一、抓包基础

1、抓网卡ens33 的包,有多大抓多大,然后保存到a.cap中

[root@localhost ~]# tcpdump -i ens33 -s  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

2、读取a.cap文件

[root@localhost ~]# tcpdump -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::15.381526 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::15.381556 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::16.383090 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::16.383121 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::17.385139 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::17.385273 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::18.385827 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::18.385866 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::19.244187 IP 192.168.10.1. > 239.255.255.250.ssdp: UDP, length

::19.387459 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::19.387517 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.390170 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::20.390271 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.438195 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [P.], seq :, ack , win , length

3、读取详细内容

[root@localhost ~]# tcpdump -A -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

E...] @.@.G...

...

.....e...7q.4P.......u0.L.}H....j.....#|!..v.Y......"<....@.B~..|0.N.n..........,......v........&.(G9.b.a9...f.....Y.t.R....m...    .v....B...:.......K....

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

E..(..@...OX..

...

.....7q.4e..$P.............

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

E..<.......H..

...

...F.....abcdefghijklmnopqrstuvwabcdefghi

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

E..<e...@..E..

4、抓tcp  22端口的包

[root@localhost ~]# tcpdump -i ens33 tcp port  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

二、抓包筛选

  1、通过操作系统筛选

[root@localhost ~]# tcpdump -r a.cap |awk '{print $3}'|sort -u

reading from file a.cap, link-type EN10MB (Ethernet)

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.cruise-config

192.168.10.1.cruise-swroute

localhost.localdomain.http

  2、通过源或目标地址筛选

[root@localhost ~]# tcpdump -n src host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455482 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455616 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455690 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455768 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::01.132478 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.132938 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.134389 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], ack , win , length

::01.136378 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], seq :, ack , win , length : HTTP: HTTP/1.1  Forbidden

::01.136641 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP

::01.163086 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [.], ack , win , length

::01.163388 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.164423 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178354 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178523 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

[root@localhost ~]# tcpdump -n dest host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

tcpdump: syntax error

[root@localhost ~]# tcpdump -n dst host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455392 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455603 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455678 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455757 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::01.132300 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.132607 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.132821 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.133059 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.134332 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET / HTTP/1.1

::01.136670 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.136736 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.162692 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1

::01.163034 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1

::01.178069 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1

::01.178136 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1

::01.372703 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.381626 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

  3、筛选端口

[root@localhost ~]# tcpdump -n port  -r a.cap

TCPDUMP抓包学习的更多相关文章

  1. linux下抓包学习--tcpdump的使用

    一.为什么需要学这个 很多时候,开发环境上不会出现问题.但在测试或者现场时,总是会有很多莫名其妙的问题. 这时候,能在出问题的环境上,开启抓包,然后再去重现问题的话,这时候,就可以拿到第一手的资料了. ...

  2. 转:tcpdump抓包分析(强烈推荐)

    转自:https://mp.weixin.qq.com/s?__biz=MzAxODI5ODMwOA==&mid=2666539134&idx=1&sn=5166f0aac71 ...

  3. tcpdump抓包命令

    本文转自 : http://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html http://www.itshouce.com.cn/l ...

  4. [转] Android利用tcpdump抓包

    原文链接:http://mysuperbaby.iteye.com/blog/902201 Android利用tcpdump抓包 博客分类: Android AndroidAccessGoHTML  ...

  5. TCPdump抓包命令详解--摘

    http://blog.csdn.net/s_k_yliu/article/details/6665673/ http://starsliao.blog.163.com/blog/static/890 ...

  6. Android手机tcpdump抓包

    在开发过程中遇到问题时,无法非常方便的获取到数据包,导致分析解决问题比较麻烦.这里介绍如何在Android手机上实现tcpdump抓包.   1.root机器  在用tcpdump抓包过程中,需要使用 ...

  7. Wireshark和TcpDump抓包分析心得

    Wireshark和 TcpDump抓包分析心得  1. Wireshark与tcpdump介绍 Wireshark是一个网络协议检测工具,支持Windows平台和Unix平台,我一般只在Window ...

  8. tcpdump 抓包让wireshark来分析

    在linux下面用tcpdump 抓包非常方便, 但是抓的包要提取出来进行分析, 还是得用wireshark来过滤分析比较方便. 下面先介绍一下 TCPDUMP 的使用 例:tcpdump host ...

  9. tcpdump抓包并保存成cap文件

    首选介绍一下tcpdump的常用参数 tcpdump采用命令行方式,它的命令格式为: tcpdump [ -adeflnNOpqStvx ] [ -c 数量 ] [ -F 文件名 ] [ -i 网络接 ...

随机推荐

  1. Asp.net Core CORS 跨域

    本文主要介绍在Asp.net Core采用CORS方式解决跨域 关于跨域的原理介绍可参考Asp.net Web API 解决跨域详解 1 在Startup添加允许跨域的策略 services.AddC ...

  2. 【Linux】一步一步学Linux——Centos7.5安装图解(08)

    00. 目录 参考博客:https://mp.csdn.net/mdeditor/95031775# 01. Centos7.5简介 CentOS(Community Enterprise Opera ...

  3. golang数组

  4. fastjson反序列化使用不当导致内存泄露

    分析一个线上内存告警的问题时,发现了造成内存告警的原因是使用fastjson不当导致的. 分析dump发现com.alibaba.fastjson.util.IdentityHashMap$Entry ...

  5. git 学习笔记 ---远程仓库

    Git是分布式版本控制系统,同一个Git仓库,可以分布到不同的机器上.怎么分布呢?最早,肯定只有一台机器有一个原始版本库,此后,别的机器可以“克隆”这个原始版本库,而且每台机器的版本库其实都是一样的, ...

  6. DevOps 什么是 CI/CD?

    CI/CD 是一种通过在应用开发阶段引入自动化来频繁向客户交付应用的方法.CI/CD 的核心概念是持续集成.持续交付和持续部署.作为一个面向开发和运营团队的解决方案,CI/CD 主要针对在集成新代码时 ...

  7. WPF 不要给 Window 类设置变换矩阵(应用篇)

    原文:WPF 不要给 Window 类设置变换矩阵(应用篇) WPF 的 Window 类是不允许设置变换矩阵的.不过,总会有小伙伴为了能够设置一下试图绕过一些验证机制. 不要试图绕过,因为你会遇到更 ...

  8. Mycat分布式数据库架构解决方案--rule.xml详解

    echo编辑整理,欢迎转载,转载请声明文章来源.欢迎添加echo微信(微信号:t2421499075)交流学习. 百战不败,依不自称常胜,百败不颓,依能奋力前行.--这才是真正的堪称强大!!! 该文件 ...

  9. 使用layui框架根据字段来设置tr行的背景色

    问题来源:最近在写公司项目时使用layui遇见的问题,老板要求根据td字段来设置整行tr的背景色. 解决:一开始数据比较少的时候只是直接在页面根据js动态判断字段然后来更改背景色,结果能够成功,但是后 ...

  10. 怎么对ZYNQ的FCLK做时钟组约束

    前言 对于包含PS和PL的设计,两者的数据交互PL必然会用到PS端的时钟. 对于FCLK(PS端时钟输入到PL端)的约束,此时钟的基础约束已在IP中产生.以下想约束其异步时钟的时钟组特性. 注意事项: ...