Detailed explanation of tcpdump grab package 01/18 Update SLTechnology News&Howtos

Detailed explanation of tcpdump grab package

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Preparation: the environment adopted this time is centos6.5

Tcpdump is not installed by default Linux. We need to install it.

1) yum install tcpdump-y

2) if you forget the usage of this software, we can use tcpdump-- help to see how to use it.

3) generally speaking, there is only one ENI in our server, and you can grab the packet directly with tcpdump, but it is too troublesome to check it, so parameters will be added to obtain it.

For example, I intercept the data between the local machine (192.168.31.147) and the host 114.114.114

Tcpdump-n-I eth0 host 192.168.31.147 and 114.114.114.114

Note: if you use a dual network card, you can also grab Eth2 (tcpdump-I eth2).

4) the following format can be used to intercept all data entering the server.

Tcpdump-n-I eth0 dst 192.168.31.147

Or the server has more than one IP to use parameters

Tcpdump-n-I eth0 dst 192.168.31.147 or 192.168.31.157

5) We crawl all TCP packets entering the server using the following format, which you can refer to

Tcpdump-n-I eth0 dst 192.168.31.147 or 192.168.31.157 and tcp

Packets outgoing from the local computer

Tcpdump-n-I eth0 src 192.168.31.147 or 192.168.31.157

Tcpdump-n-I eth0 src 192.168.31.147 or 192.168.31.157 and port! 22 and tcp

Or it can be conditional that or and and are used together to filter out better results.

2 tcpdump detailed command explanation

(1) tcp: ip icmp arp rarp and tcp, udp, icmp and other options should be placed in the first parameter to filter the type of Datagram.

(2)-I eth2: only grab packets that pass through interface eth2

(3)-t: no timestamp is displayed

(4)-s 0: when fetching packets, the default crawling length is 68 bytes. After adding-S 0, you can catch the complete data packet.

(5)-c 100: only grab 100 packets

(6) dst port! 22: do not crawl packets whose destination port is 22

(7) src net 192.168.1.0 take 24: the source network address of the packet is 192.168.1.0 take 24

(8)-w. / target.cap: saved as a cap file to facilitate analysis with ethereal (i.e. wireshark)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.