Dns netstat route arp tcpdump 02/24 Update SLTechnology News&Howtos

Dns netstat route arp tcpdump

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Cat / etc/resolv.conf # dns Information

Nameserver 192.168.100.2

Netstat-r-n # routing table, gateway information

Route-n

Ifconfig # ip message, accept, send package

Arp # can bind ip and mac address to prevent arp spoofing and has the best control on the switch.

Tcpdump

Cpdump and wireshark

Wireshark (formerly ethereal) is a very easy-to-use package grabbing tool under Windows. But it is difficult to find a good graphical bag grabbing tool under Linux. It's a good thing there's Tcpdump. We can use the perfect combination of Tcpdump + Wireshark: grab the packet in Linux, and then analyze the package in Windows.

Tcpdump tcp-I eth2-t-s 0-c 100 and dst port! 22 and src net 192.168.1.0 Universe 24-w. / target.cap

(1) tcp: ip icmp arp rarp and tcp, udp, icmp and other options should be placed in the first parameter to filter the type of Datagram.

(2)-I eth2: only grab packets that pass through interface eth2

(3)-t: no timestamp is displayed

(4)-s 0: when fetching packets, the default crawling length is 68 bytes. After adding-S 0, you can catch the complete data packet.

(5)-c 100: only grab 100 packets

(6) dst port! 22: do not crawl packets whose destination port is 22

(7) src net 192.168.1.0 take 24: the source network address of the packet is 192.168.1.0 take 24

(8)-w. / target.cap: saved as a cap file to facilitate analysis with ethereal (i.e. wireshark)

Crawling HTTP packages using tcpdump

Tcpdump-XvvennSs 0-I eth0 tcp [20:2] = 0x4745 or tcp [20:2] = 0x4854

0x4745 is the first two letters of "GET"GE", and 0x4854 is the first two letters of "HTTP"HT".

Tcpdump does not decode the intercepted data thoroughly, and most of the contents of the packet are printed directly in hexadecimal form. Obviously, this is not conducive to the analysis of network faults, the usual solution is to use tcpdump with-w parameter to intercept the data and save it to a file, and then use other programs (such as Wireshark) for decoding analysis. Of course, filtering rules should also be defined to prevent captured packets from filling the entire hard disk.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.