Shulou(Shulou.com)06/01 Report--

This article mainly introduces the Linux testing tool tcpdump command how to use, the article introduces in great detail, has a certain reference value, interested friends must read it!

The Linux test tool tcpdump command is used to monitor TCP/IP connections and directly read the packet headers at the data link layer. You can specify which packets are monitored and which controls to display the format. For example, to monitor all traffic on Ethernet, execute the following command: tcpdump-I eth0, let's take a look at the details.

Even on a relatively calm network, there is a lot of communication, so we may only need to get information about the packets we are interested in. In general, the TCP/IP stack only binds packets to the inbound station for the local host and ignores the addressing of other computers on the network (unless you are using a router). When you run the tcpdump command, it sets the TCP/IP stack to promiscuous mode. This mode can receive all packets and make them display effectively. If all we care about is the communication of our local hosts, one way is to use the "- p" parameter to disable promiscuous mode, and another way is to specify the host name:

Tcpdump-I eth0 host hostname

At this point, the system will only monitor the communication packets of the host named hostname. The hostname can be the local host or any computer on the network. The following command reads all data sent by the host hostname:

Tcpdump-I eth0 src host hostname

The following command allows the Linux test tool to monitor all packets sent to the host hostname:

Tcpdump-I eth0 dst host hostname

We can also use the Linux test tool to monitor packets passing through a specified gateway:

Tcpdump-I eth0 gateway Gatewayname

If you also want the Linux test tool to monitor TCP or UDP packets addressed to a specified port, execute the following command:

Tcpdump-I eth0 host hostname and port 80

This command displays the header from each packet and the addressing from the host hostname to port 80. Port 80 is the default HTTP service port number for the system. If we only need to list the packets sent to port 80, use dst port;. If we only want to see packets returning to port 80, use src port.

The above is all the contents of this article entitled "how to use tcpdump commands in Linux testing tool". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.