一、抓包基础

1、抓网卡ens33 的包,有多大抓多大,然后保存到a.cap中

[root@localhost ~]# tcpdump -i ens33 -s  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

2、读取a.cap文件

[root@localhost ~]# tcpdump -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::15.381526 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::15.381556 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::16.383090 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::16.383121 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::17.385139 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::17.385273 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::18.385827 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::18.385866 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::19.244187 IP 192.168.10.1. > 239.255.255.250.ssdp: UDP, length

::19.387459 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::19.387517 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.390170 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::20.390271 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.438195 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [P.], seq :, ack , win , length

3、读取详细内容

[root@localhost ~]# tcpdump -A -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

E...] @.@.G...

...

.....e...7q.4P.......u0.L.}H....j.....#|!..v.Y......"<....@.B~..|0.N.n..........,......v........&.(G9.b.a9...f.....Y.t.R....m...    .v....B...:.......K....

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

E..(..@...OX..

...

.....7q.4e..$P.............

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

E..<.......H..

...

...F.....abcdefghijklmnopqrstuvwabcdefghi

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

E..<e...@..E..

4、抓tcp  22端口的包

[root@localhost ~]# tcpdump -i ens33 tcp port  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

二、抓包筛选

  1、通过操作系统筛选

[root@localhost ~]# tcpdump -r a.cap |awk '{print $3}'|sort -u

reading from file a.cap, link-type EN10MB (Ethernet)

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.cruise-config

192.168.10.1.cruise-swroute

localhost.localdomain.http

  2、通过源或目标地址筛选

[root@localhost ~]# tcpdump -n src host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455482 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455616 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455690 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455768 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::01.132478 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.132938 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.134389 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], ack , win , length

::01.136378 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], seq :, ack , win , length : HTTP: HTTP/1.1  Forbidden

::01.136641 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP

::01.163086 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [.], ack , win , length

::01.163388 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.164423 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178354 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178523 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

[root@localhost ~]# tcpdump -n dest host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

tcpdump: syntax error

[root@localhost ~]# tcpdump -n dst host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455392 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455603 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455678 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455757 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::01.132300 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.132607 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.132821 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.133059 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.134332 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET / HTTP/1.1

::01.136670 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.136736 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.162692 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1

::01.163034 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1

::01.178069 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1

::01.178136 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1

::01.372703 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.381626 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

  3、筛选端口

[root@localhost ~]# tcpdump -n port  -r a.cap

TCPDUMP抓包学习的更多相关文章

  1. linux下抓包学习--tcpdump的使用

    一.为什么需要学这个 很多时候,开发环境上不会出现问题.但在测试或者现场时,总是会有很多莫名其妙的问题. 这时候,能在出问题的环境上,开启抓包,然后再去重现问题的话,这时候,就可以拿到第一手的资料了. ...

  2. 转:tcpdump抓包分析(强烈推荐)

    转自:https://mp.weixin.qq.com/s?__biz=MzAxODI5ODMwOA==&mid=2666539134&idx=1&sn=5166f0aac71 ...

  3. tcpdump抓包命令

    本文转自 : http://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html http://www.itshouce.com.cn/l ...

  4. [转] Android利用tcpdump抓包

    原文链接:http://mysuperbaby.iteye.com/blog/902201 Android利用tcpdump抓包 博客分类: Android AndroidAccessGoHTML  ...

  5. TCPdump抓包命令详解--摘

    http://blog.csdn.net/s_k_yliu/article/details/6665673/ http://starsliao.blog.163.com/blog/static/890 ...

  6. Android手机tcpdump抓包

    在开发过程中遇到问题时,无法非常方便的获取到数据包,导致分析解决问题比较麻烦.这里介绍如何在Android手机上实现tcpdump抓包.   1.root机器  在用tcpdump抓包过程中,需要使用 ...

  7. Wireshark和TcpDump抓包分析心得

    Wireshark和 TcpDump抓包分析心得  1. Wireshark与tcpdump介绍 Wireshark是一个网络协议检测工具,支持Windows平台和Unix平台,我一般只在Window ...

  8. tcpdump 抓包让wireshark来分析

    在linux下面用tcpdump 抓包非常方便, 但是抓的包要提取出来进行分析, 还是得用wireshark来过滤分析比较方便. 下面先介绍一下 TCPDUMP 的使用 例:tcpdump host ...

  9. tcpdump抓包并保存成cap文件

    首选介绍一下tcpdump的常用参数 tcpdump采用命令行方式,它的命令格式为: tcpdump [ -adeflnNOpqStvx ] [ -c 数量 ] [ -F 文件名 ] [ -i 网络接 ...

随机推荐

  1. SQL——函数

    演示c_grade表 一.AVG() AVG()函数用于返回数值列的平均值 例: SELECT AVG(score) FROM c_grade; 运行结果: 通过运行结果可以看到,score字段为Nu ...

  2. 『Go基础』第5节 第一个Go程序

    本节我们来学习写一个最简单的Go程序: 打印 Hello Go. 第一个Go程序, 只要跟着做, 留下个印象就可以. 用Goland创建一个 hello_go.go 文件(后缀为 .go ). 文件内 ...

  3. adb命令查看连接PC的移动设备

    cmd窗口中输入adb应会出现上图情况,如果显示不存在则需要网上下载adb工具并在我的电脑-属性-高级系统设置-环境变量中将adb工具的路径加入PATH,如下图: 输入adb devices 可以看到 ...

  4. 终于明白六大类UML类图关系了

    UML,全称Unified Modeling Language,统一建模语言.而UML图分为用例图.类图.对象图.状态图.活动图.时序图.协作图.构件图.部署图等9种图. 在面向对象语言中,我们经常看 ...

  5. jmeter_分布式测试

    背景:         由于Jmeter本身的瓶颈,当需要模拟数以千计的并发用户时,使用单台机器模拟所有的并发用户就有些力不从心,甚至还会引起JAVA内存溢出的错误.要解决这个问题,可以使用分布式实测 ...

  6. Delphi调用爷爷类的方法(自己构建一个procedure of Object)

    Delphi通过inherited 可以调用父类的方法,但是没有提供直接调用父类的父类的方法(爷爷类),通过变通的方式实现如下: 假设父类是TFather,爷爷类TGrand,调用爷爷类的Write方 ...

  7. Luogu4240 毒瘤之神的考验 莫比乌斯反演、根号分治

    传送门 首先有\(\varphi(ij) = \frac{\varphi(i) \varphi(j) \gcd(i,j)}{\varphi(\gcd(i,j))}\),把欧拉函数的定义式代入即可证明 ...

  8. c#中冒泡排序算法描述

    int temp = 0; int b = 0; int[] arr = { 23, 44, 66, 76, 98, 11, 3, 99, 7 };# region该段与排序无关Console.Wri ...

  9. ADO.NET 四(DataReader)

    DataReader 类概述 DataReader 类对应MSSQLSERVER在 System.Data.SqlClient 命名空间中,对应的类是 SqlDataReader,主要用于读取表中的查 ...

  10. web项目服务器安装及配置(虚拟机centOS7)

    一.安装VMware(如需) 1.首先下载VMware虚拟机,地址: https://www.vmware.com/products/workstation-pro/workstation-pro-e ...