Linux的各种抓包情况

tcpdump

抓包的主要目的是测试端口、网络协议通不通,以及对抓取的数据包进行分析、测试

1、抓取主机上所有来自四面八方的数据包

[root@AAA-caiji1 Log]# tcpdump

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:37:02.100344 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, 
Unknown Command (202), id: 0xa4 length: 345
11:37:02.100352 IP 133.38.7.145.11811 > 133.37.22.83.radius: RADIUS, 
Unknown Command (137), id: 0x9b length: 33

2、抓取本机指定网卡上的数据包,-i 指定的本机网卡eth0

[root@AAA-caiji1 Log]# tcpdump -i eth0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:03:12.238556 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, 
Unknown Command (177), id: 0x49 length: 480
10:03:12.238559 IP 133.38.7.146.11811 > 133.37.22.83.radius: RADIUS, 
Unknown Command (93), id: 0x27 length: 524

3、监听本机端口数据包,指定网卡eth0,端口1812

[root@AAA-caiji1 Log]# tcpdump -i eth0 -s 0 port 1812

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:46:41.940333 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, 	
Unknown Command (130), id: 0x14 length: 606
11:46:41.940333 IP 133.38.7.146.11811 > 133.37.22.83.radius: RADIUS, 
Unknown Command (160), id: 0xe4 length: 33
11:46:41.940894 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, 
Unknown Command (131), id: 0x14 length: 606

4、ICMP协议数据包(从一台主机对本机发起的ping)

[root@AAA-caiji1 Log]# tcpdump host 133.37.22.84
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:49:12.200801 IP 133.37.22.84 > 133.37.22.83: ICMP echo request, id 18010, 
seq 	1, length 64
11:49:12.200954 IP 133.37.22.83 > 133.37.22.84: ICMP echo reply, id 18010, 
seq 1, length 64

5、抓取来自于某个主机的数据包,src host x.x.x.x

[root@AAA-caiji1 Log]# tcpdump -i eth0 src host 133.38.7.144
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:00:06.768507 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, 
Unknown Command (134), id: 0x22 length: 602
12:00:06.769007 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS,
 Unknown Command (135), id: 0x22 length: 344
12:00:06.769400 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS,
Unknown Command (136), id: 0x22 length: 288

6、抓包生成文件保存,将端口1812上抓到的包保存为b.cap文件,-w xxx.cap

[root@AAA-caiji1 Log]# tcpdump -i eth0 -s 0 port 1812 -w b.cap 

抓包文件分析软件:Wireshark,对于各种抓包报文的解析规则,涉及更深层次的协议知识

摘自:https://www.cnblogs.com/leocorn/p/9797213.html

  • 1
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值