Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to use the tcpdump command of the Linux system, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

The tcpdump command is a Datagram sniffing tool based on the command line of the unix system, which can grab data packets flowing on the network card.

The Tcpdump command is used to read data from a network packet from a network interface. You can also use the previously created packet file to read and analyze through tcpdump. You can use tcpdump as a command for a root user or a user with sudo privileges.

Here in this tutorial, we will discuss the use of the tcpdump command in installation as well as some basic examples.

Let's start by installing the tcpdump tool.

Tcpdump installation:

In most pre-installed Linux distributions, tcpdump, if it is not installed on the system, you can install it on the system using the following methods.

CentOS/RHEL

You can install tcpdump in CentOS/RHEL using the following command

$sudo yum install tcpdump

Fedora

On fedora, you should install tcpdump using the following command

$dnf install tcpdump

Ubuntu/Debian/Linux Mint

Similarly, you can install tcpdump on Ubuntu or Debian or Linux Mint using the following command

Now, let's look at an example of the tcpdump command.

Example:

We will use the file created below as input to the sample command

Example 1: capture packets from all interfaces

Use the command tcpdump to capture the network package as follows:

Linuxidc@linuxidc:~/www.linuxidc.com$ sudo tcpdumptcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on wlp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes20:15:28.897761 IP linuxidc.49164 > 183.222.96.208.https: Flags [.], ack 3243612939, win 501, options [nop,nop,TS val 1582584396 ecr 1860790567], length 020 Vera 15Vera 28.899731 IP linuxidc.41411 > _ gateway.domain: 30792 + PTR? 208.96.222.183.in-addr.arpa. (45) 20 ServFail 1515 IP 183.222.96.208.https 28.965333 IP 183.222.96.208.https > linuxidc.49164: Flags [.], ack 1, win 643, options [nop,nop,TS val 1860800808 ecr 1582543782], length 020 ServFail 15 ack 29.058203 IP _ gateway.domain > linuxidc.41411: 30792 ServFail 0Compact 0 (45) 201515 linuxidc.41411 > 183.222.96.208.https: Flags [.], ack 179524709, win 501, options [nop,nop,TS val 1582584652 ecr 1860790821] Length 020 ack 15 Flags 29.234028 IP 183.222.96.208.https > linuxidc.49168: Flags [.], ack 1, win 251, options [nop,nop,TS val 1860801061 ecr 1582543871], length 020 Vega 15 linuxidc.49168 32.847078 IP 192.168.1.113.mdns > 224.0.0.251.mdns: 0 PTR (QM)? _ leboremote._tcp.local. (40) .TCPdump command help and sample tcpdump command help and example

Example 2: capture packets from a specific interface

You can use the "tcpdump" command with the option "- I" and the interface name to capture network packages from specific interfaces.

Linuxidc@linuxidc:~/www.linuxidc.com$ sudo tcpdump-I wlp2s0tcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on wlp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes20:14:05.697766 IP linuxidc.49154 > 183.222.96.208.https: Flags [.], ack 991288211, win 501, options [nop,nop,TS val 1582501196 ecr 1860707369], length 020 Vera 1415 05.699550 IP linuxidc.42223 > _ gateway.domain: 49981 + PTR? 208.96.222.183.in-addr.arpa. (45) 20 ack 14 IP 183.222.96.208.https 05.755355 IP 183.222.96.208.https > linuxidc.49154: Flags [.], ack 1, win 285, options [nop,nop,TS val 1860717618 ecr 1582450090], length 020 Flags 14 Flags 05.834046 IP linuxidc.58056 > 156.99.224.35.bc.googleusercontent.com.http: Flags [S], seq 1741286821, win 64240, options [mss 1460 ecr sackOk Lottery TS val 1163018628 ecr 0pl nopline WScale 7] Length 020 ServFail 14gateway.domain 05.893904 IP _ gateway.domain > linuxidc.42223: 49981 ServFail 0Universe 08067 IP linuxidc.40699 > _ gateway.domain: 28863 + PTR? 156.99.224.35.in-addr.arpa IP 156.99.224.35.bc.googleusercontent.com.http > linuxidc.58056: Flags [S.], seq 2057714007, ack 1741286822, win 28160, options [mss 1420 val 2436647274 ecr 1163018628 IP linuxidc.58056 > 156.99.224.35.bc.googleusercontent.com.http: Flags [.], ack 1, win 502, options [nop,nop,TS val 1163018861 ecr 2436647274] Length 0.tcpdump Command help and sample tcpdump Command help and sample

Example 3: check for available interfaces

You can use the "tcpdump" command with the "- D" option to display all available interfaces on the system, as shown below.

Linuxidc@linuxidc:~/www.linuxidc.com$ sudo tcpdump-D [sudo] linuxidc password: 1.wlp2s0 [Up, Running] 2.any (Pseudo-device that captures on all interfaces) [Up, Running] 3.lo [Up, Running, Loopback] 4.enp1s0 [Up] 5.bluetooth0 (Bluetooth adapter number 0) 6.nflog (NFLOG) interface) 7.nfqueue (Linux netfilter queue (NFQUEUE) interface) 8.usbmon1 (USB bus number 1) 9.usbmon2 (USB bus number 2).

Thank you for reading this article carefully. I hope the article "how to use the tcpdump Command of Linux system" shared by the editor will be helpful to everyone. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.