tcpdump 命令 :
介绍:抓包工具(流向)
格式:tcpdump [option]
用法:
-nn :IP显示
-c # :指定抓包次数
-i eth0 :指定网卡
-w file :包内容文件(二进制)
-w 1.cap 可以下载到windows上,然后用wireshark查看
tcpdump -r :读文件内容
-s0 :抓完整包
port # :指定端口
tcp
udp
host :主机
用and连接
tshark :抓包工具(windows linux) yum install -y wireshark
最后更新于
这有帮助吗?
这有帮助吗?
[root@localhost ~]# tcpdump -nn -i ens33
...
20:51:25.794938 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 89180:89440, ack 1, win 264, length 260
20:51:25.795177 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [.], ack 89180, win 2049, length 0
20:51:25.795210 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 89440:89604, ack 1, win 264, length 164
20:51:25.795496 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [.], ack 89604, win 2048, length 0
20:51:25.795585 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 89604:89976, ack 1, win 264, length 372
20:51:25.820948 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [.], ack 118616, win 2047, length 0
20:51:25.820974 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 118892:119056, ack 53, win 264, length 164
20:51:25.821148 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 119056:119332, ack 53, win 264, length 276
20:51:25.821357 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [.], ack 119056, win 2053, length 0
20:51:25.821380 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 119332:119496, ack 53, win 264, length 164
20:51:25.821502 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 119496:119772, ack 53, win 264, length 276
20:51:25.821583 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [P.], seq 53:105, ack 119056, win 2053, length 52
^C
791 packets captured
791 packets received by filter
0 packets dropped by kerneltshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"