一、抓包基础

1、抓网卡ens33 的包,有多大抓多大,然后保存到a.cap中

[root@localhost ~]# tcpdump -i ens33 -s  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

2、读取a.cap文件

[root@localhost ~]# tcpdump -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::15.381526 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::15.381556 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::16.383090 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::16.383121 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::17.385139 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::17.385273 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::18.385827 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::18.385866 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::19.244187 IP 192.168.10.1. > 239.255.255.250.ssdp: UDP, length

::19.387459 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::19.387517 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.390170 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::20.390271 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.438195 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [P.], seq :, ack , win , length

3、读取详细内容

[root@localhost ~]# tcpdump -A -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

E...] @.@.G...

...

.....e...7q.4P.......u0.L.}H....j.....#|!..v.Y......"<....@.B~..|0.N.n..........,......v........&.(G9.b.a9...f.....Y.t.R....m...    .v....B...:.......K....

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

E..(..@...OX..

...

.....7q.4e..$P.............

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

E..<.......H..

...

...F.....abcdefghijklmnopqrstuvwabcdefghi

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

E..<e...@..E..

4、抓tcp  22端口的包

[root@localhost ~]# tcpdump -i ens33 tcp port  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

二、抓包筛选

  1、通过操作系统筛选

[root@localhost ~]# tcpdump -r a.cap |awk '{print $3}'|sort -u

reading from file a.cap, link-type EN10MB (Ethernet)

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.cruise-config

192.168.10.1.cruise-swroute

localhost.localdomain.http

  2、通过源或目标地址筛选

[root@localhost ~]# tcpdump -n src host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455482 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455616 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455690 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455768 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::01.132478 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.132938 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.134389 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], ack , win , length

::01.136378 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], seq :, ack , win , length : HTTP: HTTP/1.1  Forbidden

::01.136641 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP

::01.163086 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [.], ack , win , length

::01.163388 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.164423 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178354 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178523 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

[root@localhost ~]# tcpdump -n dest host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

tcpdump: syntax error

[root@localhost ~]# tcpdump -n dst host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455392 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455603 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455678 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455757 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::01.132300 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.132607 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.132821 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.133059 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.134332 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET / HTTP/1.1

::01.136670 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.136736 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.162692 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1

::01.163034 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1

::01.178069 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1

::01.178136 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1

::01.372703 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.381626 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

  3、筛选端口

[root@localhost ~]# tcpdump -n port  -r a.cap

TCPDUMP抓包学习的更多相关文章

  1. linux下抓包学习--tcpdump的使用

    一.为什么需要学这个 很多时候,开发环境上不会出现问题.但在测试或者现场时,总是会有很多莫名其妙的问题. 这时候,能在出问题的环境上,开启抓包,然后再去重现问题的话,这时候,就可以拿到第一手的资料了. ...

  2. 转:tcpdump抓包分析(强烈推荐)

    转自:https://mp.weixin.qq.com/s?__biz=MzAxODI5ODMwOA==&mid=2666539134&idx=1&sn=5166f0aac71 ...

  3. tcpdump抓包命令

    本文转自 : http://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html http://www.itshouce.com.cn/l ...

  4. [转] Android利用tcpdump抓包

    原文链接:http://mysuperbaby.iteye.com/blog/902201 Android利用tcpdump抓包 博客分类: Android AndroidAccessGoHTML  ...

  5. TCPdump抓包命令详解--摘

    http://blog.csdn.net/s_k_yliu/article/details/6665673/ http://starsliao.blog.163.com/blog/static/890 ...

  6. Android手机tcpdump抓包

    在开发过程中遇到问题时,无法非常方便的获取到数据包,导致分析解决问题比较麻烦.这里介绍如何在Android手机上实现tcpdump抓包.   1.root机器  在用tcpdump抓包过程中,需要使用 ...

  7. Wireshark和TcpDump抓包分析心得

    Wireshark和 TcpDump抓包分析心得  1. Wireshark与tcpdump介绍 Wireshark是一个网络协议检测工具,支持Windows平台和Unix平台,我一般只在Window ...

  8. tcpdump 抓包让wireshark来分析

    在linux下面用tcpdump 抓包非常方便, 但是抓的包要提取出来进行分析, 还是得用wireshark来过滤分析比较方便. 下面先介绍一下 TCPDUMP 的使用 例:tcpdump host ...

  9. tcpdump抓包并保存成cap文件

    首选介绍一下tcpdump的常用参数 tcpdump采用命令行方式,它的命令格式为: tcpdump [ -adeflnNOpqStvx ] [ -c 数量 ] [ -F 文件名 ] [ -i 网络接 ...

随机推荐

  1. quartz2.3.0(四)JobDataMap—带状态集合的定时器内置集合

    任务类 package org.quartz.examples.example4; import java.util.Date; import org.quartz.DisallowConcurren ...

  2. Bean进行操作的相关工具方法

    Bean进行操作的相关工具方法 /** * <html> * <body> * <P> Copyright 1994 JsonInternational</p ...

  3. NIO开发Http服务器(3):核心配置和Request封装

    最近学习了Java NIO技术,觉得不能再去写一些Hello World的学习demo了,而且也不想再像学习IO时那样编写一个控制台(或者带界面)聊天室.我们是做WEB开发的,整天围着tomcat.n ...

  4. 进入恢复模式(Recovery HD)

    进入恢复模式(Recovery HD) 1,选中要启动的虚拟机,随后点击VM菜单的启动按钮后面向下箭头,随后点击菜单项”打开电源时进入固件“. 2,在虚拟机里面,用上下键移动到”Enter setup ...

  5. 【POJ3613 Cow Relays】(广义矩阵乘法)

    题目链接 先离散化,假设有\(P\)个点 定义矩阵\(A_{ij}\)表示\(i\)到\(j\)只经过一条边的最短路,\[{(A^{a+b})_{ij}=\min_{1\le k\le p} \{ ( ...

  6. 【转载】Asp.net网站安全:去除网站根目录下的备份文件防止代码泄露

    很多网站运维人员在更新网站版本的时候,喜欢直接在网站目录文件夹中直接压缩原来的网站文件,如果这个备份压缩文件没有移动出去,这样是非常不安全的,有些网站攻击者可能会尝试访问你网站下有没有对应名字的压缩备 ...

  7. JAVA - 普通类读取WEB-INF里面配置文件

    服务器:Tomcat 9 注意问题:配置文件应该放入Tomcat的正式工程目录中测试. 可用代码: package com.daoen.rtis.test; import java.io.FileRe ...

  8. Protobuf的上手使用

    这里不赘述Json和Protobuf的比较和区别,只谈谈简单的使用 1.在Client-Server交互的过程中,都是以二进制数据传输,所以Json和Protobuf在使用的过程中,都存在序列化和反序 ...

  9. Computer Vision_33_SIFT: A novel point-matching algorithm based on fast sample consensus for image registration——2015

    此部分是计算机视觉部分,主要侧重在底层特征提取,视频分析,跟踪,目标检测和识别方面等方面.对于自己不太熟悉的领域比如摄像机标定和立体视觉,仅仅列出上google上引用次数比较多的文献.有一些刚刚出版的 ...

  10. c# 比较字符串