一、抓包基础

1、抓网卡ens33 的包,有多大抓多大,然后保存到a.cap中

[root@localhost ~]# tcpdump -i ens33 -s  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

2、读取a.cap文件

[root@localhost ~]# tcpdump -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::15.381526 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::15.381556 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::16.383090 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::16.383121 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::17.385139 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::17.385273 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::18.385827 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::18.385866 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::19.244187 IP 192.168.10.1. > 239.255.255.250.ssdp: UDP, length

::19.387459 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::19.387517 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.390170 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::20.390271 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.438195 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [P.], seq :, ack , win , length

3、读取详细内容

[root@localhost ~]# tcpdump -A -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

E...] @.@.G...

...

.....e...7q.4P.......u0.L.}H....j.....#|!..v.Y......"<....@.B~..|0.N.n..........,......v........&.(G9.b.a9...f.....Y.t.R....m...    .v....B...:.......K....

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

E..(..@...OX..

...

.....7q.4e..$P.............

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

E..<.......H..

...

...F.....abcdefghijklmnopqrstuvwabcdefghi

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

E..<e...@..E..

4、抓tcp  22端口的包

[root@localhost ~]# tcpdump -i ens33 tcp port  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

二、抓包筛选

  1、通过操作系统筛选

[root@localhost ~]# tcpdump -r a.cap |awk '{print $3}'|sort -u

reading from file a.cap, link-type EN10MB (Ethernet)

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.cruise-config

192.168.10.1.cruise-swroute

localhost.localdomain.http

  2、通过源或目标地址筛选

[root@localhost ~]# tcpdump -n src host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455482 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455616 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455690 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455768 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::01.132478 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.132938 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.134389 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], ack , win , length

::01.136378 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], seq :, ack , win , length : HTTP: HTTP/1.1  Forbidden

::01.136641 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP

::01.163086 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [.], ack , win , length

::01.163388 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.164423 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178354 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178523 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

[root@localhost ~]# tcpdump -n dest host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

tcpdump: syntax error

[root@localhost ~]# tcpdump -n dst host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455392 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455603 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455678 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455757 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::01.132300 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.132607 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.132821 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.133059 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.134332 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET / HTTP/1.1

::01.136670 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.136736 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.162692 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1

::01.163034 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1

::01.178069 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1

::01.178136 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1

::01.372703 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.381626 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

  3、筛选端口

[root@localhost ~]# tcpdump -n port  -r a.cap

TCPDUMP抓包学习的更多相关文章

  1. linux下抓包学习--tcpdump的使用

    一.为什么需要学这个 很多时候,开发环境上不会出现问题.但在测试或者现场时,总是会有很多莫名其妙的问题. 这时候,能在出问题的环境上,开启抓包,然后再去重现问题的话,这时候,就可以拿到第一手的资料了. ...

  2. 转:tcpdump抓包分析(强烈推荐)

    转自:https://mp.weixin.qq.com/s?__biz=MzAxODI5ODMwOA==&mid=2666539134&idx=1&sn=5166f0aac71 ...

  3. tcpdump抓包命令

    本文转自 : http://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html http://www.itshouce.com.cn/l ...

  4. [转] Android利用tcpdump抓包

    原文链接:http://mysuperbaby.iteye.com/blog/902201 Android利用tcpdump抓包 博客分类: Android AndroidAccessGoHTML  ...

  5. TCPdump抓包命令详解--摘

    http://blog.csdn.net/s_k_yliu/article/details/6665673/ http://starsliao.blog.163.com/blog/static/890 ...

  6. Android手机tcpdump抓包

    在开发过程中遇到问题时,无法非常方便的获取到数据包,导致分析解决问题比较麻烦.这里介绍如何在Android手机上实现tcpdump抓包.   1.root机器  在用tcpdump抓包过程中,需要使用 ...

  7. Wireshark和TcpDump抓包分析心得

    Wireshark和 TcpDump抓包分析心得  1. Wireshark与tcpdump介绍 Wireshark是一个网络协议检测工具,支持Windows平台和Unix平台,我一般只在Window ...

  8. tcpdump 抓包让wireshark来分析

    在linux下面用tcpdump 抓包非常方便, 但是抓的包要提取出来进行分析, 还是得用wireshark来过滤分析比较方便. 下面先介绍一下 TCPDUMP 的使用 例:tcpdump host ...

  9. tcpdump抓包并保存成cap文件

    首选介绍一下tcpdump的常用参数 tcpdump采用命令行方式,它的命令格式为: tcpdump [ -adeflnNOpqStvx ] [ -c 数量 ] [ -F 文件名 ] [ -i 网络接 ...

随机推荐

  1. centos7+ 在线yum安装docker-ce

    yum install -y yum-utils   //扩展yum功能 yum-config-manager --add-repo http://mirrors.aliyun.com/docker- ...

  2. 扩展JS

    //JS的扩展方法: 1 定义类静态方法扩展 2 定义类对象方法扩展            var aClass = function(){} //1 定义这个类的静态方法            aC ...

  3. 翻译 API

    Request http://fy.iciba.com/ajax.php?a=fy&f=auto&t=auto&w=love Pre 英译汉 Request http://fy ...

  4. webpack+vue搭建vue项目

    阅读地址: https://www.jianshu.com/p/23beadfa4aa5 源码地址:https://github.com/Ezoio/IMI-SOURCE-CODE

  5. 查询本地ip以及ip地址库查询

    四种方法查询本地ip from urllib2 import urlopen from json import load my_ip = urlopen('http://ip.42.pl/raw'). ...

  6. Win10同时安装office2016和visio2016说明

    前言 无论是先安装office2016还是visio2016,均不能成功. 而office2016和visio2016的镜像文件是一样的,只是名称不一样,只需下载其一即可. 具体参考链接 https: ...

  7. Solr-rce历史漏洞复现

    最近Solr又出了一个RCE漏洞,复现了一下 # coding: utf-8 import requestsimport argparsefrom urllib import parse if __n ...

  8. js 字节操作

    获取byte的高4位bit和低4位bit function getHeight4(ata){//获取高四位 int height; height = ((data & 0xf0) >&g ...

  9. java git .gitignore常用规则

    # Created by .ignore support plugin (hsz.mobi).gitignore # Operating System Files *.DS_Store Thumbs. ...

  10. python02---基础数据类型

    python02---基础数据类型 一. 什么是数据类型 我们人类可以很容易的分清数字与字符的区别,但是计算机并不能呀,计算机虽然很强大,但从某种角度上看又很傻,除非你明确的告诉它,1是数字,&quo ...