tcpdump Demo

最新推荐文章于 2021-09-13 15:40:57 发布

weixin_30723433

最新推荐文章于 2021-09-13 15:40:57 发布

阅读量138

点赞数

文章标签：网络

原文链接：http://www.cnblogs.com/lxw0109/p/tcpdump.html

版权

tcpdump Demo

lxw ~$ tcpdump -i eth0
tcpdump: eth0: You don't have permission to capture on that device
(socket: Operation not permitted)
lxw ~$ sudo tcpdump -i eth0 -c 2    #-i指定监听接口interface   -c指定监听个数
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:43:32.336082 IP6 fe80::7520:2ee6:ac6f:c9a4.55407 > ff02::1:3.hostmon: UDP, length 22
15:43:32.336178 IP 192.168.236.1.61092 > 224.0.0.252.hostmon: UDP, length 22
2 packets captured
11 packets received by filter
0 packets dropped by kernel
lxw ~$ sudo tcpdump -i eth0 -c 3 -w 20141227_1546.pcap    #-w写入文件
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
3 packets captured
11 packets received by filter
0 packets dropped by kernel
lxw ~$ tcpdump -r 20141227_1546.pcap     #-r从文件中读取
reading from file 20141227_1546.pcap, link-type EN10MB (Ethernet)
15:47:20.602350 IP 192.168.236.156.21639 > 192.168.236.2.domain: 21637+ A? tiles.services.mozilla.com. (44)
15:47:20.603151 IP 192.168.236.156.24878 > 192.168.236.2.domain: 24280+ AAAA? tiles.services.mozilla.com. (44)
15:47:20.606409 IP 192.168.236.156.10932 > 192.168.236.2.domain: 59168+ A? tiles.services.mozilla.com. (44)
lxw ~$ sudo tcpdump -i eth0 -tttt    #-t/-tt/-ttt/-tttt/-ttttt时间戳（各个含义，参见man tcpdump)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
2014-12-27 15:58:15.480571 IP 192.168.236.156.56103 > assets-ubuntu-com.eggfruit.canonical.com.http: Flags [.], ack 967272532, win 30248, length 0
...
76 packets captured
83 packets received by filter
0 packets dropped by kernel
lxw ~$ sudo tcpdump -i eth0 arp        #指定抓包的协议类型（ip/ip6/arp/tcp/udp)
lxw ~$ sudo tcpdump -i eth0 tcp and port 80    #指定抓包端口port
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:04:46.460864 IP 192.168.236.156.55641 > 59.24.3.173.http: Flags [S], seq 3612921085, win 29200, options [mss 1460,sackOK,TS val 1308393 ecr 0,nop,wscale 7], length 0
lxw ~$ sudo tcpdump -i eth0 tcp and src 192.168.236.156 and port 80

Reference:

tcpdump使用9个实例: http://blog.csdn.net/zj0910/article/details/12869977

转载于:https://www.cnblogs.com/lxw0109/p/tcpdump.html

weixin_30723433

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
tcpdump Demo

tcpdump Demolxw ~$ tcpdump -i eth0tcpdump: eth0: You don't have permission to capture on that device(socket: Operation not permitted)lxw ~$ sudo tcpdump -i eth0 -c 2 #-i指定监听接口interface ...
复制链接

扫一扫