zoukankan      html  css  js  c++  java
  • tcpdump

    tcpdump [options] 过滤条件

    获取报文的条件:        
            
    ip src host 172.16.100.1
    tcp src or dst port 21

    udp dst port 53

    tcp src or dst port 21 AND src host 172.16.100.1

    tcp port 21 AND host 172.16.100.1
            
            
            

    tcpdump的语法:
    tcpdump [options] [Protocol] [Direction] [Host(s)] [Value] [Logical Operations] [Other expression]

    Protocol(协议):
    Values(取值): ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp and udp.
    If no protocol is specified, all the protocols are used.

    Direction(流向):
    Values(取值): src, dst, src and dst, src or dst
    If no source or destination is specified, the "src or dst" keywords are applied. (默认是src or dst)
    For example, "host 10.2.2.2" is equivalent to "src or dst host 10.2.2.2".


    Host(s)(主机):
    Values(替代关键字): net, port, host, portrange.
    If no host(s) is specified, the "host" keyword is used. 默认如果此段没有指定关键字,默认即host。
    For example, "src 10.1.1.1" is equivalent to "src host 10.1.1.1".


    Logical Operations:
    (1) AND
    and or &&
    (2) OR
    or or ||
    (3) EXCEPT
    not or !


    常用选项:

    -i any : Listen on all interfaces just to see if you're seeing any traffic.
    -n : Don't resolve hostnames.
    -nn : Don't resolve hostnames or port names.
    -X : Show the packet's contents in both hex and ASCII.
    -XX : Same as -X, but also shows the ethernet header.
    -v, -vv, -vvv : Increase the amount of packet information you get back.
    -c # : Only get x number of packets and then stop.
    -s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less.
    -S : Print absolute sequence numbers.
    -e : Get the ethernet header as well.
    -q : Show less protocol information.
    -E : Decrypt IPSEC traffic by providing an encryption key.
    -A :Display Captured Packets in ASCII
    -w /path/to/some_file : Capture the packets and write into a file
    -r /path/from/some_file : Reading the packets from a saved file
    -tttt : Capture packets with proper readable timestamp


    ip host 172.16.100.1
    ip src host 172.16.100.1
    ip dst host 172.16.100.1
    ip src and dst host 172.16.100.1

    tcp src port 110

    协议报文分析器:
        sniffer: 商业工具

    tcpdump, wireshark(GUI), tshark(CLI)

  • 相关阅读:
    LINUX中SHELL批量导入文件到DB2数据库
    LINUX使用SHELL对DB2数据库中的大表中的非月末数据进行分离
    LINUX之SHELL进行数据检查和调用存储过程
    LINUX中使用SHELL重跑DB2存储过程
    SHELL中自动备份DB2架构
    使用SHELL对DB2数据库表空间进行自动扩容
    LINUX系统中根据DB2名称杀掉进程
    LINUX下SHELL调用DB2公共函数之public_s.sh
    pycurl之调用公共方法--请求/上传/下载,解析json
    pyspark常用函数
  • 原文地址:https://www.cnblogs.com/jjzd/p/5874795.html
Copyright © 2011-2022 走看看