tcpdump命令使用笔记

TCPDUMP

抓包

//常用命令 -i 指定网卡 -s 抓取数据包时默认抓取长度为68字节。加上-S 0 后可以抓到完整的数据包
// -w 保存生成cap文件
// 抓取通过ens33的所有的数据包并写入a.cap文件
[root@server1 ~]# tcpdump -i ens33 -s 0 -w a.cap

//读取抓包文件  a.cap
[root@server1 ~]# tcpdump -r a.cap
reading from file a.cap, link-type EN10MB (Ethernet)
18:43:29.273974 IP server1.ssh > 192.168.184.5.57143: Flags [P.], seq 1086036389:1086036533, ack 3544899263, win 361, length 144
18:43:29.316101 IP 192.168.184.5.57143 > server1.ssh: Flags [.], ack 144, win 4103, length 0
18:43:30.948191 ARP, Request who-has gateway tell 192.168.184.5, length 46
18:43:31.670694 IP 192.168.184.5.51948 > 239.255.255.250.ssdp: UDP, length 174
18:43:31.941220 ARP, Request who-has gateway tell 192.168.184.5, length 46
18:43:32.076921 ARP, Request who-has gateway tell server1, length 28
18:43:32.673540 IP 192.168.184.5.51948 > 239.255.255.250.ssdp: UDP, length 174
18:43:32.939057 ARP, Request who-has gateway tell 192.168.184.5, length 46
18:43:33.080422 ARP, Request who-has gateway tell server1, length 28
18:43:33.686722 IP 192.168.184.5.51948 > 239.255.255.250.ssdp: UDP, length 174
18:43:34.082794 ARP, Request who-has gateway tell server1, length 28
18:43:34.694872 IP 192.168.184.5.51948 > 239.255.255.250.ssdp: UDP, length 174
18:43:37.086678 ARP, Request who-has gateway tell server1, length 28
18:43:38.090630 ARP, Request who-has gateway tell server1, length 28
18:43:39.092816 ARP, Request who-has gateway tell server1, length 28
18:43:42.095743 ARP, Request who-has gateway tell server1, length 28
18:43:43.103215 ARP, Request who-has gateway tell server1, length 28
18:43:44.105889 ARP, Request who-has gateway tell server1, length 28
18:43:47.102772 ARP, Request who-has gateway tell server1, length 28
18:43:48.117597 ARP, Request who-has gateway tell server1, length 28
18:43:49.121829 ARP, Request who-has gateway tell server1, length 28
18:43:52.108708 ARP, Request who-has gateway tell server1, length 28
18:43:53.118840 ARP, Request who-has gateway tell server1, length 28
18:43:54.124502 ARP, Request who-has gateway tell server1, length 28
18:44:53.176117 ARP, Request who-has gateway tell server1, length 28
18:44:54.184885 ARP, Request who-has gateway tell server1, length 28
18:44:55.191626 ARP, Request who-has gateway tell server1, length 28
18:44:58.190162 ARP, Request who-has gateway tell server1, length 28
18:44:59.196030 ARP, Request who-has gateway tell server1, length 28
18:45:00.201469 ARP, Request who-has gateway tell server1, length 28
18:45:02.593327 IP 192.168.184.5 > server1: ICMP echo request, id 1, seq 8, length 40
18:45:02.593370 IP server1 > 192.168.184.5: ICMP echo reply, id 1, seq 8, length 40
18:45:03.205146 ARP, Request who-has gateway tell server1, length 28
18:45:03.602563 IP 192.168.184.5 > server1: ICMP echo request, id 1, seq 9, length 40
18:45:03.602616 IP server1 > 192.168.184.5: ICMP echo reply, id 1, seq 9, length 40
18:45:04.213494 ARP, Request who-has gateway tell server1, length 28
18:45:05.220951 ARP, Request who-has gateway tell server1, length 28
18:45:07.444646 ARP, Request who-has server1 (00:0c:29:70:90:5b (oui Unknown)) tell 192.168.184.5, length 46
18:45:07.444684 ARP, Reply server1 is-at 00:0c:29:70:90:5b (oui Unknown), length 28
18:45:08.220227 ARP, Request who-has gateway tell server1, length 28
18:45:09.222470 ARP, Request who-has gateway tell server1, length 28
18:45:10.231600 ARP, Request who-has gateway tell server1, length 28
18:45:13.239104 ARP, Request who-has gateway tell server1, length 28
18:45:14.245171 ARP, Request who-has gateway tell server1, length 28
18:45:15.253412 ARP, Request who-has gateway tell server1, length 28
18:45:15.955195 ARP, Request who-has gateway tell 192.168.184.5, length 46
18:45:16.945504 ARP, Request who-has gateway tell 192.168.184.5, length 46
18:45:17.946849 ARP, Request who-has gateway tell 192.168.184.5, length 46
18:45:18.249955 ARP, Request who-has gateway tell server1, length 28
18:45:19.252996 ARP, Request who-has gateway tell server1, length 28
18:45:20.256058 ARP, Request who-has gateway tell server1, length 28
18:45:23.264504 ARP, Request who-has gateway tell server1, length 28
18:45:24.270064 ARP, Request who-has gateway tell server1, length 28
18:45:25.273041 ARP, Request who-has gateway tell server1, length 28
18:45:28.271986 ARP, Request who-has gateway tell server1, length 28
18:45:29.273651 ARP, Request who-has gateway tell server1, length 28
18:45:30.289137 ARP, Request who-has gateway tell server1, length 28
18:45:31.678263 IP 192.168.184.5.62842 > 239.255.255.250.ssdp: UDP, length 174
18:45:32.684453 IP 192.168.184.5.62842 > 239.255.255.250.ssdp: UDP, length 174
18:45:33.291291 ARP, Request who-has gateway tell server1, length 28
18:45:33.686495 IP 192.168.184.5.62842 > 239.255.255.250.ssdp: UDP, length 174
18:45:34.294572 ARP, Request who-has gateway tell server1, length 28
18:45:34.691226 IP 192.168.184.5.62842 > 239.255.255.250.ssdp: UDP, length 174
18:45:35.301236 ARP, Request who-has gateway tell server1, length 28
18:45:38.299435 ARP, Request who-has gateway tell server1, length 28
18:45:39.120858 IP 192.168.184.5.57143 > server1.ssh: Flags [P.], seq 1:65, ack 144, win 4103, length 64

//查看ens33的22端口通过的流量
[root@server1 ~]# tcpdump -i ens33 port 80

tcpdump -n src/des host 192.168.184.200 -r a.cap

Linux常用命令

tcpdump命令使用笔记

TCPDUMP

相关

linux常用命令

Linux常用命令--时间与任务

Linux常用命令--网络与进程管理

Linux常用命令

Linux常用命令和常见问题解决<------>第一章

Linux常用命令英文全称与中文解释Linux系统（Linux 入门）

Linux常用命令

linux常用命令-查看端口占用/查看pid/kill进程

Linux常用命令

Linux常用命令大全

Linux常用命令

Linux常用命令

标签