一、抓包基础

1、抓网卡ens33 的包,有多大抓多大,然后保存到a.cap中

[root@localhost ~]# tcpdump -i ens33 -s  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

2、读取a.cap文件

[root@localhost ~]# tcpdump -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::15.381526 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::15.381556 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::16.383090 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::16.383121 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::17.385139 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::17.385273 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::18.385827 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::18.385866 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::19.244187 IP 192.168.10.1. > 239.255.255.250.ssdp: UDP, length

::19.387459 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::19.387517 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.390170 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

::20.390271 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

::20.438195 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [P.], seq :, ack , win , length

3、读取详细内容

[root@localhost ~]# tcpdump -A -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::13.453516 IP localhost.localdomain.ssh > 192.168.10.1.sicct: Flags [P.], seq :, ack , win , length

E...] @.@.G...

...

.....e...7q.4P.......u0.L.}H....j.....#|!..v.Y......"<....@.B~..|0.N.n..........,......v........&.(G9.b.a9...f.....Y.t.R....m...    .v....B...:.......K....

::13.453754 IP 192.168.10.1.sicct > localhost.localdomain.ssh: Flags [.], ack , win , length

E..(..@...OX..

...

.....7q.4e..$P.............

::14.379791 IP 192.168.10.1 > localhost.localdomain: ICMP echo request, id , seq , length

E..<.......H..

...

...F.....abcdefghijklmnopqrstuvwabcdefghi

::14.379825 IP localhost.localdomain > 192.168.10.1: ICMP echo reply, id , seq , length

E..<e...@..E..

4、抓tcp  22端口的包

[root@localhost ~]# tcpdump -i ens33 tcp port  -w a.cap

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size  bytes

二、抓包筛选

  1、通过操作系统筛选

[root@localhost ~]# tcpdump -r a.cap |awk '{print $3}'|sort -u

reading from file a.cap, link-type EN10MB (Ethernet)

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.

192.168.10.1.cruise-config

192.168.10.1.cruise-swroute

localhost.localdomain.http

  2、通过源或目标地址筛选

[root@localhost ~]# tcpdump -n src host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455482 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455616 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455690 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::59.455768 IP 192.168.10.13.http > 192.168.10.1.: Flags [.], ack , win , length

::01.132478 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.132938 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [S.], seq , ack , win , options [mss ,nop,nop,sackOK,nop,wscale ], length

::01.134389 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], ack , win , length

::01.136378 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [.], seq :, ack , win , length : HTTP: HTTP/1.1  Forbidden

::01.136641 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP

::01.163086 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [.], ack , win , length

::01.163388 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.164423 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178354 IP 192.168.10.13.http > 192.168.10.1.cruise-config: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

::01.178523 IP 192.168.10.13.http > 192.168.10.1.cruise-swroute: Flags [P.], seq :, ack , win , length : HTTP: HTTP/1.1  Not Found

[root@localhost ~]# tcpdump -n dest host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

tcpdump: syntax error

[root@localhost ~]# tcpdump -n dst host 192.168.10.13 -r a.cap

reading from file a.cap, link-type EN10MB (Ethernet)

::59.455392 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455603 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455678 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::59.455757 IP 192.168.10.1. > 192.168.10.13.http: Flags [F.], seq , ack , win , length

::01.132300 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.132607 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.132821 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [S], seq , win , options [mss ,nop,wscale ,nop,nop,sackOK], length

::01.133059 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.134332 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET / HTTP/1.1

::01.136670 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.136736 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

::01.162692 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1

::01.163034 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1

::01.178069 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1

::01.178136 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [P.], seq :, ack , win , length : HTTP: GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1

::01.372703 IP 192.168.10.1.cruise-config > 192.168.10.13.http: Flags [.], ack , win , length

::01.381626 IP 192.168.10.1.cruise-swroute > 192.168.10.13.http: Flags [.], ack , win , length

  3、筛选端口

[root@localhost ~]# tcpdump -n port  -r a.cap

TCPDUMP抓包学习的更多相关文章

  1. linux下抓包学习--tcpdump的使用

    一.为什么需要学这个 很多时候,开发环境上不会出现问题.但在测试或者现场时,总是会有很多莫名其妙的问题. 这时候,能在出问题的环境上,开启抓包,然后再去重现问题的话,这时候,就可以拿到第一手的资料了. ...

  2. 转:tcpdump抓包分析(强烈推荐)

    转自:https://mp.weixin.qq.com/s?__biz=MzAxODI5ODMwOA==&mid=2666539134&idx=1&sn=5166f0aac71 ...

  3. tcpdump抓包命令

    本文转自 : http://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html http://www.itshouce.com.cn/l ...

  4. [转] Android利用tcpdump抓包

    原文链接:http://mysuperbaby.iteye.com/blog/902201 Android利用tcpdump抓包 博客分类: Android AndroidAccessGoHTML  ...

  5. TCPdump抓包命令详解--摘

    http://blog.csdn.net/s_k_yliu/article/details/6665673/ http://starsliao.blog.163.com/blog/static/890 ...

  6. Android手机tcpdump抓包

    在开发过程中遇到问题时,无法非常方便的获取到数据包,导致分析解决问题比较麻烦.这里介绍如何在Android手机上实现tcpdump抓包.   1.root机器  在用tcpdump抓包过程中,需要使用 ...

  7. Wireshark和TcpDump抓包分析心得

    Wireshark和 TcpDump抓包分析心得  1. Wireshark与tcpdump介绍 Wireshark是一个网络协议检测工具,支持Windows平台和Unix平台,我一般只在Window ...

  8. tcpdump 抓包让wireshark来分析

    在linux下面用tcpdump 抓包非常方便, 但是抓的包要提取出来进行分析, 还是得用wireshark来过滤分析比较方便. 下面先介绍一下 TCPDUMP 的使用 例:tcpdump host ...

  9. tcpdump抓包并保存成cap文件

    首选介绍一下tcpdump的常用参数 tcpdump采用命令行方式,它的命令格式为: tcpdump [ -adeflnNOpqStvx ] [ -c 数量 ] [ -F 文件名 ] [ -i 网络接 ...

随机推荐

  1. Django组件之cookie、session

    一.cookie 1.1 产生背景 HTTP协议是无状态的,对服务器来说,每次的请求都是独立的.状态可以理解为客户端和服务器在某次会话中产生的数据,那无状态的就以为这些数据不会被保留.会话中产生的数据 ...

  2. pandas再次学习

    numpy.scipy官方文档  pandas官方网站  matplotlib官方文档 一.数据结构 二.数据处理 1.数据获取(excel文件数据基本信息) #coding=utf-8 import ...

  3. git学习笔记 ---版本退回

    我们已经成功地添加并提交了一个readme.txt文件,现在,是时候继续工作了,于是,我们继续修改readme.txt文件,改成如下内容: Git is a distributed version c ...

  4. Matalb中英双语手册-年少无知翻译版本

    更新: 20171207: 这是大学期间参加数模翻译的手册 正文: 愚人节快乐,突然发现自己在博客园的一篇文章.摘取如下: MATLAB 语言是一种工程语言,语法很像 VB 和 C,比 R 语言容易学 ...

  5. vue 项目中assets 和static的区别

    一.Webpacked Assets 为了回答这个问题,我们首先需要了解Webpack如何处理静态资产.在 *.vue 组件中,所有模板和CSS都会被 vue-html-loader 及 css-lo ...

  6. NEST analyze与mapping

    /// <summary> /// POST /_analyze?pretty=true /// POST /employee/_analyze /// </summary> ...

  7. Cookie 和 Session 总结

    Cookie 和 Session 区别 cookie数据存放在客户的浏览器上,session数据放在服务器上 cookie不是很安全,别人可以分析存放在本地的cookie并进行cookie欺骗,考虑* ...

  8. 结合模板导出PDF文件

    @Action("report_exportJasperPdf")    public String exportJasperPdf() throws Exception{     ...

  9. oracle批量操作

    https://stackoverflow.com/questions/39576/best-way-to-do-multi-row-insert-in-oracle 1 批量insert 方式一: ...

  10. 【转】Anaconda安装与使用

    PS:这还是17年一次数据挖掘训练营使用的软件 [转至]https://blog.csdn.net/m0_37605642/article/details/98726766 安装和配置 1.在官网或清 ...