SmartSniff 过滤器的规则
[require|exclude] : [local|remote|both] : [tcp|udp|tcpudp|icmp|all] : [IP Range|Ports Range] [显示|排除] : [本地|远程|双向] : [tcp|udp|tcpudp|icmp|all] : [ip地址范围|端口范围]
监听
nc -l 8888 nc -k -l 8888 # 持续监听
连接
nc 127.0.0.1 8888
检查端口
nc -v -w 5 127.0.0.1 8888
端口扫描
nc -v -w 2 -z 127.0.0.1 20-80 # -w 超时时间 -z 发送0值 nc -u -v -w 2 -z 127.0.0.1 20-80 # udp
文件传输
nc -l 8888 > data.gz nc 127.0.0.1 8888 < data.gz
多个文件或大文件传输
nc -l 8888 | tar -C /www -xz tar cz /www | nc 127.0.0.1 8888
加密传输
nc -l 8888 | openssl enc -aes-256-cbc -d -pass pass:dotcoo | tar -C /www -xz tar cz /www | openssl enc -aes-256-cbc -pass pass:dotcoo | nc 127.0.0.1 8888
发送/接收
while true ; do date "+%Y-%m-%d %H:%M:%D"; done | nc 127.0.0.1 8888 nc -k -l 8888 | while read line ; do echo $line; done
请求/响应
mkfifo msg & tail -f msg | nc -k -l 8888 | while read req; do echo Request ":" $req ; echo world > msg; echo Response ":" world; done echo hello | nc 127.0.0.1 8888
广播/订阅
# 广播 用golang 或 nodejs实现比较好 nc 127.0.0.1 8888 | while read line ; do echo $line; done # 订阅 cat list.txt | while read host port ; do echo close | nc $host $port; done # 广播 nc -k -l 8888 | while read line ; do echo $line; done # 订阅
复杂远程调用
cat << EOF | nc 127.0.0.1 80 GET / HTTP/1.1 Host: 127.0.0.1 EOF
指定网卡
tcpdump -i lo
指定IP
tcpdump host 192.168.1.101
指定通讯双方IP
tcpdump host 192.168.1.101 and \(192.168.1.102 or 192.168.1.103\)
排除IP
tcpdump host 192.168.1.102 and not 192.168.1.103
来源IP
tcpdump src host 192.168.1.102
目标IP
tcpdump dst host 192.168.1.102
指定端口
tcpdump port 80
TCP数据
tcpdump tcp
UDP数据
tcpdump udp
打印数据包内容
tcpdump -A
写入文件
tcpdump -w data.pcap
读取文件
tcpdump -r data.pcap
显示IP不显示域名
tcpdump -n
HTTP请求
sudo tcpdump -Xs 0 \(tcp[20:4]=0x47455420 or tcp[20:4]=0x504f5354 or tcp[20:4]=0x48545450\) and host 192.168.1.120 and port 80 sudo tcpdump -Xs 0 -i lo0 \(tcp[20:4]=0x47455420 or tcp[20:4]=0x504f5354 or tcp[20:4]=0x48545450\)
GUI工具
CocoaPacketAnalyzer SmartSniff Wireshark
更多参考
http://drops.wooyun.org/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8/8885