:51.136703 ARP, Request who-has 192.168.1.88 (Broadcast) tell 192.168.1.11, length 28
20:03:51.140290 ARP, Request who-has 192.168.1.91 (Broadcast) tell 192.168.1.11, length 28
20:03:51.140659 ARP, Request who-has 192.168.1.92 (Broadcast) tell 192.168.1.11, length 28
20:03:51.140882 ARP, Request who-has 192.168.1.93 (Broadcast) tell 192.168.1.11, length 28
20:03:51.141113 ARP, Request who-has 192.168.1.94 (Broadcast) tell 192.168.1.11, length 28
20:03:51.330739 ARP, Request who-has 192.168.1.79 (Broadcast) tell 192.168.1.11, length 28
20:03:51.333825 ARP, Request who-has 192.168.1.82 (Broadcast) tell 192.168.1.11, length 28
20:03:51.337497 ARP, Request who-has 192.168.1.85 (Broadcast) tell 192.168.1.11, length 28
20:03:51.337959 ARP, Request who-has 192.168.1.86 (Broadcast) tell 192.168.1.11, length 28
20:03:51.338244 ARP, Request who-has 192.168.1.87 (Broadcast) tell 192.168.1.11, length 28
20:03:51.338530 ARP, Request who-has 192.168.1.88 (Broadcast) tell 192.168.1.11, length 28
20:03:51.341415 ARP, Request who-has 192.168.1.91 (Broadcast) tell 192.168.1.11, length 28
20:03:51.341887 ARP, Request who-has 192.168.1.92 (Broadcast) tell 192.168.1.11, length 28
20:03:51.342171 ARP, Request who-has 192.168.1.93 (Broadcast) tell 192.168.1.11, length 28
20:03:51.342554 ARP, Request who-has 192.168.1.94 (Broadcast) tell 192.168.1.11, length 28
20:03:51.531164 ARP, Request who-has 192.168.1.105 (Broadcast) tell 192.168.1.11, length 28
20:03:51.534921 ARP, Request who-has 192.168.1.108 (Broadcast) tell 192.168.1.11, length 28
20:03:51.539643 ARP, Request who-has 192.168.1.111 (Broadcast) tell 192.168.1.11, length 28
20:03:51.539945 ARP, Request who-has 192.168.1.112 (Broadcast) tell 192.168.1.11, length 28
20:03:51.540221 ARP, Request who-has 192.168.1.113 (Broadcast) tell 192.168.1.11, length 28
20:03:51.540602 ARP, Request who-has 192.168.1.114 (Broadcast) tell 192.168.1.11, length 28
20:03:51.543654 ARP, Request who-has 192.168.1.117 (Broadcast) tell 192.168.1.11, length 28
20:03:51.545801 ARP, Request who-has 192.168.1.118 (Broadcast) tell 192.168.1.11, length 28
20:03:51.546151 ARP, Request who-has 192.168.1.119 (Broadcast) tell 192.168.1.11, length 28
20:03:51.546542 ARP, Request who-has 192.168.1.120 (Broadcast) tell 192.168.1.11, length 28
20:03:51.732182 ARP, Request who-has 192.168.1.105 (Broadcast) tell 192.168.1.11, length 28
20:03:51.735059 ARP, Request who-has 192.168.1.108 (Broadcast) tell 192.168.1.11, length 28
20:03:51.740931 ARP, Request who-has 192.168.1.111 (Broadcast) tell 192.168.1.11, length 28
20:03:51.741326 ARP, Request who-has 192.168.1.112 (Broadcast) tell 192.168.1.11, length 28
20:03:51.741529 ARP, Request who-has 192.168.1.113 (Broadcast) tell 192.168.1.11, length 28
20:03:51.741739 ARP, Request who-has 192.168.1.114 (Broadcast) tell 192.168.1.11, length 28
20:03:51.744715 ARP, Request who-has 192.168.1.117 (Broadcast) tell 192.168.1.11, length 28
20:03:51.747602 ARP, Request who-has 192.168.1.118 (Broadcast) tell 192.168.1.11, length 28
20:03:51.747782 ARP, Request who-has 192.168.1.119 (Broadcast) tell 192.168.1.11, length 28
20:03:51.747982 ARP, Request who-has 192.168.1.120 (Broadcast) tell 192.168.1.11, length 28
20:03:51.932459 ARP, Request who-has 192.168.1.133 (Broadcast) tell 192.168.1.11, length 28
20:03:51.936221 ARP, Request who-has 192.168.1.136 (Broadcast) tell 192.168.1.11, length 28
20:03:51.942005 ARP, Request who-has 192.168.1.139 (Broadcast) tell 192.168.1.11, length 28
20:03:51.942184 ARP, Request who-has 192.168.1.140 (Broadcast) tell 192.168.1.11, length 28
20:03:51.942397 ARP, Request who-has 192.168.1.141 (Broadcast) tell 192.168.1.11, length 28
20:03:51.942622 ARP, Request who-has 192.168.1.142 (Broadcast) tell 192.168.1.11, length 28
20:03:51.945011 ARP, Request who-has 192.168.1.145 (Broadcast) tell 192.168.1.11, length 28
20:03:51.947985 ARP, Request who-has 192.168.1.148 (Broadcast) tell 192.168.1.11, length 28
20:03:51.948403 ARP, Request who-has 192.168.1.149 (Broadcast) tell 192.168.1.11, length 28
20:03:51.951860 ARP, Request who-has 192.168.1.152 (Broadcast) tell 192.168.1.11, length 28
20:03:52.133516 ARP, Request who-has 192.168.1.133 (Broadcast) tell 192.168.1.11, length 28
20:03:52.137362 ARP, Request who-has 192.168.1.136 (Broadcast) tell 192.168.1.11, length 28
20:03:52.142266 ARP, Request who-has 192.168.1.139 (Broadcast) tell 192.168.1.11, length 28
20:03:52.142459 ARP, Request who-has 192.168.1.140 (Broadcast) tell 192.168.1.11, length 28
20:03:52.145120 ARP, Request who-has 192.168.1.141 (Broadcast) tell 192.168.1.11, length 28
20:03:52.145308 ARP, Request who-has 192.168.1.142 (Broadcast) tell 192.168.1.11, length 28
20:03:52.145544 ARP, Request who-has 192.168.1.145 (Broadcast) tell 192.168.1.11, length 28
20:03:52.149033 ARP, Request who-has 192.168.1.148 (Broadcast) tell 192.168.1.11, length 28
20:03:52.149228 ARP, Request who-has 192.168.1.149 (Broadcast) tell 192.168.1.11, length 28
20:03:52.152932 ARP, Request who-has 192.168.1.152 (Broadcast) tell 192.168.1.11, length 28
20:03:52.333896 ARP, Request who-has 192.168.1.167 (Broadcast) tell 192.168.1.11, length 28
20:03:52.337650 ARP, Request who-has 192.168.1.170 (Broadcast) tell 192.168.1.11, length 28
20:03:52.343395 ARP, Request who-has 192.168.1.173 (Broadcast) tell 192.168.1.11, length 28
20:03:52.343590 ARP, Request who-has 192.168.1.174 (Broadcast) tell 192.168.1.11, length 28
20:03:52.346352 ARP, Request who-has 192.168.1.177 (Broadcast) tell 192.168.1.11, length 28
20:03:52.346722 ARP, Request who-has 192.168.1.178 (Broadcast) tell 192.168.1.11, length 28
20:03:52.346921 ARP, Request who-has 192.168.1.179 (Broadcast) tell 192.168.1.11, length 28
20:03:52.349298 ARP, Request who-has 192.168.1.182 (Broadcast) tell 192.168.1.11, length 28
20:03:52.352159 ARP, Request who-has 192.168.1.185 (Broadcast) tell 192.168.1.11, length 28
20:03:52.355186 ARP, Request who-has 192.168.1.188 (Broadcast) tell 192.168.1.11, length 28
20:03:52.382534 ARP, Reply 192.168.1.188 is-at cc:78:5f:12:3d:67 (oui Unknown), length 46
20:03:52.385454 ARP, Request who-has 192.168.1.191 (Broadcast) tell 192.168.1.11, length 28
20:03:52.385647 ARP, Request who-has 192.168.1.192 (Broadcast) tell 192.168.1.11, length 28
20:03:52.385884 ARP, Request who-has 192.168.1.193 (Broadcast) tell 192.168.1.11, length 28
20:03:52.386134 ARP, Request who-has 192.168.1.194 (Broadcast) tell 192.168.1.11, length 28
20:03:52.386306 ARP, Request who-has 192.168.1.195 (Broadcast) tell 192.168.1.11, length 28
20:03:52.386469 ARP, Request who-has 192.168.1.196 (Broadcast) tell 192.168.1.11, length 28
20:03:52.386710 ARP, Request who-has 192.168.1.197 (Broadcast) tell 192.168.1.11, length 28
20:03:52.386933 ARP, Request who-has 192.168.1.198 (Broadcast) tell 192.168.1.11, length 28
20:03:52.387097 ARP, Request who-has 192.168.1.199 (Broadcast) tell 192.168.1.11, length 28
20:03:52.387259 ARP, Request who-has 192.168.1.200 (Broadcast) tell 192.168.1.11, length 28
20:03:52.387488 ARP, Request who-has 192.168.1.201 (Broadcast) tell 192.168.1.11, length 28
20:03:52.387712 ARP, Request who-has 192.168.1.202 (Broadcast) tell 192.168.1.11, length 28
20:03:52.387873 ARP, Request who-has 192.168.1.203 (Broadcast) tell 192.168.1.11, length 28
20:03:52.388011 ARP, Request who-has 192.168.1.204 (Broadcast) tell 192.168.1.11, length 28
20:03:52.388332 ARP, Request who-has 192.168.1.205 (Broadcast) tell 192.168.1.11, length 28
20:03:52.388605 ARP, Request who-has 192.168.1.206 (Broadcast) tell 192.168.1.11, length 28
20:03:52.388770 ARP, Request who-has 192.168.1.207 (Broadcast) tell 192.168.1.11, length 28
20:03:52.388771 ARP, Request who-has 192.168.1.208 (Broadcast) tell 192.168.1.11, length 28
20:03:52.388773 ARP, Request who-has 192.168.1.209 (Broadcast) tell 192.168.1.11, length 28
20:03:52.391303 ARP, Request who-has 192.168.1.210 (Broadcast) tell 192.168.1.11, length 28
20:03:52.391595 ARP, Request who-has 192.168.1.211 (Broadcast) tell 192.168.1.11, length 28
20:03:52.391760 ARP, Request who-has 192.168.1.212 (Broadcast) tell 192.168.1.11, length 28
20:03:52.391923 ARP, Request who-has 192.168.1.213 (Broadcast) tell 192.168.1.11, length 28
20:03:52.392240 ARP, Request who-has 192.168.1.214 (Broadcast) tell 192.168.1.11, length 28
20:03:52.392486 ARP, Request who-has 192.168.1.215 (Broadcast) tell 192.168.1.11, length 28
20:03:52.392675 ARP, Request who-has 192.168.1.216 (Broadcast) tell 192.168.1.11, length 28
20:03:52.471469 ARP, Request who-has 192.168.1.167 (Broadcast) tell 192.168.1.11, length 28
20:03:52.475235 ARP, Request who-has 192.168.1.170 (Broadcast) tell 192.168.1.11, length 28
20:03:52.481145 ARP, Request who-has 192.168.1.173 (Broadcast) tell 192.168.1.11, length 28
20:03:52.523120 ARP, Request who-has 192.168.1.191 (Broadcast) tell 192.168.1.11, length 28
20:03:52.523356 ARP, Request who-has 192.168.1.192 (Broadcast) tell 192.168.1.11, length 28
20:03:52.609174 ARP, Request who-has 192.168.1.34 (Broadcast) tell 192.168.1.11, length 28
20:03:52.660901 ARP, Request who-has 192.168.1.73 (Broadcast) tell 192.168.1.11, length 28
20:03:52.678898 ARP, Request who-has 192.168.1.128 (Broadcast) tell 192.168.1.11, length 28
20:03:52.751114 ARP, Request who-has 192.168.1.45 (Broadcast) tell 192.168.1.11, length 28
20:03:52.756323 ARP, Request who-has 192.168.1.48 (Broadcast) tell 192.168.1.11, length 28
20:03:52.764237 ARP, Request who-has 192.168.1.63 (Broadcast) tell 192.168.1.11, length 28
20:03:52.884516 ARP, Request who-has 192.168.1.253 (Broadcast) tell 192.168.1.11, length 28
20:03:52.888374 ARP, Request who-has 192.168.1.12 (Broadcast) tell 192.168.1.11, length 28
20:03:52.936190 ARP, Request who-has 192.168.1.64 (Broadcast) tell 192.168.1.11, length 28
20:03:52.948585 ARP, Request who-has 192.168.1.130 (Broadcast) tell 192.168.1.11, length 28
20:03:52.957648 ARP, Request who-has 192.168.1.250 (Broadcast) tell 192.168.1.11, length 28
20:03:53.070909 ARP, Request who-has 192.168.1.64 (Broadcast) tell 192.168.1.11, length 28
20:03:53.071114 ARP, Request who-has 192.168.1.69 (Broadcast) tell 192.168.1.11, length 28
20:03:53.073904 ARP, Request who-has 192.168.1.77 (Broadcast) tell 192.168.1.11, length 28
20:03:53.074360 ARP, Request who-has 192.168.1.78 (Broadcast) tell 192.168.1.11, length 28
20:03:53.077745 ARP, Request who-has 192.168.1.89 (Broadcast) tell 192.168.1.11, length 28
20:03:53.078036 ARP, Request who-has 192.168.1.90 (Broadcast) tell 192.168.1.11, length 28
20:03:53.078214 ARP, Request who-has 192.168.1.107 (Broadcast) tell 192.168.1.11, length 28
20:04:04.249185 ARP, Request who-has 192.168.1.135 tell 192.168.1.1, length 46
20:04:09.253459 ARP, Request who-has 192.168.1.11 tell 192.168.1.1, length 46
20:04:09.253480 ARP, Reply 192.168.1.11 is-at 00:0c:29:84:62:81 (oui Unknown), length 28
20:04:31.487519 ARP, Request who-has 192.168.1.188 tell 192.168.1.1, length 46
^C
206 packets captured
514 packets received by filter
308 packets dropped by kernel
root@root:~# tcpdump -i eth0 ip -c 10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes出来数据:
20:07:50.767226 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 3446403126:3446403242, ack 566498733, win 19040, length 116
20:07:50.767629 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 116:168, ack 1, win 19040, length 52
20:07:50.767811 IP 192.168.1.109.14455 > 192.168.1.11.ssh: Flags [.], ack 168, win 17040, length 0
20:07:50.768023 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 168:284, ack 1, win 19040, length 116
20:07:50.768273 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 284:336, ack 1, win 19040, length 52
20:07:50.768402 IP 192.168.1.109.14455 > 192.168.1.11.ssh: Flags [.], ack 336, win 16872, length 0
20:07:50.770182 IP 192.168.1.11.58852 > ns-px.online.sh.cn.domain: 27107+ PTR? 109.1.168.192.in-addr.arpa. (44)
20:07:50.774533 IP ns-px.online.sh.cn.domain > 192.168.1.11.58852: 27107 NXDomain* 0/1/0 (103)
20:07:50.775197 IP 192.168.1.11.34919 > ns-px.online.sh.cn.domain: 24086+ PTR? 11.1.168.192.in-addr.arpa. (43)
20:07:50.779511 IP ns-px.online.sh.cn.domain > 192.168.1.11.34919: 24086 NXDomain* 0/1/0 (102)
10 packets captured
27 packets received by filter
0 packets dropped by kernel命令:
root@root:~# tcpdump -i eth0 -c 10 tcp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes出来数据:
20:12:37.179676 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 3446410606:3446410722, ack 566501177, win 19040, length 116
20:12:37.180136 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 116:168, ack 1, win 19040, length 52
20:12:37.180281 IP 192.168.1.109.14455 > 192.168.1.11.ssh: Flags [.], ack 168, win 16244, length 0
20:12:37.180454 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 168:284, ack 1, win 19040, length 116
20:12:37.180697 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 284:336, ack 1, win 19040, length 52
20:12:37.180847 IP 192.168.1.109.14455 > 192.168.1.11.ssh: Flags [.], ack 336, win 16076, length 0
20:12:40.660645 IP 192.168.1.109.14455 > 192.168.1.11.ssh: Flags [P.], seq 1:53, ack 336, win 16076, length 52
20:12:40.660986 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 336:388, ack 53, win 19040, length 52
20:12:40.849895 IP 192.168.1.109.14455 > 192.168.1.11.ssh: Flags [.], ack 388, win 17520, length 0
20:12:42.422854 IP 192.168.1.11.ssh > 192.168.1.109.14455: Flags [P.], seq 388:568, ack 53, win 19040, length 180
10 packets captured
16 packets received by filter
0 packets dropped by kernel命令:
root@root:~# tcpdump -i eth0 -c 10 udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes出来数据:
20:12:51.831792 IP6 fe80::d1da:eaec:b80:15eb.53144 > ff02::c.1900: UDP, length 146
20:12:51.834010 IP 192.168.1.11.38310 > ns-px.online.sh.cn.domain: 24388+ PTR? c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
20:12:52.117833 IP 192.168.1.109.15018 > 255.255.255.255.2654: UDP, length 312
20:12:52.121145 IP 192.168.1.109.15019 > 255.255.255.255.2654: UDP, length 322
20:12:52.736022 IP 192.168.1.222.3601 > 255.255.255.255.3600: UDP, length 40
20:12:54.887368 IP6 fe80::d1da:eaec:b80:15eb.53144 > ff02::c.1900: UDP, length 146
20:12:55.115558 IP 192.168.1.109.15021 > 255.255.255.255.2654: UDP, length 312
20:12:55.119043 IP 192.168.1.109.15022 > 255.255.255.255.2654: UDP, length 317
20:12:56.839512 IP 192.168.1.11.52662 > 202.96.209.13.domain: 24388+ PTR? c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
20:12:56.849327 IP 202.96.209.13.domain > 192.168.1.11.52662: 24388 Refused- 0/0/0 (90)
10 packets captured
34 packets received by filter
0 packets dropped by kernel命令:
root@root:~# tcpdump -i eth0 -c 10 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes出来数据:
20:15:32.674011 IP 192.168.1.109 > 192.168.1.11: ICMP echo request, id 1024, seq 2304, length 40
20:15:32.674063 IP 192.168.1.11 > 192.168.1.109: ICMP echo reply, id 1024, seq 2304, length 40
20:15:33.675308 IP 192.168.1.109 > 192.168.1.11: ICMP echo request, id 1024, seq 2560, length 40
20:15:33.675334 IP 192.168.1.11 > 192.168.1.109: ICMP echo reply, id 1024, seq 2560, length 40
20:15:34.676291 IP 192.168.1.109 > 192.168.1.11: ICMP echo request, id 1024, seq 2816, length 40
20:15:34.676317 IP 192.168.1.11 > 192.168.1.109: ICMP echo reply, id 1024, seq 2816, length 40
20:15:35.677313 IP 192.168.1.109 > 192.168.1.11: ICMP echo request, id 1024, seq 3072, length 40
20:15:35.677341 IP 192.168.1.11 > 192.168.1.109: ICMP echo reply, id 1024, seq 3072, length 40
139
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
