zoukankan      html  css  js  c++  java

  • How To Capture Packets with TCPDUMP?

    http://linux-circles.blogspot.com/2012/11/how-to-capture-packets-with-tcpdump.html

    See the list of interfaces on which tcpdump can listen
    # /usr/sbin/tcpdump -D

    Listen on any available interface
    # /usr/sbin/tcpdump -i any

    Verbose Mode
    # /usr/sbin/tcpdump -v
    # /usr/sbin/tcpdump -vv
    # /usr/sbin/tcpdump -vvv
    # /usr/sbin/tcpdump -q

    Limit the capture to an number of  packets N
    # /usr/sbin/tcpdump -c N

    Display IP addresses and port numbers when capturing packets
    # /usr/sbin/tcpdump -n

    Capture any packets where the destination host is 192.168.0.1, display IP addresses and port numbers
    # /usr/sbin/tcpdump -n dst host 192.168.0.1

    Capture any packets where the source host is 192.168.0.1, display IP addresses and port numbers
    # /usr/sbin/tcpdump -n src host 192.168.0.1

    Capture any packets where the source or destination host is 192.168.0.1, display IP addresses and port numbers
    # /usr/sbin/tcpdump -n host 192.168.0.1

    Capture any packets where the destination network is 192.168.10.0/24, display IP addresses and port numbers
    # /usr/sbin/tcpdump -n dst net 192.168.10.0/24

    Capture any packets where the source network is 192.168.10.0/24, display IP addresses and port numbers
    # /usr/sbin/tcpdump -n src net 192.168.10.0/24

    Capture any packets where the source or destination network is 192.168.10.0/24,display IP addresses and port numbers
    # /usr/sbin/tcpdump -n net 192.168.10.0/24

    Capture any packets where the destination port is 23, display IP addresses and port numbers
    # /usr/sbin/tcpdump -n dst port 23

    Capture any packets where the destination port is is between 1 and 1023 inclusive, display IP addresses and port numbers
    # /usr/sbin/tcpdump -n dst portrange 1-1023

    Capture only TCP packets where the destination port is is between 1 and 1023 inclusive,display IP addresses and port numbers
    # /usr/sbin/tcpdump -n tcp dst portrange 1-1023

    Capture only UDP packets where the destination port is is between 1 and 1023 inclusive, display IP addresses and port numbers
    # /usr/sbin/tcpdump -n udp dst portrange 1-1023

    Capture any packets with destination IP 192.168.0.1 and destination port 23,display IP addresses and port numbers
    # /usr/sbin/tcpdump -n "dst host 192.168.0.1 and dst port 23"

    Capture any packets with destination IP 192.168.0.1 and destination port 80 or 443,display IP addresses and port numbers
    # /usr/sbin/tcpdump -n "dst host 192.168.0.1 and (dst port 80 or dst port 443)"

    Capture any ICMP packets
    # /usr/sbin/tcpdump -v icmp

    Capture any ARP packets
    # /usr/sbin/tcpdump -v arp

    Capture either ICMP or ARP packets
    # /usr/sbin/tcpdump -v "icmp or arp"

    Capture any packets that are broadcast or multicast
    # /usr/sbin/tcpdump -n "broadcast or multicast"

    Capture 500 bytes of data for each packet rather than the default of 68 bytes
    # /usr/sbin/tcpdump -s 500

    Capture all bytes of data within the packet
    # /usr/sbin/tcpdump -s 0

    Monitor all packets on eth1 interface
    # /usr/sbin/tcpdump -i eth1

    Monitor all traffic on port 80 ( HTTP )
    # /usr/sbin/tcpdump -i eth0 'port 80'

    Monitor all traffic on port 25 ( SMTP )
    # /usr/sbin/tcpdump -vv -x -X -s 1500 -i eth0 'port 25'

    Capture only N number of packets using tcpdump -c
    # /usr/sbin/tcpdump -c 2 -i eth0

    Display Captured Packets in ASCII using tcpdump -A
    # /usr/sbin/tcpdump -A -i eth0

    Display Captured Packets in HEX and ASCII using tcpdump -XX
    # /usr/sbin/tcpdump -XX -i eth0

    Capture the packets and write into a file using tcpdump -w
    # /usr/sbin/tcpdump -w data.pcap -i eth0
    .pcap is extension

    Reading the packets from a saved file using tcpdump -r
    # /usr/sbin/tcpdump -tttt -r data.pcap

    Capture packets with IP address using tcpdump -n
    # /usr/sbin/tcpdump -n -i eth0

    Capture packets with proper readable timestamp using tcpdump -tttt
    # /usr/sbin/tcpdump -n -tttt -i eth0

    Read packets longer than N bytes
    # /usr/sbin/tcpdump -w data.pcap greater 1024

    Read packets lesser than N bytes
    # /usr/sbin/tcpdump -w data1024.pcap  less 1024

    Receive only the packets of a specific protocol type
    # /usr/sbin/tcpdump -i eth0 arp

    Receive packets flows on a particular port using tcpdump port
    # /usr/sbin/tcpdump -i eth0 port 22

    Capture packets for particular destination IP and Port
    # /usr/sbin/tcpdump -w data.pcap -i eth0 dst 10.181.140.216 and port 22

    Capture TCP communication packets between two hosts
    # /usr/sbin/tcpdump -w data.pcap -i eth0 dst 16.181.170.246 and port 22

    Tcpdump Filter Packets – Capture all the packets other than arp and rarp
    # /usr/sbin/tcpdump -i eth0 not arp and not rarp
  • 相关阅读:
    thinkphp 前后端分离
    git常用命令总结
    DIV常用属性大全
    shell编程学习之使用jq对json数据进行提取
    shell编程之if语句
    shell编程之变量赋值
    【总结】sqli-labs Less(1-35) 小结
    【总结】sqlmap常用命令
    【总结】kali(amd64)中安装nessus
    【总结】ettercap工具之DNS劫持
  • 原文地址:https://www.cnblogs.com/forcheryl/p/4067828.html
Copyright © 2011-2022 走看看