Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to use the common command tcpdump in Linux

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/01 Report--

Editor to share with you how to use the Linux command tcpdump, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Linux common command tcpdump command is used to dump network transmission data, the execution of tcpdump instructions can list the header of data packets passing through the specified network interface, in the Linux operating system, you must be the system administrator.

Syntax tcpdump [- adeflnNOpqStvx] [- c] [- dd] [- ddd] [- F] [- I] [- r] [- s] [- tt] [- T] [- vv] [- w] [output data field] parameter description:

-an attempts to convert network and broadcast addresses to names.

-c after receiving the specified number of packets, the dumping operation is stopped.

-d converts the compiled packet encoding into a readable format and dumps it to standard output.

-dd converts the compiled packet encoding into C format and dumps it to standard output.

-ddd converts the compiled packet encoding into decimal digital format and dumps it to standard output.

-e displays the header at the connection level on each column of dumping data.

-f use numbers to display Internet addresses.

-F specifies the file that contains the expression.

-I sends the packet using the specified network cross section.

-l uses the buffer of the standard output column.

-n does not translate the network address of the host into a name.

-N does not list domain names.

-O does not optimize packet coding.

-p does not allow the web interface to enter hybrid mode.

-Q fast output, listing only a small number of transport protocol information.

-r reads packet data from the specified file.

-s sets the size of each packet.

-S lists the number of TCP associations with absolute rather than relative values.

-t does not display a timestamp on each column of dumping data.

-tt displays an unformatted timestamp on each column of dump data.

-T forces the packet specified by the expression to be translated into the set packet type.

-v shows the execution of the instruction in detail.

-vv shows the instruction execution in more detail.

-x lists the packet data in hexadecimal code.

-w writes packet data to the specified file.

Example displays TCP package information

# tcpdumptcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes23:35:55.129998 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 148872068 IP 148872168 (100) ack 4184371747 win 210023 IP 192.168.0.1.2101 > 192.168.0.3.ssh:. Ack 100 win 6424023 win 35 ack 55.182397 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 100 ack 1 win 210023 ack 55.131713 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 50226 + PTR? 1.0.168.192.in-addr.arpa. PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 50226 + PTR? 1.0.168.192.in-addr.arpa. (42) 23 NXDomain 35 PPPoE 55.154238 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 50226 NXDomain 0 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 50226 NXDomain 032804: 55.159292 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 304 + PTR? 3.0.168.192.in-addr.arpa. PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 30304 + PTR? 3.0.168.192.in-addr.arpa. (42) 23 IP dns2.cs.hn.cn.domain 35 PPPoE 55.179816 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 30304 NXDomain 0 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 30304 NXDomain 0 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 200268 (68) 1 win 210023 192.168.0.3.ssh 35 IP 55.182177 192.168.0.1.2101 > Ack 268 win 6419823 IP 55.182677 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 43983 + PTR? 112.96.103.202.in-addr.arpa. PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 43983 + PTR? 112.96.103.202.in-addr.arpa. (45) 23 IP 192.168.0.3.ssh 35 PPPoE 55.183055 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 26815 352 (84) win 210023 PPPoE 55.201096 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.85.64215: 43983 1-0-0 (72) 23 Freight 3555.203087 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 43983 1-0-0 (72) 23 IP 192.168.0.3.ssh 35 IP 55.204666 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 352 IP 55.204852 IP 192.168.0.1.2101 > 192.168.0.3.ssh:. Ack 452 win 6415223 win 35 ack 55.205305 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 452 ack 1 win 210023 ack 55.205889 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 9318 + PTR? 85.6.250.118.in-addr.arpa (43) 23 IP 355.206071 PPPoE [ses 0x1cb0] 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 9318 + PTR? 85.6.250.118.in-addr.arpa. (43) 2315338 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.85.64120: P 2392751922 win 2392751987 (65) ack 2849759785 win 54232435.216273 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 2392751922nd 2392751987 (65) ack 2849759885 win 5423Switzerland 35rel 55.329204 IP 192.168.1.2101 > 192.168.0.3.ssh. Ack 520 win 6413523 IP 55.458214 IP 192.168.0.65.2057 > 115.238.1.45.3724:. Ack 65 win 3259023 PPPoE 35 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724:. Ack 65 win 3259023 IP 55.708228 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.85.64120: P 65 IP 118 (53) ack 1 win 5423 IP 35V 55.710213 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 65Rou 118 (53) ack 1 win 5423V 35V 55.865151 IP 192.168.0.65.2057 > 115.238.1.45.3724. Ack 118win 3276823 PPPoE 35 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724:. Ack 3276823 ack 56.242805 IP 192.168.0.65.2057 > 115.238.1.45.3724: P 1:25 (24) ack 118win 3276823V 35V 56.242812 PPPoE [ses 0x1cb0] IP 118.250.85.64120 > 115.238.1.45.3724: P 1:25 (24) ack 118win 327682323315 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.85.64120. Ack 25 win 5423 IP 56.278240 IP 115.238.1.45.3724 > 192.168.0.65.2057. Ack 25 win 5423 IP 56.349747 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.85.64120: P 118purl 159 (41) ack 25 win 5423 IP 35 IP 56.351780 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 118ses 0x1cb0 159 (41) win 5423 PPPoE [ses 0x1cb0] IP 119.147.18.44.8000 > 118.250.85.4000: UDP Length 7923 Frev 35 IP 192.168.0.65.2057 > 115.238.1.45.3724:. Ack 159th win 3276223 PPPoE [ses 0x1cb0] IP 118.250.85.64120 > 115.238.1.45.3724:. Ack 159 win 3276223 IP 56.508968 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.85.64120: P 159ses 0x1cb0 411 (252) ack 25 win 5423 IP 3515 510182 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 159912 ack 25 win 5423 ses 0x1cb0 355.592028 PPPoE [ses 0x1cb0] IP 117.136.2.43.38959 > 118.250.85.63283: UDP Length 3644 packets captured76 packets received by filter0 packets dropped by kernel displays the specified number of packages

# tcpdump-c 20tcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes23:36:28.949538 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 148875984 win 148876020 (36) ack 4184373187 win 210023 ack 3628.994325 IP 192.168.0.1.2101 > 192.168.0.3.ssh:. Ack 36 win 6402023 ack 36 IP 192.168.0.3.ssh 28.994368 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 36:72 (36) ack 1 win 210023 ack 36 Vera 28.950779 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 18242 + PTR? 1.0.168.192.in-addr.arpa. PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 18242 + PTR? 1.0.168.192.in-addr.arpa. IP 222.82.119.41.13594 > 118.250.85.63283: UDP, length 3623 PPPoE 28.962192 IP 222.82.119.41.13594 > 192.168.0.65.13965: UDP, length 36233613118 IP 192.168.0.65.13965 > 222.82.119.41.13594: UDP: Length 3423 Virgo 36 length 28.963123 PPPoE [ses 0x1cb0] IP 118.250.85.63283 > 222.82.119.41.13594: UDP Length 3423 PPPoE 36 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 18242 NXDomain 0ram 0 (42) 23V 36V 28.970413 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 18242 NXDomain 0par 0 (42) 23V 36V 28.972352 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 17862 + PTR? 3.0.168.192.in-addr.arpa. PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 17862 + PTR? 3.0.168.192.in-addr.arpa (42) 23 PPPoE 36 PPPoE [ses 0x1cb0] IP 121.12.131.163.13109 > 118.250.85.63283: UDP, length 2723VIE36UR 28.984162 IP 121.131.163.13109 > 192.168.0.65.13965: UDP, length 2723Rover 36Rover 28.985021 IP 192.168.0.65.13965 > 121.131.163.13109: UDP Length 10323 Virgo 36RV 28.985027 PPPoE [ses 0x1cb0] IP 118.250.85.63283 > 121.12.131.163.13109: UDP Length 10323 PPPoE 36 IP dns2.cs.hn.cn.domain 28.991919 [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 17862 NXDomain 0 NXDomain 0 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 17862 NXDomain 0 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 72range 140 (68) ack 1 win 210020 packets captured206 packets received by filter129 packets dropped by kernel Compact display

# tcpdump-c 10-Q / / Compact mode displays 10 packages tcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet) Capture size 96 bytes23:43:05.792280 IP 192.168.0.3.ssh > 192.168.0.1.2101: tcp 3623 43 IP 05.842115 IP 192.168.0.1.2101 > 192.168.0.3.ssh: tcp 023 43 IP 05.845074 IP 115.238.1.45.3724 > 192.168.0.65.2057: tcp 023343 05.907155 IP 192.168.0.3.ssh > 192.168.0.1.2101: tcp 3623 : 43 UDP 05.793880 IP 192.168.0.3.32804 > UDP Length 4223 43 ses 0x1cb0 PPPoE [ses 0x1cb0] IP 118.250.6.85.64219 > dns2.cs.hn.cn.domain: UDP, length 4223 43 dns2.cs.hn.cn.domain 05.811127 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64219: UDP, length 4223 43 UDP IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: UDP Length 4223 length 43 length IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: UDP, length 4223 dns2.cs.hn.cn.domain 4223 PPPoE [ses 0x1cb0] IP 118.250.6.85.64219 > dns2.cs.hn.cn.domain: UDP, length 4210 packets captured39 packets received by filter0 packets dropped by kernel convert gram reading format

# tcpdump-d (000) ret # 96 convert to decimal format

# tcpdump-ddd16 0096 and above are all the contents of this article entitled "how to use Linux commands tcpdump". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Data network format output file command standard code data common use address instruction article compilation information content decimal stamp number method vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Huawei MariaDB OPPO Reno Xiaomi Shulou Information Shulou Technology Shulou Tech Info Linux macOS NVidia MySQL vpn Microsoft Apple Docker Redmi Huawei MariaDB OPPO Reno Xiaomi Shulou Information Shulou Technology Shulou Tech Info Linux macOS NVidia MySQL vpn Microsoft Apple Docker Redmi

Share To

Related

Development

More Development >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report