- tcpdump 工具
运行命令如下所示:
# tcpdump -nn -i ens33
14:12:34.681868 IP 192.168.174.130.22 > 192.168.174.1.54123: Flags [P.], seq 591164:591440, ack 105, win 296, length 276
14:12:34.682108 IP 192.168.174.1.54123 > 192.168.174.130.22: Flags [.], ack 591164, win 2053, length 0
14:12:34.682129 IP 192.168.174.130.22 > 192.168.174.1.54123: Flags [P.], seq 591440:591620, ack 105, win 296, length 180
14:12:34.682269 IP 192.168.174.130.22 > 192.168.174.1.54123: Flags [P.], seq 591620:591896, ack 105, win 296, length 276
14:12:34.682888 IP 192.168.174.1.54123 > 192.168.174.130.22: Flags [.], ack 591620, win 2051, length 0
14:12:34.682923 IP 192.168.174.130.22 > 192.168.174.1.54123: Flags [P.], seq 591896:592076, ack 105, win 296, length 180
14:12:34.683409 IP 192.168.174.1.54123 > 192.168.174.130.22: Flags [.], ack 592076, win 2049, length 0
14:12:34.683551 IP 192.168.174.130.22 > 192.168.174.1.54123: Flags [P.], seq 592076:592464, ack 105, win 296, length 388
14:12:34.684623 IP 192.168.174.130.22 > 192.168.174.1.54123: Flags [P.], seq 592464:592644, ack 105, win 296, length 180
14:12:34.685150 IP 192.168.174.1.54123 > 192.168.174.130.22: Flags [P.], seq 105:157, ack 592464, win 2048, length 52
14:12:34.685177 IP 192.168.174.130.22 > 192.168.174.1.54123: Flags [P.], seq 592644:592824, ack 157, win 296, length 180
^C
3630 packets captured
3631 packets received by filter
0 packets dropped by kernel
[root@localhost ~]# tcpdump -nn -i ens33
-nn 让第3列和第4列显示成IP + 端口号的形式
-i 设备名称
2 wireshark工具
[root@localhost ~]# yum install -y wireshark
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.cn99.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package wireshark.x86_64 0:1.10.14-14.el7 will be installed
--> Processing Dependency: libgnutls.so.28(GNUTLS_1_4)(64bit) for package: wireshark-1.10.14-14.el7.x86_64
--> Processing Dependency: libsmi.so.2()(64bit) for package: wireshark-1.10.14-14.el7.x86_64
--> Processing Dependency: libgnutls.so.28()(64bit) for package: wireshark-1.10.14-14.el7.x86_64
--> Processing Dependency: libcares.so.2()(64bit) for package: wireshark-1.10.14-14.el7.x86_64
--> Running transaction check
---> Package c-ares.x86_64 0:1.10.0-3.el7 will be installed
---> Package gnutls.x86_64 0:3.3.26-9.el7 will be installed
--> Processing Dependency: trousers >= 0.3.11.2 for package: gnutls-3.3.26-9.el7.x86_64
--> Processing Dependency: libnettle.so.4()(64bit) for package: gnutls-3.3.26-9.el7.x86_64
--> Processing Dependency: libhogweed.so.2()(64bit) for package: gnutls-3.3.26-9.el7.x86_64
---> Package libsmi.x86_64 0:0.4.8-13.el7 will be installed
--> Running transaction check
---> Package nettle.x86_64 0:2.7.1-8.el7 will be installed
---> Package trousers.x86_64 0:0.3.14-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================
Package Arch Version Repository Size
==============================================================================================
Installing:
wireshark x86_64 1.10.14-14.el7 base 13 M
Installing for dependencies:
c-ares x86_64 1.10.0-3.el7 base 78 k
gnutls x86_64 3.3.26-9.el7 base 677 k
libsmi x86_64 0.4.8-13.el7 base 2.3 M
nettle x86_64 2.7.1-8.el7 base 327 k
trousers x86_64 0.3.14-2.el7 base 289 k
Transaction Summary
==============================================================================================
Install 1 Package (+5 Dependent packages)
Total download size: 16 M
Installed size: 87 M
Downloading packages:
(1/6): c-ares-1.10.0-3.el7.x86_64.rpm | 78 kB 00:00:00
(2/6): gnutls-3.3.26-9.el7.x86_64.rpm | 677 kB 00:00:01
(3/6): nettle-2.7.1-8.el7.x86_64.rpm | 327 kB 00:00:00
(4/6): trousers-0.3.14-2.el7.x86_64.rpm | 289 kB 00:00:01
(5/6): wireshark-1.10.14-14.el7.x86_64.rpm | 13 MB 00:00:02
(6/6): libsmi-0.4.8-13.el7.x86_64.rpm | 2.3 MB 00:00:06
----------------------------------------------------------------------------------------------
Total 2.5 MB/s | 16 MB 00:00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : nettle-2.7.1-8.el7.x86_64 1/6
Installing : c-ares-1.10.0-3.el7.x86_64 2/6
Installing : libsmi-0.4.8-13.el7.x86_64 3/6
Installing : trousers-0.3.14-2.el7.x86_64 4/6
Installing : gnutls-3.3.26-9.el7.x86_64 5/6
Installing : wireshark-1.10.14-14.el7.x86_64 6/6
Verifying : trousers-0.3.14-2.el7.x86_64 1/6
Verifying : libsmi-0.4.8-13.el7.x86_64 2/6
Verifying : wireshark-1.10.14-14.el7.x86_64 3/6
Verifying : c-ares-1.10.0-3.el7.x86_64 4/6
Verifying : nettle-2.7.1-8.el7.x86_64 5/6
Verifying : gnutls-3.3.26-9.el7.x86_64 6/6
Installed:
wireshark.x86_64 0:1.10.14-14.el7
Dependency Installed:
c-ares.x86_64 0:1.10.0-3.el7 gnutls.x86_64 0:3.3.26-9.el7 libsmi.x86_64 0:0.4.8-13.el7
nettle.x86_64 0:2.7.1-8.el7 trousers.x86_64 0:0.3.14-2.el7
Complete!
[root@localhost ~]# tshark
Running as user "root" and group "root". This could be dangerous.
Capturing on 'bluetooth0'