TcpDump简介
TcpDump(TCP Dump)是一个用于捕获网络数据包的实用工具,它可以帮助我们分析网络通信过程,以便了解网络状况、检测网络故障等,在Linux系统中,TcpDump可以通过命令行界面进行使用,非常方便。
安装TcpDump
在Linux系统中,可以使用以下命令安装TcpDump:
sudo apt-get install tcpdump
基本使用方法
1、抓取所有流量:
sudo tcpdump -i any
2、抓取指定网卡的流量:
sudo tcpdump -i eth0
3、抓取指定IP地址的流量:
sudo tcpdump host 192.168.1.100
4、抓取指定端口的流量:
sudo tcpdump port 80
5、将抓取到的数据包保存到文件中:
sudo tcpdump -i any -w output.pcap
6、从文件中读取数据包并显示:
sudo tcpdump -r output.pcap -tttt | grep "HTTP"
高级用法
1、按协议过滤数据包:
sudo tcpdump icmp or udp or tcp and (ip[40] & 0xf0 == 0x20) or (ip[40] & 0xf0 == 0x2f) or (ip[40] & 0xf0 == 0x3c) or (ip[40] & 0xf0 == 0x43) or (ip[40] & 0xf0 == 0x50) or (ip[40] & 0xf0 == 0x80) or (ip[40] & 0xf0 == 0xc0) or (ip[40] & 0xf0 == 0xe0) or (ip[40] & 0xf0 == 0xf0) or (ip[6] & 0xff == 58) or (ip[6] & 0xff == 59) or (ip[6] & 0xff == 87) or (ip[6] & 0xff == 88) or (ip[6] & 0xff == 111) or (ip[6] & 0xff == 112) or (ip[6] & 0xff == aa) or (ip[6] & 0xff == ca) or (ip[6] & 0xff == da) or (ip[6] & 0xff == e2) or (ip[6] & 0xff == f4) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6} != all and not host "::") and not host "127.0.0.1" and not host "localhost" and not host "::1" and not host "fe80::" and not host "febf::" and not host "fc00::" and not host "224.0.0." and not host "249.*.*.*" and not host "255.*.*.*" and not host "255.255.*.*" and not host "255.255.255.*" and not host "255.255.255.255" and not host "255.255.255.254" and not host "::ffff:" and not host "::ffff:127." and not host "::ffff:192.168." and not host "::ffff:192.168.33" and not host "::ffff:fe80:" and not host "::ffff:feaa:" and not host "::ffff:feff:" and not host "::ffff:ffee:" and not host "::ffff:fffe:" and not host "::ffff:fffd:" and not host "::ffff:fffa:" and not host "::ffff:fff9:" and not host "::ffff:fff8:" and not host "::ffff:fff7:" and not host "::ffff:fff6:" and not host "::ffff:fff5:" and not host "::ffff:fff4:" and not host "::ffff:fff3:" and not host "::ffff:fff2:" and not host "::ffff:fff1:" and not host "::ffff:fff0:") then echo $line | sed 's/\([^|]*\).*/\1/g'; else echo $line | sed 's/\([^|]*).*/\1/g' | sed 's/^ *//g'; endif; echo; exec tail $file; exit;' | sudo tee --append=/etc/network/scripts/tcpdump_filter >/dev/null && sudo chmod +x /etc/network/scripts/tcpdump_filter || true; cat <<EOF | sudo tee --append=/etc/network/scripts/tcpdump_filter >/dev/null && sudo chmod +x /etc/network/scripts/tcpdump_filter || true; if [ \$(uname) = Linux]; then echo 'Not filter on Linux system!'; exit; else echo 'Not filter on non-Linux system!'; exit;fi;EOF ------------------------------------------------------------- End of file ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------end of file-- End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file End of file ---end of file-- End of file End of file ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end的文件---
原创文章,作者:K-seo,如若转载,请注明出处:https://www.kdun.cn/ask/142945.html
微信扫一扫 