一般抓包分析的过程是tcpdump抓包保存成.cap文件然后用wireshark导入文件分析,今天这篇文章就讲下怎么单独用tcpdump抓包分析
-X When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
上面内容是在Linux上通过man tcpdump 命令查到的,当然也可以查看官网http://www.tcpdump.org/manpages/tcpdump.1.html
tcpdump 的-X 命令就是解析打印包的数据,对于不能用wireshark分析时特别有用。
tcpdump -X port 514
查看源端口或者目标端口是514的包
Here is the opening portion of an rlogin from host rtsg to host csam.
IP rtsg.1023 > csam.login: Flags [S], seq 768512:768512, win 4096, opts [mss 1024]
IP csam.login > rtsg.1023: Flags [S.], seq, 947648:947648, ack 768513, win 4096, opts [mss 1024]
IP rtsg.1023 > csam.login: Flags [.], ack 1, win 4096
IP rtsg.1023 > csam.login: Flags [P.], seq 1:2, ack 1, win 4096, length 1
IP csam.login > rtsg.1023: Flags [.], ack 2, win 4096