抓包工具 tcpdump tshark

安装tcpdump组件

[root@localhost ~]# yum install -y tcpdump

抓包

抓10个包，网卡为eth0，协议是tcp，端口是22，源IP是192.168.10.18，结果写入1.txt

[root@localhost ~]# tcpdump -nn -c10 -i eth0 tcp and port 22 and host 192.168.10.18 -w 1.txt

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

10 packets captured

29 packets received by filter

0 packets dropped by kernel

读取1.txt的内容，只能查看到数据流

抓10个包，网卡为eth0，协议是tcp，端口是22，源IP是192.168.10.18

>  重定向数据包

[root@localhost ~]# tcpdump -nn -c10 -i eth0 tcp and port 22 and host 192.168.10.18 > 2.txt

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

10 packets captured

10 packets received by filter

0 packets dropped by kernel

cat  查看结果，只可以查看到数据流，-w参数可以保存完整数据包

抓包工具tshark常用命令

[root@localhost ~]# tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"

转载于:https://blog.51cto.com/hhx012/1726778