linux抓包

tcpdump 命令

tcpdump 命令 ：

介绍：抓包工具(流向)

格式：tcpdump [option]

用法：

• -nn ：IP显示

• -c # ：指定抓包次数

• -i eth0 ：指定网卡

• -w file ：包内容文件(二进制)

• -w 1.cap 可以下载到windows上，然后用wireshark查看

• tcpdump -r ：读文件内容

• -s0 ：抓完整包

• port # ：指定端口

• tcp

• udp

• host ：主机

  用and连接

[root@localhost ~]# tcpdump -nn -i ens33 
...
20:51:25.794938 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 89180:89440, ack 1, win 264, length 260
20:51:25.795177 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [.], ack 89180, win 2049, length 0
20:51:25.795210 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 89440:89604, ack 1, win 264, length 164
20:51:25.795496 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [.], ack 89604, win 2048, length 0
20:51:25.795585 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 89604:89976, ack 1, win 264, length 372
20:51:25.820948 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [.], ack 118616, win 2047, length 0
20:51:25.820974 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 118892:119056, ack 53, win 264, length 164
20:51:25.821148 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 119056:119332, ack 53, win 264, length 276
20:51:25.821357 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [.], ack 119056, win 2053, length 0
20:51:25.821380 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 119332:119496, ack 53, win 264, length 164
20:51:25.821502 IP 192.168.127.128.22 > 192.168.127.1.55489: Flags [P.], seq 119496:119772, ack 53, win 264, length 276
20:51:25.821583 IP 192.168.127.1.55489 > 192.168.127.128.22: Flags [P.], seq 53:105, ack 119056, win 2053, length 52
^C
791 packets captured
791 packets received by filter
0 packets dropped by kernel

tshark 命令

tshark ：抓包工具(windows linux) yum install -y wireshark

tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"