1:安裝
tcpdump
yum install -y tcpdump
2:監控某乙個網絡卡的流量
[root@dg-master ~]# tcpdump -i eth0
11:26:33.987299 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1496840:1497116, ack 937, win 141, length 276
11:26:33.987599 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [.], ack 1497116, win 521, length 0
11:26:33.987840 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1497116:1497392, ack 937, win 141, length 276
11:26:33.988530 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1497392:1497572, ack 937, win 141, length 180
11:26:33.988814 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1497572:1497752, ack 937, win 141, length 180
11:26:33.988934 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [.], ack 1497572, win 519, length 0
11:26:33.989025 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1497752:1498028, ack 937, win 141, length 276
11:26:33.989101 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 1498028:1498208, ack 937, win 141, length 180
3:指定監控
ip
tcpdump host 192.168.100.142
11:58:25.783219 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [.], ack 464208, win 524, length 0
11:58:25.783475 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 464208:464612, ack 261, win 141, length 404
11:58:25.784555 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 464612:464776, ack 261, win 141, length 164
11:58:25.784765 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 464776:464940, ack 261, win 141, length 164
11:58:25.784907 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [.], ack 464776, win 522, length 0
11:58:25.78511:58:25.823012 ip 192.168.100.100.ssh > 192.168.100.142.56903: flags [p.], seq 477096:477372, ack 261, win 141, length 276
11:58:25.823156 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [p.], seq 261:313, ack 477096, win 522, length 52
11:58:25.823237 ip 192.168.100.142.56903 > 192.168.100.100.ssh: flags [p.], seq 313:365, ack 477372, win 521, length 52
4:擷取本機和指定
ip的之間的通訊(和監控
ip一樣)
tcpdump -n -i eth0 host 192.168.100.100 and 192.168.100.142
5:監控進入本機的包
tcpdump -n -i eth0 dst 192.168.100.100
6:監控從本機出去的包
tcpdump -n -i eth0 src 192.168.100.100
7:過濾資訊
使用and和
or的組合
tcpdump -n -i eth0 src 192.168.100.100 or 192.168.100.142
tcpdump -n -i eth0 src 192.168.100.100 or 192.168.100.142 and port ! 22 and tcp
Tcpdump抓包命令使用
tcpdump命令需要使用root執行 檢視網絡卡命令 ifconfig 監視編址到指定埠的tcp或udp資料報,那麼執行以下命令 tcpdump i eth0 host 10.43.159.11 and port 8983 輸出資訊到檔案 tcpdump i eth0 host 10.43.159...
pfsense使用tcpdump抓包
前言 pfsense自帶有tcpdump抓包工具,根據版本的不同,區別在於老版本的可能不支援某些tcpdump的引數。使用之前可以檢視tcpdump help檢視支援的引數,在進一步進行配置。一 登入pfsense的web介面,開啟ssh。二 防火牆放行ssh。三 使用putty登入pfsense,...
使用 tcpdump 工具抓包
tcpdump 是一款 linux 平台的網路資料報截獲和分析工具,支援針對協議 主機 網口 埠等進行過濾。並且可以使用 and or not 等邏輯語句對過濾器進行組合,實現針對性截獲。使用 i 引數指定監聽的網口。不指定預設監聽第乙個 所以通常來講,這個引數都需要指定,因為不指定很可能抓不到,而...