当前位置:网站首页>Super easy to use packet capturing tool tcpdump
Super easy to use packet capturing tool tcpdump
2022-07-23 12:49:00 【hgswnsa】
tcpdump Simple use
tcpdump What is it? ?
tcpdump yes Linux In the character interface of packet capture analysis software
How do you use it? ?
Installation is required first
yum install tcpdump -y
Let's first see what parameters it has , These parameters are usually used for filtering 
1、option Optional parameters
2、proto Class filter : Filter by protocol
3、direction Class filter : Filter according to the data flow direction
4、type Class filter : These words need to be followed by parameters
Analysis of packet structure captured
22:29:32.698761 IP 192.168.2.143.53629 > localhost.localdomain.ssh: Flags [P.], seq 37:73, ack 292188, win 4106, length 36
First column : Time ( Hours, minutes, seconds, milliseconds ),22:29:32.698761
Second column : Network protocol ,IP
The third column : The address of the sender , among 192.168.2.143 yes ip, and 53629 It's the port number
The fourth column : arrow >, Indicates the flow of data
The fifth column : Address of the receiving party ,localhost.localdomain.ssh
The sixth column : The colon
The seventh column : Packet content , Include Flags identifier ,seq Number ,ack Number ,win window , Data length length, among [P.] Express PUSH Sign bit is 1
Easy to use
Grab ens33 Data packets of
tcpdump -i ens33
Show more details
tcpdump -i ens33 -vv
Show mac Address
tcpdump -i ens33 -e
According to the source mac Address to grab packets
tcpdump -i ens33 ether src 00:0c:29:ae:fd:42
According to the source ip Grab the bag
Two virtual machines are needed , virtual machine A Go to ping, virtual machine B Go and grab the bag
virtual machine A Of ip by 192.168.2.170, virtual machine B Of ip by 192.168.2.127
virtual machine A: ping 192.168.2.127
virtual machine B: tcpdump -i ens33 icmp and src 192.168.2.170
Store the data in a file and read
# Store the packet capturing data in the file
tcpdump -i ens33 -w test.pcap icmp and src 192.168.2.170
# View file type
[[email protected] ~]# file test.pcap
test.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 262144)
# Read the file
tcpdump -r test.pcap
边栏推荐
猜你喜欢
HCIP---OSPF细节讲解
![[bootloader architecture and brushing process based on UDS service]](/img/c7/de4f1e32f89173e18d74d2f624f3f9.png)
[bootloader architecture and brushing process based on UDS service]
Common sort exchange sort
C#:快速排序,有相同的数字会忽略,然后继续先前的寻找方向去找下一个满足要求的数字进行替换
HCIP---BGP相关配置(联邦篇)
MySQL performance optimization, index optimization
C#(CSharp) 微信公众号开发一 基本配置
Unity3d:场景加载 GameObejct上脚本执行顺序
学习日记——(路由与交换技术)OSPF协议
C #: TOPK: take the largest 100 before 10000 numbers, and sort the heap
随机推荐
hot 100 动态规划
Understanding of LSM tree (log structured merge tree)
Unity3d: special effect object pool, timeout delete GameObject in the pool, GC weight
整数乘以整数溢出了
【读书笔记《凤凰架构》- 构架可靠的大型分布式系统.周志明】(一)
0动态规划 LeetCode918. 环形子数组的最大和
MySQL性能优化,索引优化
PDF在线预览,pdf.js的使用
浅析互联网协议(一)
剑指 Offer做题总结
C custom queue set
Analyze redis server
第一篇试水--*offer
Analysis of Internet Protocol (I)
剑*offer—— 链表逆序
C#:快速排序,有相同的数字会忽略,然后继续先前的寻找方向去找下一个满足要求的数字进行替换
Take go language as an example to explain [performance analysis] by analogizing detective reasoning
Basic knowledge of high voltage technology
Explain the establishment of TCP connection in detail
C #: TOPK: take the largest 100 before 10000 numbers, and sort the heap