使用tcpdump抓包和簡單的命令

2021-08-02 12:39:05 字數 2817 閱讀 3480

1:安裝

tcpdump

yum install -y tcpdump

2:監控某乙個網絡卡的流量

[root@dg-master ~]# tcpdump -i eth0

11:26:33.987299 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1496840:1497116, ack 937, win 141, length 276

11:26:33.987599 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [.], ack 1497116, win 521, length 0

11:26:33.987840 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1497116:1497392, ack 937, win 141, length 276

11:26:33.988530 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1497392:1497572, ack 937, win 141, length 180

11:26:33.988814 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1497572:1497752, ack 937, win 141, length 180

11:26:33.988934 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [.], ack 1497572, win 519, length 0

11:26:33.989025 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1497752:1498028, ack 937, win 141, length 276

11:26:33.989101 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1498028:1498208, ack 937, win 141, length 180

3:指定監控

ip

tcpdump host 192.168.100.142

11:58:25.783219 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [.], ack 464208, win 524, length 0

11:58:25.783475 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 464208:464612, ack 261, win 141, length 404

11:58:25.784555 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 464612:464776, ack 261, win 141, length 164

11:58:25.784765 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 464776:464940, ack 261, win 141, length 164

11:58:25.784907 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [.], ack 464776, win 522, length 0

11:58:25.78511:58:25.823012 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 477096:477372, ack 261, win 141, length 276

11:58:25.823156 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [p.], seq 261:313, ack 477096, win 522, length 52

11:58:25.823237 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [p.], seq 313:365, ack 477372, win 521, length 52

4:擷取本機和指定

ip的之間的通訊(和監控

ip一樣)

tcpdump -n -i eth0 host 192.168.100.100 and 192.168.100.142

5:監控進入本機的包

tcpdump -n -i eth0 dst 192.168.100.100

6:監控從本機出去的包

tcpdump -n -i eth0 src 192.168.100.100

7:過濾資訊

使用and和

or的組合

tcpdump -n -i eth0 src 192.168.100.100 or 192.168.100.142

tcpdump -n -i eth0 src 192.168.100.100 or 192.168.100.142 and port ! 22 and tcp

Tcpdump抓包命令使用

tcpdump命令需要使用root執行 檢視網絡卡命令 ifconfig 監視編址到指定埠的tcp或udp資料報,那麼執行以下命令 tcpdump i eth0 host 10.43.159.11 and port 8983 輸出資訊到檔案 tcpdump i eth0 host 10.43.159...

pfsense使用tcpdump抓包

前言 pfsense自帶有tcpdump抓包工具,根據版本的不同,區別在於老版本的可能不支援某些tcpdump的引數。使用之前可以檢視tcpdump help檢視支援的引數,在進一步進行配置。一 登入pfsense的web介面,開啟ssh。二 防火牆放行ssh。三 使用putty登入pfsense,...

使用 tcpdump 工具抓包

tcpdump 是一款 linux 平台的網路資料報截獲和分析工具,支援針對協議 主機 網口 埠等進行過濾。並且可以使用 and or not 等邏輯語句對過濾器進行組合,實現針對性截獲。使用 i 引數指定監聽的網口。不指定預設監聽第乙個 所以通常來講,這個引數都需要指定,因為不指定很可能抓不到,而...