How to use the tcpdump command of Linux 04/27 Update SLTechnology News&Howtos

How to use the tcpdump command of Linux

2025-04-27 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/01 Report--

Editor to share with you how to use the tcpdump command of Linux. I hope you will get something after reading this article. Let's discuss it together.

The tcpdump command is a Datagram sniffing tool based on the command line of the unix system, which can grab data packets flowing on the network card.

In general, the Linux system will come with tcpdump tools, if the system is not installed, just use the command to install it.

Installation commands: yum install-y tcpdump teaches you to use tcpdump commands in Linux to use tcpdump commands in Linux to view installation commands: tcpdump-- help teaches you to use tcpdump commands in Linux and teaches you to use tcpdump commands in Linux

View the network card command:

God teaches you to use tcpdump commands in Linux. God teaches you to use tcpdump commands in Linux.

Knowing the network card, you can use the tcpdump tool to monitor and filter the network data for the network card on the server.

Common tcpdump commands:

# grab all network data that passes through eth0 with the destination or source address of 192.168.29.162

Command: tcpdump-n-I eth0 host 192.168.29.162

# Source address

Command: tcpdump-I eth2 src host 192.168.29.162

# destination address

Command: tcpdump-I eth2 dst host 192.168.29.162

# grab the network data of the current server eth0 Nic port 8080

Command: tcpdump-n-I eth0 port 8080

# fetching sql statements executed by mysql

Command: tcpdump-I eth2-s 0-l-w-dst port 3306 | strings

# grab the network packet of mysql communication (cap is opened with wireshark)

Command tcpdump-n-nn-tttt-I eth0-s 65535 'port 3306'-w 20160505mysql.cap

# fetching SMTP data

Command: tcpdump-I eth2'tcp [tcpflags] & tcp-syn! = 0 and tcp [tcpflags] & tcp-ack! = 0'

# grab HTTP GET data. The hexadecimal value of "GET" is 47455420

Command: tcpdump-I eth2 'tcp [(tcp [12] > > 2): 4] = 0x47455420'

# fetching SSH returned. The hexadecimal of "SSH-" is 0x5353482D.

Command: tcpdump-I eth2 'tcp [(tcp [12] > > 2): 4] = 0x5353482D'

# grab the GET packet of port number 8080 in real time, and then write it to GET.log

Command: tcpdump-I eth0'((port 8080) and (tcp [(tcp [12] > > 2): 4] = 0x47455420))'- nnAl-w / tmp/GET.log

# crawl specifies the number of SYN, and the-c parameter specifies how many packets to grab.

Command: time tcpdump-nn-I eth0'tcp [tcpflags] = tcp-syn'-c 10

After reading this article, I believe you have a certain understanding of "how to use the tcpdump command of Linux". If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.