Basic learning of tcp command 03/10 Update SLTechnology News&Howtos

Basic learning of tcp command

2025-03-10 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Introduction to 1.tcp command

Tcpdump uses the command line mode, and its command format is:

Tcpdump [- adeflnNOpqStvx] [- c quantity] [- F file name]

[- I network interface] [- r file name] [- s snaplen]

[- T type] [- w file name] [expression]

1. Introduction to tcpdump's options

-a convert network and broadcast addresses into names

-d give the code that matches the packet in an assembly format that people can understand

-dd gives the code to match the packet in the format of a c language program segment

-ddd gives the code that matches the packet in decimal form

-e prints the header information of the data link layer on the output line

-f print out the external Internet address as a number

-l turns standard output into buffered line form

-n does not convert network addresses into names

-t does not print a timestamp on each line of the output

-v outputs a slightly more detailed information, such as ttl and service type information that can be included in the ip package

-vv outputs detailed message information

-c after receiving the specified number of packets, tcpdump will stop

-F reads expressions from the specified file, ignoring other expressions

-I specify the network interface on which to listen

-r reads packages from the specified file (these packages are usually generated by the-w option)

-w writes the package directly to the file and does not analyze and print it

-T interprets the intercepted packet directly as a message of the specified type, the common type being rpc (remote procedure)

Call) and snmp (simple Network Management Protocol;)

Installation of tcpdump tools under 2.Linux

Yum-y install tcpdump

View simple usage

Tcpdump-help

Demonstration:

Intercept data between the local machine (192.168.1.103) and the host computer (114.114.114.114)

Tcpdump-n-I eth0 192.168.1.103 and 192.168.1.102

Intercept all data entering the server

Tcpdump-n-I eth0 dst 192.168.1.103

Intercept all tcp packets entering the server

Tcpdump-n-I eth0 dst 192.168.1.103 and tcp

Intercept tcp packets entering the server at port 22

Tcpdump-n-I eth0 dst 192.168.1.103 and port 22 and tcp

Intercept packets from the local computer

Tcpdump-n-I eth0 src 192.168.1.103

Intercept tcp packets out of port 22 of this machine

Tcpdump-n-I eth0 src 192.168.1.103 and port 22 and tcp

Please learn more in depth!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.