Linux系统中TcpDump的使用教程

TcpDump简介

TcpDump(TCP Dump)是一个用于捕获网络数据包的实用工具,它可以帮助我们分析网络通信过程,以便了解网络状况、检测网络故障等,在Linux系统中,TcpDump可以通过命令行界面进行使用,非常方便。

安装TcpDump

在Linux系统中,可以使用以下命令安装TcpDump:

Linux系统中TcpDump的使用教程

sudo apt-get install tcpdump

基本使用方法

1、抓取所有流量:

sudo tcpdump -i any

2、抓取指定网卡的流量:

sudo tcpdump -i eth0

3、抓取指定IP地址的流量:

Linux系统中TcpDump的使用教程

sudo tcpdump host 192.168.1.100

4、抓取指定端口的流量:

sudo tcpdump port 80

5、将抓取到的数据包保存到文件中:

sudo tcpdump -i any -w output.pcap

6、从文件中读取数据包并显示:

Linux系统中TcpDump的使用教程

sudo tcpdump -r output.pcap -tttt | grep "HTTP"

高级用法

1、按协议过滤数据包:

sudo tcpdump icmp or udp or tcp and (ip[40] & 0xf0 == 0x20) or (ip[40] & 0xf0 == 0x2f) or (ip[40] & 0xf0 == 0x3c) or (ip[40] & 0xf0 == 0x43) or (ip[40] & 0xf0 == 0x50) or (ip[40] & 0xf0 == 0x80) or (ip[40] & 0xf0 == 0xc0) or (ip[40] & 0xf0 == 0xe0) or (ip[40] & 0xf0 == 0xf0) or (ip[6] & 0xff == 58) or (ip[6] & 0xff == 59) or (ip[6] & 0xff == 87) or (ip[6] & 0xff == 88) or (ip[6] & 0xff == 111) or (ip[6] & 0xff == 112) or (ip[6] & 0xff == aa) or (ip[6] & 0xff == ca) or (ip[6] & 0xff == da) or (ip[6] & 0xff == e2) or (ip[6] & 0xff == f4) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6] & 0xff == fe) or (ip[6} != all and not host "::") and not host "127.0.0.1" and not host "localhost" and not host "::1" and not host "fe80::" and not host "febf::" and not host "fc00::" and not host "224.0.0." and not host "249.*.*.*" and not host "255.*.*.*" and not host "255.255.*.*" and not host "255.255.255.*" and not host "255.255.255.255" and not host "255.255.255.254" and not host "::ffff:" and not host "::ffff:127." and not host "::ffff:192.168." and not host "::ffff:192.168.33" and not host "::ffff:fe80:" and not host "::ffff:feaa:" and not host "::ffff:feff:" and not host "::ffff:ffee:" and not host "::ffff:fffe:" and not host "::ffff:fffd:" and not host "::ffff:fffa:" and not host "::ffff:fff9:" and not host "::ffff:fff8:" and not host "::ffff:fff7:" and not host "::ffff:fff6:" and not host "::ffff:fff5:" and not host "::ffff:fff4:" and not host "::ffff:fff3:" and not host "::ffff:fff2:" and not host "::ffff:fff1:" and not host "::ffff:fff0:") then echo $line | sed 's/\([^|]*\).*/\1/g'; else echo $line | sed 's/\([^|]*).*/\1/g' | sed 's/^ *//g'; endif; echo; exec tail $file; exit;' | sudo tee --append=/etc/network/scripts/tcpdump_filter >/dev/null && sudo chmod +x /etc/network/scripts/tcpdump_filter || true; cat <<EOF | sudo tee --append=/etc/network/scripts/tcpdump_filter >/dev/null && sudo chmod +x /etc/network/scripts/tcpdump_filter || true; if [ \$(uname) = Linux]; then echo 'Not filter on Linux system!'; exit; else echo 'Not filter on non-Linux system!'; exit;fi;EOF
-------------------------------------------------------------     End of file                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------end of file-- End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  End of file  ---end of file-- End of file  End of file  ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end of file-- ---end的文件---

原创文章,作者:K-seo,如若转载,请注明出处:https://www.kdun.cn/ask/142945.html

Like (0)
Donate 微信扫一扫 微信扫一扫
K-seo的头像K-seoSEO优化员
Previous 2023-12-18 19:46
Next 2023-12-18 19:48

相关推荐

  • Linux下怎么清除文件中的隐私数据

    在日常生活和工作中,我们经常会在电脑上处理各种文件,这些文件可能包含我们的个人信息、工作资料等敏感数据,为了保护个人隐私,我们需要定期清除这些文件中的隐私数据,本文将介绍如何在Linux下清除文件中的隐私数据,包括使用命令行工具和图形界面工具两种方法。使用命令行工具清除文件中的隐私数据1、使用dd命令删除文件内容dd命令是Linux系……

    2024-01-02
    0113
  • 如何在CentOS上安装Kubernetes集群

    在CentOS上安装Kubernetes集群Kubernetes是一个开源的容器编排平台,用于自动化应用程序容器的部署、扩展和管理,本文将介绍如何在CentOS上安装Kubernetes集群。准备工作1、系统要求:CentOS 7.x或更高版本2、硬件要求:至少2GB内存3、网络要求:一个可用的互联网连接4、软件要求:Docker、e……

    2023-12-26
    0131
  • 云服务器添加tomcat的方法是什么

    云服务器添加tomcat的方法如下:1. 登录云服务器:使用SSH客户端(如PuTTY)连接到云服务器,输入服务器的IP地址、用户名和密码,然后按回车键。2. 更新软件包列表:在终端中运行以下命令以更新软件包列表: sudo apt-get update 3. 安装Java环境:Tomcat需要Java环境来运行,因此我们需要先安装J……

    2023-12-04
    0123
  • centos 开启远程访问

    在CentOS 7.4中,远程访问控制是一个重要的安全特性,它允许系统管理员对远程访问进行严格的控制和管理,本文将详细介绍如何在CentOS 7.4中实现远程访问控制。1、使用SSH服务SSH(Secure Shell)是一种加密的网络协议,用于在不安全的网络环境中提供安全的远程登录和其他网络服务,在CentOS 7.4中,默认安装了……

    2024-02-22
    0294
  • Ubuntu11.04下安装Eclipse的步骤

    安装Eclipse前的准备工作在开始安装Eclipse之前,我们需要做一些准备工作,我们需要确保我们的Ubuntu系统已经安装了Java开发工具包(JDK),如果没有,我们可以使用以下命令进行安装:sudo apt-get updatesudo apt-get install default-jdk接下来,我们需要下载Eclipse的……

    2023-12-21
    0104
  • 云服务器php运行环境怎么搭建的

    云服务器PHP运行环境的搭建在现代的Web开发中,PHP是一种广泛使用的服务器端脚本语言,它可以用于创建动态网页和Web应用程序,在云服务器上搭建PHP运行环境,可以让你更好地利用云服务器的资源,提高网站的性能和稳定性,本文将详细介绍如何在云服务器上搭建PHP运行环境。选择合适的云服务器你需要选择一个合适的云服务器,在选择云服务器时,……

    行业资讯 2024-02-27
    093

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注

免备案 高防CDN 无视CC/DDOS攻击 限时秒杀,10元即可体验  (专业解决各类攻击)>>点击进入