![在这里插入图片描述](https://img-blog.csdnimg.cn/20190717182356598.gif)
一、 TOS设备抓包命令以及注意事项:
NAT源地址转换抓目的地址,目的地址转换抓源地址,双向转换源和目的都抓,老tos的trunk抓包需要带上vlan,下一代NG可以不带,多抓抓就能看出效果了。>
1.抓包命令的格式以及使用方法:
System tcpdump –ni any 后续可以添加具体的ip(host)、端口(port)、应用层协议(tcp、udp)和逻辑关系(and、or)。
常用参数说明:
-n,不进行ip地址到主机名称的转换。
-i,需要监听的接口。(any为所有接口)
-e,显示数据包的2层信息。
-vvv,输出详细的内容。(v的个数没有限制)
-xxx,输出包头内容。(x的个数没有限制)
2.抓包范例与说明:
监听所有接口抓取与192.168.7.168相关的数据包,如下:
system tcpdump -ni any host 192.168.7.168
198# system tcpdump -ni any host 192.168.7.168
tcpdump: WARNING: Promiscuous mode not supported on the “any” device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 68 bytes
16:43:17.870968 X@dummy IP 192.168.7.198.23 > 192.168.7.168.57862: P 812682594:812682819(225) ack 3712242358 win 65494
16:43:17.871001 X@eth0 IP 192.168.7.198.23 > 192.168.7.168.57862: P 0:225(225) ack 1 win 65494
16:43:18.078489 R@eth0 IP 192.168.7.168.57862 > 192.168.7.198.23: . ack 225 win 64240
16:43:18.078507 X@dummy IP 192.168.7.198.23 > 192.168.7.168.57862: P 225:441(216) ack 1 win 65494
16:43:18.078513 X@eth0 IP 192.168.7.198.23 > 192.168.7.168.57862: P 225:441(216) ack 1 win 65494
监听所有接口抓取与192.168.7.168并且端口为23相关的数据包,如下:
system tcpdump -ni any host 192.168.7.168 and port 23
198# system tcpdump -ni any host 192.168.7.198 and port 23
tcpdump: WARNING: Promiscuous mode not supported on the “any” device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 68 bytes
16:49:48.610370 X@dummy IP 192.168.7.198.23 > 192.168.7.168.57862: P 812689585:812689810(225) ack 3712245552 win 65494
16:49:48.610407 X@eth0 IP 192.168.7.198.23 > 192.168.7.168.57862: P 0:225(225) ack 1 win 65494
16:49:48.822413 R@eth0 IP 192.168.7.168.57862 > 192.168.7.198.23: . ack 225 win 63168
16:49:48.822432 X@dummy IP 192.168.7.198.23 > 192.168.7.168.57862: P 225:441(216) ack 1 win 65494
16:49:48.822438 X@eth0 IP 192.168.7.198.23 > 192.168.7.168.57862: P 225:441(216) ack 1 win 65494
监听所有接口抓取与192.168.7.168相关的ping数据包,如下:
system tcpdump -ni any host 192.168.7.168 and icmp
198# system tcpdump -ni any host 192.168.7.198 and icmp
tcpdump: WARNING: Pr