Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "how to use tcpdump". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Tcpdump option-I any listens on all Nic interfaces Used to see if there is network traffic-I eth0 only listens for eth0 Nic interfaces-D displays a list of available interfaces-n do not resolve hostnames-nn do not resolve hostnames or port names-Q shows less output (more quiet)-t output readable timestamps-tttt outputs maximum readable timestamps-X displays the contents of packets in both hex and ASCII forms-XX is similar to * *-X Increase the Ethernet header display-v,-vv,-vvv display more packet information-c only reads x packets, and then stop-s to specify the length of each packet capture, in byte, use-S0 to capture the contents of the entire packet-S output absolute serial number-e to get Ethernet header-E using the provided secret key decryption IPSEC traffic tcpdump expression in tcpdump, you can use the expression to filter specified types of traffic. There are three main types of expressions: type,dir,proto. Type (type) option includes: host,net,port direction (dir) option includes: src,dst protocol (proto) option includes: tcp,udp,icmp,ah, etc. Capture all traffic to see what happens on all network card interfaces tcpdump-I any specifies network card interface to view what happens on specified network card tcpdump-I en0 native output view more information, do not parse host name and port number, display absolute sequence number Readable timestamp-tttt output maximum readable timestamp-n do not parse hostname-v,-vv,-vvv display more package information-S output absolute sequence number tcpdump-ttttnnvvS grab icmp packet And display the package details ➜research sudo tcpdump-nnvXSs 0-C1 icmptcpdump: data link type PKTAPtcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes23:26:21.499957 IP (tos 0x0, ttl 64, id 6677, offset 0, flags [none], proto ICMP (1), length 84) 192.168.5.6 > 115.239.210.27: ICMP echo request, id 17413, seq 0 Length 64 0x0000: 0810 7899 e321 1865 90de c03f 0800 4500..! .e... E. 0x0010: 0054 1a15 0000 4001 54db c0a8 0506 73ef .T.... @ .T.s. 0x0020: d21b 0800 89fa 4405 0000 5b1d 431d 0007 .D... [.C... 0x0030: a0bb 0809 0a0b 0c0d 0e0f 1011 1213 1415. 0x0040: 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425. "# $% 0x0050: 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 &'() * + -. / 012345 0x0060: 3637 671 packet captured1210 packets received by filter0 packets dropped by kernel ➜research ~ ping www.baidu.comPING www.a.shifen.com (115.239.210.27): 56 data bytes64 bytes from 115.239.210.27: icmp_seq=0 ttl=54 time=22.223 ms64 bytes from 115.239.210.27: icmp_seq=1 ttl=54 time=441.219 ms uses source and destination addresses to filter sudo tcpdump dst .239.211.112sudo tcpdump src 192.168.5.6tcpdump-Dsudo tcpdump-I en0-vvv-s 1500-X 'port 80' grabs packets according to host IP sudo tcpdump host 192.168.5.6 according to Ethernet address sudo tcpdump ether host 18:65:90:de:c0:3f "how to use tcpdump" is introduced here Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.