Shulou(Shulou.com)06/03 Report--

This series of articles:

Chapter 1: Nine Analysis takes you to play linux-Kernel upgrade

Chapter 2: nine analyses take you to play with the installation of linux-vagrant

Chapter 3: Nine Analysis takes you to play linux-Zombie process (zombie)

Chapter 4: Nine Analysis takes you to play with linux-self-built DNS

Chapter 5: Nine Analysis takes you to play linux-tcpdump

Catalogue

1 preface

2 use

1 preface

Tcpdump is a command line packet grabbing tool, which is widely used in linux, unix and windows operating systems. The tcpdump tool itself relies on library files to obtain Nic traffic information, such as winpcap under windows, libpcap under linux, and so on. Pcap is the abbreviation of package capture.

2 use

Use the following command directly to view traffic information:

Tcpdump

Command execution grabs all network traffic passing through the host. Each line represents a traffic record, such as:

18:23:11.591431 ARP, Request who-has 192.168.31.100 tell 192.168.31.85, length 28

This line indicates when a packet occurs and what protocol (ARP) it belongs to. The content of the protocol is that a host on the network broadcasts looking for a host with an IP of 192.168.31.100.

2.1 crawling a specified number of packets

Use-c (count) to crawl a specified number of packets:

Tcpdump-c 3

2.2 keep the record of bag capture

Use-w (write) to save the bag capture record:

Tcpdump-c 6-w tcpdump.out

2.3 read packet capture record

Use-r (read) to read the packet capture record from the specified file:

Tcpdump-r tcpdump.out

2.4 query the current network card

Use-D to list all the Nic information of the host:

Tcpdump-D

2.5 View specified network traffic data

Sometimes we just want to see the network traffic data through the specified network card, and we can easily use the-I (interface) parameter. For example, if I want to check the traffic information of the loopback network card (lo, that is, 127.x.x.x), I can directly use the following command:

Tcpdump-I lo0

Open another command line terminal:

Ping 127.0.0.1

Going back to the command line terminal running tcpdump, you can see that the traffic information data has been captured and displayed.

From then on, it was easy to finish tcpdump.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.