zoukankan      html  css  js  c++  java

  • tcpdump

    tcpdump -i 指定网卡

    [root@rstx-53 ~]# tcpdump -i eth0 |head 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:37:02.451244 IP harbor.rongbiz.cn.ssh > 192.168.1.36.53030: Flags [P.], seq 2314108372:2314108584, ack 1927612083, win 274, length 212
09:37:02.451930 IP 192.168.1.36.53030 > harbor.rongbiz.cn.ssh: Flags [.], ack 212, win 8210, length 0
09:37:02.464063 IP6 fe80::41e7:678c:c4f1:534a.61063 > ff02::c.ssdp: UDP, length 146
09:37:02.472388 ARP, Request who-has 192.168.1.203 tell 192.168.1.202, length 46

    tcpdump -i eth0 tcp port 80 指定tcp的80端口 也可以udp

    [root@rstx-53 ~]# tcpdump -i eth0 port 80 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:38:12.937963 IP 192.168.1.36.53851 > harbor.rongbiz.cn.http: Flags [S], seq 2660181074, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:38:12.938021 IP harbor.rongbiz.cn.http > 192.168.1.36.53851: Flags [S.], seq 3832396717, ack 2660181075, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
09:38:12.938231 IP 192.168.1.36.53851 > harbor.rongbiz.cn.http: Flags [.], ack 1, win 8212, length 0
09:38:12.938466 IP 192.168.1.36.53851 > harbor.rongbiz.cn.http: Flags [P.], seq 1:517, ack 1, win 8212, length 516: HTTP: GET / HTTP/1.1
09:38:12.938493 IP harbor.rongbiz.cn.http > 192.168.1.36.53851: Flags [.], ack 517, win 237, length 0

    tcpdump -i eth0 port 80 -n 不把ip解析成主机名 -c 5 抓取5次

    [root@rstx-53 ~]# tcpdump -i eth0 port 80 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:46:47.847784 IP 192.168.1.36.53966 > 192.168.1.53.http: Flags [S], seq 3403842321, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:46:47.847848 IP 192.168.1.53.http > 192.168.1.36.53966: Flags [S.], seq 1289147910, ack 3403842322, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
09:46:47.848812 IP 192.168.1.36.53966 > 192.168.1.53.http: Flags [.], ack 1, win 1026, length 0
09:46:47.849057 IP 192.168.1.36.53966 > 192.168.1.53.http: Flags [P.], seq 1:517, ack 1, win 1026, length 516: HTTP: GET / HTTP/1.1
09:46:47.849083 IP 192.168.1.53.http > 192.168.1.36.53966: Flags [.], ack 517, win 237, length 0

    tcpdump -i eth0 port 80 -nn 不把端口解析成应用协议

    [root@rstx-53 ~]# tcpdump -i eth0 port 80 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:48:13.723863 IP 192.168.1.36.53990 > 192.168.1.53.80: Flags [S], seq 3568546736, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:48:13.723935 IP 192.168.1.53.80 > 192.168.1.36.53990: Flags [S.], seq 1815102753, ack 3568546737, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
09:48:13.724284 IP 192.168.1.36.53990 > 192.168.1.53.80: Flags [.], ack 1, win 8212, length 0
09:48:13.724539 IP 192.168.1.36.53990 > 192.168.1.53.80: Flags [P.], seq 1:517, ack 1, win 8212, length 516: HTTP: GET / HTTP/1.1
09:48:13.724580 IP 192.168.1.53.80 > 192.168.1.36.53990: Flags [.], ack 517, win 237, length 0
09:48:13.724773 IP 192.168.1.53.80 > 192.168.1.36.53990: Flags [.], seq 1:1461, ack 517, win 237, length 1460: HTTP: HTTP/1.1 200 OK
09:48:13.724843 IP 192.168.1.53.80 > 192.168.1.36.53990: Flags [P.], seq 1461:1999, ack 517, win 237, length 538: HTTP

    tcpdump -i eth0 port 80 -nn -S 不把随机序列和确认序列解析成绝对值 tcp三次握手 seq ack 不解析绝对值

    [root@rstx-53 ~]# tcpdump -i eth0 port 80 -nn -S
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:51:56.485521 IP 192.168.1.36.54023 > 192.168.1.53.80: Flags [S], seq 969278663, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:51:56.485581 IP 192.168.1.53.80 > 192.168.1.36.54023: Flags [S.], seq 2393512392, ack 969278664, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
09:51:56.485821 IP 192.168.1.36.54023 > 192.168.1.53.80: Flags [.], ack 2393512393, win 8212, length 0
  • 相关阅读:
    问题 Duplicate entry '0' for key 'PRIMARY'
    java中转译符用"\"的几种特殊字符
    mysql在查询中常见问题汇总
    linux msql
    shell 简单的比大小脚本
    wordpress的备份与还原
    wordpress的创建
    6、httpd服务的安装、配置
    5、Linux下面桌面的安装
    4、时间同步ntp服务的安装于配置(作为客户端的配置)
  • 原文地址:https://www.cnblogs.com/yangtao416/p/14536186.html
Copyright © 2011-2022 走看看