Shulou(Shulou.com)06/02 Report--

Tcpdump basic usage: tcpdump-I ens33-tnn dst port 80-c 100 capture packets on port 80 of the ens33 network card, grab only access messages, and stop after catching 1000.-tnn t means tcp can be changed to u only grab udp or both tu, nn means display port, without nn 80 will be resolved into http#dst data flow sending address > receive address: 80 only this flow will grab Src is just the opposite sending address: 80 > receive address will grab tcpdump-I ens33 host 192.168.0.13 and-tnn dst port 80-c 100grab packets on port 80 of ens33 while filtering and hanging other messages only 192.168.0.13

# as shown in the figure, dst is added to capture only the access message, and no access message is added with the response packet. If you only want to see the response packet, add src. Simultaneously grab two ports tcpdump-I ens33 host 192.168.0.13 and-tnn dst port 80 or 22-c 100 catch tcpdump-I ens33 host 192.168.0.13 and-nn 'icmp'# on ports 80 and 22 of 192.168.0.13 and-nn' icmp'# to 192.168.0.13 pairs of icmp packets, grab packets, ping yourself can't catch firewall rejected port 80, then grab packets

As you can see in the figure, the access message can be received, but if the server rejects port 80, there will be no reply packet.

Tcpdump-I ens33 dst 192.168.0.13 and src 192.168.0.70 and-tunn port 80-c 1000

# grab port 80 message with source address 192.168.0.70 and destination address 192.168.0.13

Iptables basic iptables-An INPUT-p tcp-- dport 80-j ACCEPT# means insert a rule allowing port 80 from the input direction iptables-nL # View the rule, n display the port, do not add 80 to display as http, you can add INPUT OUTPUT to view only the entry or exit direction

Iptables-D INPUT 1 # Delete the first rule in the INPUT table

Iptables-An INPUT-s 192.168.0.70-p icmp- j DROP# rejects icmp packets with source address 192.168.0.70. Not adding-s means rejecting all iptables-I INPUT-p icmp- m icmp--icmp-type 0-j ACCEPT# by adding a rule at the top, which means that the server ping someone else's return packet 0 means that packet 8 is to go. These two items have to be combined so that the server can ping others, others cannot ping the server, and the second must be on top of the first one.

Iptables matching rule

Iptables matching is matched from top to bottom, and if the match reaches one of the following rules, there will be no more matching.

# after matching the first entry on this side, it will not match the second one, so it can ping

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.