zoukankan      html  css  js  c++  java
  • Tcpdump usage examples

    In most cases you will need root permission to be able to capture packets on an interface. Using tcpdump (with root) to capture the packets and saving them to a file to analyze with Wireshark (using a regular account) is recommended over using Wireshark with a root account to capture packets on an "untrusted" interface. See theWireshark security advisories for reasons why.

    ========================================================================================================

    See the list of interfaces on which tcpdump can listen:

    tcpdump -D

    Listen on interface eth0:

    tcpdump -i eth0

    Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater):

    tcpdump -i any

    Be verbose while capturing packets:

    tcpdump -v

    Be more verbose while capturing packets:

    tcpdump -vv

    Be very verbose while capturing packets:

    tcpdump -vvv

    Be less verbose (than the default) while capturing packets:

    tcpdump -q

    Limit the capture to 100 packets:

    tcpdump -c 100

    Record the packet capture to a file called capture.cap:

    tcpdump -w capture.cap

    Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time:

    tcpdump -v -w capture.cap

    Display the packets of a file called capture.cap:

    tcpdump -r capture.cap

    Display the packets using maximum detail of a file called capture.cap:

    tcpdump -vvv -r capture.cap

    Display IP addresses and port numbers instead of domain and service names when capturing packets:

    tcpdump -n

    Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:

    tcpdump -n dst host 192.168.1.1

    Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers:

    tcpdump -n src host 192.168.1.1

    Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers:

    tcpdump -n host 192.168.1.1

    Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers:

    tcpdump -n dst net 192.168.1.0/24

    Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers:

    tcpdump -n src net 192.168.1.0/24

    Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers:

    tcpdump -n net 192.168.1.0/24

    Capture any packets where the destination port is 23. Display IP addresses and port numbers:

    tcpdump -n dst port 23

    Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

    tcpdump -n dst portrange 1-1023

    Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

    tcpdump -n tcp dst portrange 1-1023

    Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

    tcpdump -n udp dst portrange 1-1023

    Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers:

    tcpdump -n "dst host 192.168.1.1 and dst port 23"

    Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers:

    tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)"

    Capture any ICMP packets:

    tcpdump -v icmp

    Capture any ARP packets:

    tcpdump -v arp

    Capture either ICMP or ARP packets:

    tcpdump -v "icmp or arp"

    Capture any packets that are broadcast or multicast:

    tcpdump -n "broadcast or multicast"

    Capture 500 bytes of data for each packet rather than the default of 68 bytes:

    tcpdump -s 500

    Capture all bytes of data within the packet:

    tcpdump -s 0

  • 相关阅读:
    js获取base64格式图片预览上传并用php保存到本地服务器指定文件夹
    matplotlib等值线显示
    Matplotlib调用imshow()函数绘制热图
    tensorflow 卷积神经网络预测手写 数字
    tensorflow 参数初始化
    matplotlib 读取图形数据
    tensorflow载入数据的三种方式
    tf.get_variable函数的使用
    TF-卷积函数 tf.nn.conv2d 介绍
    Git 常用命令
  • 原文地址:https://www.cnblogs.com/oskb/p/3785891.html
Copyright © 2011-2022 走看看