Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to grab tcpdump under Linux

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Editor to share with you how to grab tcpdump under Linux, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

When the company docked with socket under Linux, it was found that there was always an error in the interface, so I studied the packet capture under Linux.

Tcpdump host # IP address # / / get the telnet packets received or sent by host 210.27.48.1

Main options for the tcpdump parameter

-I: specifies that the network card defaults to eth0

-n: online ip, not hostname

-c: specify multiple packages to be launched after they are caught

-A: the contents of online packages in ASCII mode. This option is useful for protocol packages in text format.

-x: displays the contents of the package in hexadecimal

-vvv: displays details

-s: intercept data by packet length; default is 60 bytes; if the packet is larger than 60 bytes, packet capture will cause data loss; so we usually set-s 0; this will intercept data according to the size of the packet; what is caught is the complete packet data

-r: read from the file [corresponding to-w, / usr/sbin/tcpdump-r test.out reads tcpdump-w test.out]

-w: point to files everywhere [be sure to use,-w t.out, and then use-r t.out to see the packet capture information, otherwise the readability is very poor]

2. Tcpmdump grabs the package and analyzes the specific meaning of the package.

The flag carried by the packet: S:S=SYC: initiate connection flag P:P=PUSH: transfer data flag F:F=FIN: close connection flag ack: confirm packet RST=RESET: abnormal close connection. Indicates that there are no signs.

The first line: s: indicates that the temporary port 50741 of clinet.hostname initiates a connection to port server.hostname 80, and the initial packet serial number of client is: 562843056; the size of the sliding window (win 14480) is: 14480 [14k] sliding window, that is, the size of the tcp receive buffer, which is used for tcp congestion control; mss 1460: the maximum packet length that can be received, usually each 20byte of MTU-40 byte;IP header and TCP header

The second line: s: indicates the SYN status; it is the response of server.hostname to the request of the first line clinet.hostname to initiate a connection; at the same time, it takes the initial packet sequence number on the client side + 1:ack 562843057, that is, the server.hostname waits to receive the packet sequence number next time, which is used to control the sequence of the tcp byte stream. Server.hostname initial package serial number: 2306923370

The third line: client.hostname reconfirms that the tcp connection completes the three-way handshake.

The fourth line: P: push data client.hostname sends a packet to server.hostname through port 50741; the packet size is 1005byte; and the fifth line is server.hostname sends and receives the packet in response to the packet. When it is finished, a server.hostname F packet will appear to close the connection. There is no crawl here.

Line 6-> 10 is a repetition of lines 1-5; because the machine is web service is concurrent.

The above is all the contents of how to grab the tcpdump under Linux. Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report