精华内容
下载资源
问答
  • tcpdump安装
    千次阅读
    2022-02-18 16:53:56

    准备工作:

    1、安装flex

    yum -y install flex

    2、安装bison

    yum -y install bison

    安装tcpdump:

    wget http://www.tcpdump.org/release/libpcap-1.5.3.tar.gz
    wget http://www.tcpdump.org/release/tcpdump-4.5.1.tar.gz
    tar -zxvf libpcap-1.5.3.tar.gz
    cd libpcap-1.5.3
    ./configure
    sudo make install

    cd …
    tar -zxvf tcpdump-4.5.1.tar.gz
    cd tcpdump-4.5.1
    ./configure
    sudo make install

    使用:

    tcpdump -i eth2(网卡) dst host 10.100.3.16(目标服务器) and src host DEV-mHRO64(源地址服务器)

    更多相关内容
  • tcpdump安装

    2018-03-23 13:51:35
    tcpdump安装,值得下载收藏,讲解的非常详细,基本做到傻瓜化
  • tcpdump安装、依赖包

    2022-06-17 10:26:29
    tcpdump安装、依赖包;libpcap-1.4.0.tar.gz;tcpdump-4.4.0.tar.gz
  • tcpdump 安装与使用

    千次阅读 2021-11-26 17:32:40
    tcpdump 安装与使用 root@node133:~# apt-get install tcpdump 正在读取软件包列表... 完成 正在分析软件包的依赖关系树 正在读取状态信息... 完成 下列软件包是自动安装的并且现在不需要了: fbterm ...

    tcpdump 安装与使用

    root@node133:~# apt-get install tcpdump
    正在读取软件包列表... 完成
    正在分析软件包的依赖关系树       
    正在读取状态信息... 完成       
    下列软件包是自动安装的并且现在不需要了:
      fbterm imageworsener libc-ares2 libde265-0 libheif1 liblqr-1-0 libmaxminddb0 libqtermwidget5-0 libsbc1 libsmi2ldbl libspandsp2 libutf8proc2 libwireshark-data
      libwireshark11 libwiretap8 libwscodecs2 libwsutil9 qtermwidget5-data squashfs-tools
    使用'apt autoremove'来卸载它(它们)。
    建议安装:
      apparmor
    下列【新】软件包将被安装:
      tcpdump
    升级了 0 个软件包,新安装了 1 个软件包,要卸载 0 个软件包,有 234 个软件包未被升级。
    需要下载 368 kB 的归档。
    解压缩后会消耗 1,252 kB 的额外空间。
    获取:1 https://enterprise-packages.chinauos.com/server-enterprise fou/sp3/main mips64el tcpdump mips64el 4.9.3-1~deb10u1 [368 kB]
    已下载 368 kB,耗时 1(314 kB/s)
    正在选中未选择的软件包 tcpdump。
    (正在读取数据库 ... 系统当前共安装有 180530 个文件和目录。)
    准备解压 .../tcpdump_4.9.3-1~deb10u1_mips64el.deb  ...
    正在解压 tcpdump (4.9.3-1~deb10u1) ...
    正在设置 tcpdump (4.9.3-1~deb10u1) ...
    正在处理用于 man-db (2.8.5-2) 的触发器 ...
    root@node133:~# tcpdump -i any port 8088
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
    23:08:38.488072 IP 10.173.203.3.44852 > node133.omniorb: Flags [P.], seq 3363016020:3363016594, ack 588384097, win 501, options [nop,nop,TS val 1311969474 ecr 634138321], 
    length 57423:08:38.493703 IP node133.omniorb > 10.173.203.3.44852: Flags [P.], seq 1:946, ack 574, win 501, options [nop,nop,TS val 634175335 ecr 1311969474], length 945
    23:08:38.494292 IP 10.173.203.3.44852 > node133.omniorb: Flags [.], ack 946, win 501, options [nop,nop,TS val 1311969481 ecr 634175335], length 0
    23:08:43.580511 IP 10.173.203.3.55912 > node133.omniorb: Flags [P.], seq 2371186817:2371187407, ack 1386621053, win 501, options [nop,nop,TS val 883847375 ecr 634144412], 
    length 59023:08:43.586350 IP node133.omniorb > 10.173.203.3.55912: Flags [P.], seq 1:946, ack 590, win 501, options [nop,nop,TS val 634180428 ecr 883847375], length 945
    23:08:43.587352 IP 10.173.203.3.55912 > node133.omniorb: Flags [.], ack 946, win 501, options [nop,nop,TS val 883847382 ecr 634180428], length 0
    23:08:43.910318 IP 10.173.203.3.56330 > node133.omniorb: Flags [P.], seq 2992360588:2992361178, ack 2894098487, win 501, options [nop,nop,TS val 3480106199 ecr 634145769],
     length 59023:08:43.912983 IP node133.omniorb > 10.173.203.3.56330: Flags [P.], seq 1:946, ack 590, win 501, options [nop,nop,TS val 634180755 ecr 3480106199], length 945
    23:08:43.913875 IP 10.173.203.3.56330 > node133.omniorb: Flags [.], ack 946, win 501, options [nop,nop,TS val 3480106203 ecr 634180755], length 0
    23:08:45.232268 IP 10.173.203.3.51432 > node133.omniorb: Flags [S], seq 3555649822, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    23:08:45.232322 IP node133.omniorb > 10.173.203.3.51432: Flags [S.], seq 651211897, ack 3555649823, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    23:08:45.233356 IP 10.173.203.3.51432 > node133.omniorb: Flags [.], ack 1, win 16425, length 0
    23:08:45.234289 IP 10.173.203.3.51432 > node133.omniorb: Flags [P.], seq 1:845, ack 1, win 16425, length 844
    23:08:45.234319 IP node133.omniorb > 10.173.203.3.51432: Flags [.], ack 845, win 501, length 0
    23:08:45.385517 IP node133.omniorb > 10.173.203.3.51432: Flags [.], seq 1:7301, ack 845, win 501, length 7300
    23:08:45.385573 IP node133.omniorb > 10.173.203.3.51432: Flags [P.], seq 7301:8193, ack 845, win 501, length 892
    23:08:45.387582 IP 10.173.203.3.51432 > node133.omniorb: Flags [.], ack 8193, win 16425, length 0
    23:08:45.388139 IP node133.omniorb > 10.173.203.3.51432: Flags [P.], seq 8193:9803, ack 845, win 501, length 1610
    23:08:45.389507 IP 10.173.203.3.51432 > node133.omniorb: Flags [.], ack 9803, win 16425, length 0
    23:08:45.411165 IP 10.173.203.3.51432 > node133.omniorb: Flags [P.], seq 845:1779, ack 9803, win 16425, length 934
    23:08:45.411197 IP node133.omniorb > 10.173.203.3.51432: Flags [.], ack 1779, win 501, length 0
    23:08:45.745173 IP node133.omniorb > 10.173.203.3.51432: Flags [P.], seq 9803:17095, ack 1779, win 501, length 7292
    23:08:45.747183 IP 10.173.203.3.51432 > node133.omniorb: Flags [.], ack 17095, win 16425, length 0
    23:08:45.805868 IP 10.173.203.3.51432 > node133.omniorb: Flags [P.], seq 1779:3446, ack 17095, win 16425, length 1667
    23:08:45.805903 IP node133.omniorb > 10.173.203.3.51432: Flags [.], ack 3446, win 501, length 0
    23:08:45.806416 IP 10.173.203.3.51433 > node133.omniorb: Flags [S], seq 2530717159, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    23:08:45.806489 IP node133.omniorb > 10.173.203.3.51433: Flags [S.], seq 907980723, ack 2530717160, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    23:08:45.807177 IP 10.173.203.3.51434 > node133.omniorb: Flags [S], seq 1613500230, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    23:08:45.807192 IP node133.omniorb > 10.173.203.3.51434: Flags [S.], seq 1383275543, ack 1613500231, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    23:08:45.807196 IP 10.173.203.3.51433 > node133.omniorb: Flags [.], ack 1, win 16425, length 0
    23:08:45.808136 IP 10.173.203.3.51434 > node133.omniorb: Flags [.], ack 1, win 16425, length 0
    23:08:45.808330 IP 10.173.203.3.51433 > node133.omniorb: Flags [P.], seq 1:1711, ack 1, win 16425, length 1710
    23:08:45.808356 IP node133.omniorb > 10.173.203.3.51433: Flags [.], ack 1711, win 501, length 0
    23:08:45.808363 IP 10.173.203.3.51435 > node133.omniorb: Flags [S], seq 678398458, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    23:08:45.808385 IP node133.omniorb > 10.173.203.3.51435: Flags [S.], seq 4276354995, ack 678398459, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    23:08:45.809043 IP 10.173.203.3.51435 > node133.omniorb: Flags [.], ack 1, win 16425, length 0
    23:08:45.809794 IP 10.173.203.3.51434 > node133.omniorb: Flags [P.], seq 1:1663, ack 1, win 16425, length 1662
    23:08:45.809826 IP node133.omniorb > 10.173.203.3.51434: Flags [.], ack 1663, win 501, length 0
    23:08:45.810150 IP 10.173.203.3.51436 > node133.omniorb: Flags [S], seq 1092281862, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    23:08:45.810180 IP node133.omniorb > 10.173.203.3.51436: Flags [S.], seq 1335926545, ack 1092281863, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    23:08:45.810698 IP 10.173.203.3.51436 > node133.omniorb: Flags [.], ack 1, win 16425, length 0
    23:08:45.811129 IP 10.173.203.3.51437 > node133.omniorb: Flags [S], seq 3653708645, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    23:08:45.811146 IP node133.omniorb > 10.173.203.3.51437: Flags [S.], seq 1877671120, ack 3653708646, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    23:08:45.811572 IP 10.173.203.3.51437 > node133.omniorb: Flags [.], ack 1, win 16425, length 0
    23:08:45.812054 IP 10.173.203.3.51435 > node133.omniorb: Flags [P.], seq 1:1659, ack 1, win 16425, length 1658
    23:08:45.812079 IP node133.omniorb > 10.173.203.3.51435: Flags [.], ack 1659, win 501, length 0
    23:08:45.812672 IP 10.173.203.3.51436 > node133.omniorb: Flags [P.], seq 1:1660, ack 1, win 16425, length 1659
    23:08:45.812700 IP node133.omniorb > 10.173.203.3.51436: Flags [.], ack 1660, win 501, length 0
    23:08:45.813045 IP 10.173.203.3.51437 > node133.omniorb: Flags [P.], seq 1:1657, ack 1, win 16425, length 1656
    23:08:45.813066 IP node133.omniorb > 10.173.203.3.51437: Flags [.], ack 1657, win 501, length 0
    23:08:45.813635 IP node133.omniorb > 10.173.203.3.51432: Flags [P.], seq 17095:17296, ack 3446, win 501, length 201
    23:08:45.818432 IP 10.173.203.3.51432 > node133.omniorb: Flags [P.], seq 3446:5103, ack 17296, win 16374, length 1657
    23:08:45.818462 IP node133.omniorb > 10.173.203.3.51432: Flags [.], ack 5103, win 501, length 0
    23:08:45.822374 IP node133.omniorb > 10.173.203.3.51434: Flags [P.], seq 1:202, ack 1663, win 501, length 201
    23:08:45.824668 IP 10.173.203.3.51434 > node133.omniorb: Flags [P.], seq 1663:3327, ack 202, win 16374, length 1664
    23:08:45.824691 IP node133.omniorb > 10.173.203.3.51434: Flags [.], ack 3327, win 501, length 0
    23:08:45.856402 IP node133.omniorb > 10.173.203.3.51434: Flags [P.], seq 202:1653, ack 3327, win 501, length 1451
    23:08:45.859218 IP 10.173.203.3.51434 > node133.omniorb: Flags [P.], seq 3327:4997, ack 1653, win 16425, length 1670
    23:08:45.859246 IP node133.omniorb > 10.173.203.3.51434: Flags [.], ack 4997, win 501, length 0
    23:08:45.884160 IP node133.omniorb > 10.173.203.3.51435: Flags [.], seq 1:7301, ack 1659, win 501, length 7300
    23:08:45.884229 IP node133.omniorb > 10.173.203.3.51435: Flags [P.], seq 7301:8193, ack 1659, win 501, length 892
    23:08:45.884464 IP node133.omniorb > 10.173.203.3.51435: Flags [P.], seq 8193:9207, ack 1659, win 501, length 1014
    23:08:45.885774 IP 10.173.203.3.51435 > node133.omniorb: Flags [.], ack 9207, win 16425, length 0
    23:08:45.886329 IP node133.omniorb > 10.173.203.3.51436: Flags [.], seq 1:7301, ack 1660, win 501, length 7300
    23:08:45.886346 IP node133.omniorb > 10.173.203.3.51436: Flags [P.], seq 7301:8193, ack 1660, win 501, length 892
    23:08:45.886614 IP 10.173.203.3.51435 > node133.omniorb: Flags [P.], seq 1659:3323, ack 9207, win 16425, length 1664
    23:08:45.886638 IP node133.omniorb > 10.173.203.3.51435: Flags [.], ack 3323, win 501, length 0
    23:08:45.887364 IP 10.173.203.3.51436 > node133.omniorb: Flags [.], ack 5841, win 16425, length 0
    23:08:45.887639 IP node133.omniorb > 10.173.203.3.51436: Flags [P.], seq 8193:9138, ack 1660, win 501, length 945
    23:08:45.888196 IP 10.173.203.3.51436 > node133.omniorb: Flags [.], ack 9138, win 16425, length 0
    23:08:45.895470 IP node133.omniorb > 10.173.203.3.51434: Flags [P.], seq 1653:3096, ack 4997, win 501, length 1443
    23:08:45.900273 IP node133.omniorb > 10.173.203.3.51435: Flags [P.], seq 9207:10663, ack 3323, win 501, length 1456
    23:08:45.927287 IP node133.omniorb > 10.173.203.3.51432: Flags [P.], seq 17296:18808, ack 5103, win 501, length 1512
    23:08:45.928049 IP 10.173.203.3.51432 > node133.omniorb: Flags [.], ack 18808, win 16425, length 0
    23:08:45.985702 IP node133.omniorb > 10.173.203.3.51437: Flags [.], seq 1:7301, ack 1657, win 501, length 7300
    23:08:45.985748 IP node133.omniorb > 10.173.203.3.51437: Flags [P.], seq 7301:8193, ack 1657, win 501, length 892
    23:08:45.987650 IP 10.173.203.3.51437 > node133.omniorb: Flags [.], ack 8193, win 16425, length 0
    23:08:45.987721 IP node133.omniorb > 10.173.203.3.51437: Flags [P.], seq 8193:11564, ack 1657, win 501, length 3371
    23:08:45.988744 IP 10.173.203.3.51437 > node133.omniorb: Flags [.], ack 11564, win 16312, length 0
    23:08:46.094228 IP 10.173.203.3.51434 > node133.omniorb: Flags [.], ack 3096, win 16064, length 0
    23:08:46.099161 IP 10.173.203.3.51435 > node133.omniorb: Flags [.], ack 10663, win 16061, length 0
    23:08:46.139310 IP node133.omniorb > 10.173.203.3.51433: Flags [P.], seq 1:1617, ack 1711, win 501, length 1616
    23:08:46.140368 IP 10.173.203.3.51433 > node133.omniorb: Flags [.], ack 1617, win 16425, length 0
    23:08:46.360986 IP 10.173.203.3.49236 > node133.omniorb: Flags [P.], seq 4044692665:4044693240, ack 105778043, win 501, options [nop,nop,TS val 624640658 ecr 634146204], l
    ength 57523:08:46.365599 IP node133.omniorb > 10.173.203.3.49236: Flags [P.], seq 1:946, ack 575, win 501, options [nop,nop,TS val 634183207 ecr 624640658], length 945
    23:08:46.366642 IP 10.173.203.3.49236 > node133.omniorb: Flags [.], ack 946, win 501, options [nop,nop,TS val 624640664 ecr 634183207], length 0
    23:08:47.803513 IP 10.173.203.3.44978 > node133.omniorb: Flags [P.], seq 1450619921:1450620511, ack 1575592717, win 501, options [nop,nop,TS val 316091562 ecr 634168647], 
    length 59023:08:47.809193 IP node133.omniorb > 10.173.203.3.44978: Flags [P.], seq 1:946, ack 590, win 501, options [nop,nop,TS val 634184651 ecr 316091562], length 945
    23:08:47.810145 IP 10.173.203.3.44978 > node133.omniorb: Flags [.], ack 946, win 501, options [nop,nop,TS val 316091569 ecr 634184651], length 0
    23:08:48.886830 IP 10.173.203.3.2141 > node133.omniorb: Flags [P.], seq 3121947202:3121947789, ack 3837326208, win 64240, options [nop,nop,TS val 58927 ecr 634151746], len
    gth 58723:08:48.889806 IP node133.omniorb > 10.173.203.3.2141: Flags [P.], seq 1:255, ack 587, win 501, options [nop,nop,TS val 634185732 ecr 58927], length 254
    23:08:49.087964 IP 10.173.203.3.2141 > node133.omniorb: Flags [.], ack 255, win 64176, options [nop,nop,TS val 58929 ecr 634185732], length 0
    23:08:55.614264 IP 10.173.203.3.51436 > node133.omniorb: Flags [F.], seq 1660, ack 9138, win 16425, length 0
    23:08:55.614436 IP 10.173.203.3.51434 > node133.omniorb: Flags [F.], seq 4997, ack 3096, win 16064, length 0
    23:08:55.614556 IP 10.173.203.3.51435 > node133.omniorb: Flags [F.], seq 3323, ack 10663, win 16061, length 0
    23:08:55.614726 IP 10.173.203.3.51432 > node133.omniorb: Flags [F.], seq 5103, ack 18808, win 16425, length 0
    23:08:55.614852 IP 10.173.203.3.51437 > node133.omniorb: Flags [F.], seq 1657, ack 11564, win 16312, length 0
    23:08:55.615029 IP 10.173.203.3.51433 > node133.omniorb: Flags [F.], seq 1711, ack 1617, win 16425, length 0
    23:08:55.615461 IP node133.omniorb > 10.173.203.3.51432: Flags [F.], seq 18808, ack 5104, win 501, length 0
    23:08:55.615526 IP node133.omniorb > 10.173.203.3.51436: Flags [F.], seq 9138, ack 1661, win 501, length 0
    23:08:55.615556 IP node133.omniorb > 10.173.203.3.51434: Flags [F.], seq 3096, ack 4998, win 501, length 0
    23:08:55.615560 IP node133.omniorb > 10.173.203.3.51435: Flags [F.], seq 10663, ack 3324, win 501, length 0
    23:08:55.616001 IP node133.omniorb > 10.173.203.3.51437: Flags [F.], seq 11564, ack 1658, win 501, length 0
    23:08:55.616119 IP node133.omniorb > 10.173.203.3.51433: Flags [F.], seq 1617, ack 1712, win 501, length 0
    23:08:55.616368 IP 10.173.203.3.51436 > node133.omniorb: Flags [.], ack 9139, win 16425, length 0
    23:08:55.616407 IP 10.173.203.3.51432 > node133.omniorb: Flags [.], ack 18809, win 16425, length 0
    23:08:55.616420 IP 10.173.203.3.51435 > node133.omniorb: Flags [.], ack 10664, win 16061, length 0
    23:08:55.616613 IP 10.173.203.3.51434 > node133.omniorb: Flags [.], ack 3097, win 16064, length 0
    23:08:55.617771 IP 10.173.203.3.51433 > node133.omniorb: Flags [.], ack 1618, win 16425, length 0
    23:08:55.617795 IP 10.173.203.3.51437 > node133.omniorb: Flags [.], ack 11565, win 16312, length 0
    23:08:58.697390 IP 10.173.203.3.51443 > node133.omniorb: Flags [S], seq 2236192238, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    23:08:58.697449 IP node133.omniorb > 10.173.203.3.51443: Flags [S.], seq 3851154897, ack 2236192239, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    23:08:58.698357 IP 10.173.203.3.51443 > node133.omniorb: Flags [.], ack 1, win 16425, length 0
    23:08:58.699206 IP 10.173.203.3.51443 > node133.omniorb: Flags [P.], seq 1:588, ack 1, win 16425, length 587
    23:08:58.699234 IP node133.omniorb > 10.173.203.3.51443: Flags [.], ack 588, win 501, length 0
    23:08:58.704132 IP node133.omniorb > 10.173.203.3.51443: Flags [P.], seq 1:255, ack 588, win 501, length 254
    23:08:58.906923 IP 10.173.203.3.51443 > node133.omniorb: Flags [.], ack 255, win 16361, length 0
    23:09:03.319604 IP 10.173.203.3.50473 > node133.omniorb: Flags [P.], seq 1158852910:1158853488, ack 3883049406, win 256, length 578
    23:09:03.323800 IP node133.omniorb > 10.173.203.3.50473: Flags [P.], seq 1:946, ack 578, win 501, length 945
    23:09:03.518675 IP 10.173.203.3.50473 > node133.omniorb: Flags [.], ack 946, win 252, length 0
    23:09:04.322173 IP 10.173.203.3.50473 > node133.omniorb: Flags [P.], seq 578:1157, ack 946, win 252, length 579
    23:09:04.326634 IP node133.omniorb > 10.173.203.3.50473: Flags [P.], seq 946:1891, ack 1157, win 501, length 945
    23:09:04.531648 IP 10.173.203.3.50473 > node133.omniorb: Flags [.], ack 1891, win 256, length 0
    23:09:05.632652 IP 10.173.203.3.51443 > node133.omniorb: Flags [F.], seq 588, ack 255, win 16361, length 0
    23:09:05.633648 IP node133.omniorb > 10.173.203.3.51443: Flags [F.], seq 255, ack 589, win 501, length 0
    23:09:05.634225 IP 10.173.203.3.51443 > node133.omniorb: Flags [.], ack 256, win 16361, length 0
    23:09:10.799713 IP 10.173.203.3.44978 > node133.omniorb: Flags [P.], seq 590:1180, ack 946, win 501, options [nop,nop,TS val 316114558 ecr 634184651], length 590
    23:09:10.805458 IP node133.omniorb > 10.173.203.3.44978: Flags [P.], seq 946:1891, ack 1180, win 501, options [nop,nop,TS val 634207648 ecr 316114558], length 945
    23:09:10.806433 IP 10.173.203.3.44978 > node133.omniorb: Flags [.], ack 1891, win 501, options [nop,nop,TS val 316114565 ecr 634207648], length 0
    23:09:12.501943 IP 10.173.203.3.44852 > node133.omniorb: Flags [P.], seq 574:1148, ack 946, win 501, options [nop,nop,TS val 1312003489 ecr 634175335], length 574
    23:09:12.505172 IP node133.omniorb > 10.173.203.3.44852: Flags [P.], seq 946:1891, ack 1148, win 501, options [nop,nop,TS val 634209347 ecr 1312003489], length 945
    23:09:12.505755 IP 10.173.203.3.44852 > node133.omniorb: Flags [.], ack 1891, win 501, options [nop,nop,TS val 1312003493 ecr 634209347], length 0
    23:09:14.079766 IP 10.173.203.3.57548 > node133.omniorb: Flags [P.], seq 168723808:168724384, ack 4158296230, win 501, options [nop,nop,TS val 1517431158 ecr 634171914], l
    ength 57623:09:14.084258 IP node133.omniorb > 10.173.203.3.57548: Flags [P.], seq 1:946, ack 576, win 501, options [nop,nop,TS val 634210926 ecr 1517431158], length 945
    23:09:14.084902 IP 10.173.203.3.57548 > node133.omniorb: Flags [.], ack 946, win 501, options [nop,nop,TS val 1517431163 ecr 634210926], length 0
    ^C
    135 packets captured
    135 packets received by filter
    0 packets dropped by kernel
    
    
    root@node132:~# tcpdump -i any port 8088 -A
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
    23:17:26.646053 IP 10.173.203.3.53680 > node132.omniorb: Flags [P.], seq 2299743041:2299743635, ack 2621846109, win 511, length 594
    E..z..@.<...
    ...
    .........KA.F2]P.......GET /seeyon/getAJAXOnlineServlet?V=0.8346865680802558 HTTP/1.1
    Host: 172.28.65.176:8088
    Connection: keep-alive
    RequestType: AJAX
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
    Content-Type: application/x-www-form-urlencoded;charset=UTF-8
    Accept: */*
    Referer: http://172.28.65.176:8088/seeyon/main.do?method=main
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: login_locale=zh_CN; avatarImageUrl=7708614268446657770; loginPageURL=; JSESSIONID=7D6973301E47E5561B65209C70FD0B9B.ins132
    
    
    23:17:26.649047 IP node132.omniorb > 10.173.203.3.53680: Flags [P.], seq 1:257, ack 594, win 501, length 256
    E..(..@.@..(
    ...
    ........F2]..M.P.......HTTP/1.1 200 
    Pragma: No-cache
    Cache-Control: no-cache
    Expires: Thu, 01 Jan 1970 00:00:00 GMT
    Content-Type: text/html;charset=UTF-8
    Content-Length: 60
    Date: Wed, 24 Nov 2021 15:17:26 GMT
    
    {I:'7708614268446657770',K:'.....................',N:15,C:0}
    23:17:26.689328 IP 10.173.203.3.53680 > node132.omniorb: Flags [.], ack 257, win 510, length 0
    E..(..@.<...
    ...
    .........M..F3]P...ja........
    23:17:33.096974 IP 10.173.203.3.54747 > node132.omniorb: Flags [.], ack 3943327423, win 501, options [nop,nop,TS val 2159114333 ecr 1707385082], length 0
    E..4b.@.;.1S
    ...
    ........1...
    f............
    ..x]e...
    23:17:33.097004 IP node132.omniorb > 10.173.203.3.54747: Flags [.], ack 1, win 501, options [nop,nop,TS val 1707432062 ecr 2159067355], length 0
    E..4..@.@...
    ...
    ........
    f..1.............
    e.X~....
    23:17:34.560267 IP 10.173.203.3.44562 > node132.omniorb: Flags [P.], seq 2520376679:2520377686, ack 3449857484, win 501, options [nop,nop,TS val 3248801612 ecr 1707416531]
    , length 1007E..#!.@.<.ml
    ...
    ........9.g........
    ......
    ...Le...POST /seeyon/ajax.do?method=ajaxAction&managerName=govdocLockManager&rnd=69913 HTTP/1.1
    Host: 172.28.65.176:8088
    Connection: keep-alive
    Content-Length: 222
    RequestType: AJAX
    Origin: http://172.28.65.176:8088
    User-Agent: Mozilla/5.0 (X11; Linux mips64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
    Content-Type: application/x-www-form-urlencoded;charset=UTF-8
    Accept: */*
    Referer: http://172.28.65.176:8088/seeyon/govdoc/govdoc.do?method=summary&openFrom=listPending&isFromHome=true&affairId=-5760283864924206433&app=4&summaryId=-2696930423770
    14579Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: login_locale=zh_CN; avatarImageUrl=5481572798286153992; loginPageURL=; JSESSIONID=77796CE5C6542DCA23A8BCB2F179320A.ins132
    
    managerMethod=activeLockTime&arguments=%5B%7B%22formMasterId%22%3A%22-269693042377014579%22%2C%22processId%22%3A%228470682157104844465%22%2C%22loginPlatform%22%3A%22pc%22%
    2C%22affairId%22%3A%22-5760283864924206433%22%7D%5D23:17:34.581609 IP node132.omniorb > 10.173.203.3.44562: Flags [P.], seq 1:207, ack 1007, win 501, options [nop,nop,TS val 1707433547 ecr 3248801612], length 206
    E.... @.@._.
    ...
    ............9.V...........
    e.^K...LHTTP/1.1 200 
    Pragma: No-cache
    Cache-Control: no-cache
    Expires: Thu, 01 Jan 1970 00:00:00 GMT
    Content-Type: application/json;charset=UTF-8
    Content-Length: 4
    Date: Wed, 24 Nov 2021 15:17:34 GMT
    
    null
    23:17:34.582665 IP 10.173.203.3.44562 > node132.omniorb: Flags [.], ack 207, win 501, options [nop,nop,TS val 3248801634 ecr 1707433547], length 0
    E..4!.@.<.qZ
    ...
    ........9.V.........W.....
    ...be.^K
    ^C
    8 packets captured
    8 packets received by filter
    0 packets dropped by kernel
    
    
    展开全文
  • TcpDump安装设置

    千次阅读 2021-05-18 04:15:40
    分类:2007-03-10 13:17:37TcpDump的介绍一、网络数据采集分析工具TcpDump的简介顾名思义,TcpDump可以将网络中传送的数据包的“头”完全截获下来提供分析。它支持针对网络层、协议、主机、网络或端口的过滤,并提供...

    分类:

    2007-03-10 13:17:37

    TcpDump的介绍

    一、网络数据采集分析工具TcpDump的简介

    顾名思义,TcpDump可以将网络中传送的数据包的“头”完全截获下来提供分析。它支持针对网络层、协议、主机、网络或

    端口的过滤,并提供and、or、not等逻辑语句来帮助你去掉无用的信息。tcpdump就是一种免费的网络分析工具,尤其其提

    供了源代码,公开了接口,因此具备很强的可扩展性,对于网络维护和入侵者都是非常有用的工具。tcpdump存在于基本的

    FreeBSD系统中,由于它需要将网络界面设置为混杂模式,普通用户不能正常执行,但具备root权限的用户可以直接执行它

    来获取网络上的信息。因此系统中存在网络分析工具主要不是对本机安全的威胁,而是对网络上的其他计算机的安全存在威

    胁。我们用尽量简单的话来定义tcpdump,就是:dump the traffice on a network.,根据使用者的定义对网络上的数据包

    进行截获的包分析工具。作为互联网上经典的的系统管理员必备工具,tcpdump以其强大的功能,灵活的截取策略,成为每

    个高级的系统管理员分析网络,排查问题等所必备的东西之一。tcpdump提供了源代码,公开了接口,因此具备很强的可扩

    展性,对于网络维护和入侵者都是非常有用的工具。tcpdump存在于基本的FreeBSD系统中,由于它需要将网络界面设置为混

    杂模式,普通用户不能正常执行,但具备root权限的用户可以直接执行它来获取网络上的信息。因此系统中存在网络分析工

    具主要不是对本机安全的威胁,而是对网络上的其他计算机的安全存在威胁。

    二、TcpDump的安装

    1、freebsd下系统自带

    2、linux下的安装

    1)、rpm包的形式安装:

    #rpm -ivh tcpdump-3_4a5.rpm

    这样tcpdump就顺利地安装到你的linux系统中

    2)、源程序的安装:

    第一步 取得源程序 在源程序的安装方式中,我们首先要取得tcpdump的源程序分发包,这种分发包有两种形式,一种是

    tar压缩包(tcpdump-3_4a5.tar.Z),另一种是rpm的分发包(tcpdump-3_4a5.src.rpm)。这两种形式的内容都是一样的,不

    同的仅仅是压缩的方式.tar的压缩包可以使用如下命令解开:

    #tar xvfz tcpdump-3_4a5.tar.Z

    rpm的包可以使用如下命令安装:

    #rpm -ivh tcpdump-3_4a5.src.rpm

    这样就把tcpdump的源代码解压到/usr/src/redhat/SOURCES目录下.

    第二步 做好编译源程序前的准备活动

    在编译源程序之前,最好已经确定库文件libpcap已经安装完毕,这个库文件是tcpdump软件所需的库文件。同样,你同

    时还要有一个标准的c语言编译器。在linux下标准的c 语言编译器一般是gcc。 在tcpdump的源程序目录中。有一个文件是

    Makefile.in,configure命令就是从Makefile.in文件中自动产生Makefile文件。在Makefile.in文件中,可以根据系统的配

    置来修改BINDEST 和 MANDEST 这两个宏定义,缺省值是

    BINDEST = @sbindir@

    MANDEST = @mandir@

    第一个宏值表明安装tcpdump的二进制文件的路径名,第二个表明tcpdump的man 帮助页的路径名,你可以修改它们来满足

    系统的需求。

    第三步 编译源程序

    使用源程序目录中的configure脚本,它从系统中读出各种所需的属性。并且根据Makefile.in文件自动生成Makefile文件,

    以便编译使用.make命令则根据Makefile文件中的规则编译tcpdump的源程序。使用make install命令安装编译好的tcpdump

    的二进制文件。

    总结一下就是:

    # tar xvfz tcpdump-3_4a5.tar.Z

    # vi Makefile.in

    # . /configure

    # make

    # make install

    三、TcpDump的使用

    普通情况下,直接启动tcpdump将监视第一个网络界面上所有流过的数据包。

    # tcpdump

    tcpdump: listening on rl0

    22:41:29.128778 10.5.1.155.ssh > 10.5.3.105.41685: P 331248169:331248233(64) ack 4205716752 win 57920 nop,timestamp 166117 2765331> (DF) [tos 0x10]

    22:41:29.128938 10.5.3.105.41685 > 10.5.1.155.ssh: . ack 64 win 7176 (DF)\

    [tos 0x10]

    22:41:29.616392 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    22:41:29.616486 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    22:41:30.118632 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    22:41:30.118756 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    22:41:30.120329 10.5.1.155.ssh > 10.5.3.105.41685: P 64:256(192) ack 1 win 57920 2765332> (DF) [tos 0x10]

    22:41:30.120544 10.5.3.105.41685 > 10.5.1.155.ssh: . ack 256 win 7176 (DF)\

    [tos 0x10]

    22:41:30.120661 10.5.1.155.ssh > 10.5.3.105.41685: P 256:704(448) ack 1 win 57920 2765580> (DF) [tos 0x10]

    22:41:30.120932 10.5.3.105.41685 > 10.5.1.155.ssh: . ack 704 win 7864 (DF) [tos 0x10]

    22:41:30.691840 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    22:41:30.691935 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    22:41:31.119863 10.5.1.155.ssh > 10.5.3.105.41685: P 704:880(176) ack 1 win 57920 2765580> (DF) [tos 0x10]

    22:41:31.120003 10.5.1.155.ssh > 10.5.3.105.41685: P 880:1440(560) ack 1 win 57920 2765580> (DF) [tos 0x10]

    22:41:31.120065 10.5.3.105.41685 > 10.5.1.155.ssh: . ack 880 win 8552 (DF) \

    [tos 0x10]

    22:41:31.120309 10.5.3.105.41685 > 10.5.1.155.ssh: . ack 1440 win 8552 (DF) \

    [tos 0x10]

    22:41:31.198625 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    22:41:31.198752 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    22:41:31.766946 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    22:41:31.767040 10.5.1.72.45564 > 228.123.123.4.45564: udp 36 [ttl 1]

    基本上tcpdump总的的输出格式为:系统时间 ID号 来源主机.端口 > 目标主机.端口 数据包参数

    如果在网卡使用混杂模式 系统的日志将会记录

    (TEST-WEB1)-root-finance [/var/log]#tail dmesg.today

    rl0: promiscuous mode disabled

    rl0: promiscuous mode enabled

    四、tcpdump参数的使用

    -a:将网络地址和广播地址转变成名字;

    -d:将匹配信息包的代码以人们能够理解的汇编格式给出;

    -dd:将匹配信息包的代码以c语言程序段的格式给出;

    -ddd:将匹配信息包的代码以十进制的形式给出;

    -e:在输出行打印出数据链路层的头部信息;

    -f:将外部的Internet地址以数字的形式打印出来;

    -l:使标准输出变为缓冲行形式;

    -n:不把网络地址转换成名字;

    -t:在输出的每一行不打印时间戳;

    -v:输出一个稍微详细的信息,例如在ip包中可以包括ttl和服务类型的信息;

    -vv:输出详细的报文信息;

    -c:在收到指定的包的数目后,tcpdump就会停止;

    -F:从指定的文件中读取表达式,忽略其它的表达式;

    -i:指定监听的网络接口,这在计算机具有多个网络界面时非常有用;

    -r:从指定的文件中读取包(这些包一般通过-w选项产生);

    -w:直接将包写入文件中,并不分析和打印出来;

    -T:将监听到的包直接解释为指定的类型的报文,常见的类型有rpc (远程过程 调用)和snmp(简单网络管理协议)

    -s:从每个报文中截取snaplen字节的数据,而不是缺省的68(如果是SunOS的NIT,最小值是96).68个字节适用于IP,ICMP,

    TCP和UDP,但是有可能截掉名字服务器和NFS报文的协议信息(见下面).输出时如果指定``[|proto]'', tcpdump可以

    指出那些捕捉量过小的数据报,这里的proto是截断发生处的协议层名称.注意,采用更大的捕捉范围既增加了处理报

    文的时间,又相应的减少了报文的缓冲数量,可能导致报文的丢失。你应该把snaplen设的尽量小,只要能够容纳你需

    要的协议信息就可以了.

    -S:显示绝对的,而不是相对的TCP序列号

    五、TcpDump的运用

    1、tcpdump采用命令行方式,它的命令格式为:

    tcpdump [ -adeflnNOpqStvx ] [ -c 数量 ] [ -F 文件名 ]

    [ -i 网络接口 ] [ -r 文件名] [ -s snaplen ]

    [ -T 类型 ] [ -w 文件名 ] [表达式 ]

    2、tcpdump的表达式介绍

    表达式是一个正则表达式,tcpdump利用它作为过滤报文的条件,如果一个报文满足表达式的条件,则这个报文将会被

    捕获。如果没有给出任何条件,则网络上所有的信息包将会被截获。

    在表达式中一般如下几种类型的关键字,一种是关于类型的关键字,主要包括host,net,port, 例如 host 210.27.48.2,

    指明 210.27.48.2是一台主机,net 202.0.0.0 指明202.0.0.0是一个网络地址,port 23 指明端口号是23。如果没有指定

    类型,缺省的类型是host.

    第二种是确定传输方向的关键字,主要包括src , dst ,dst or src, dst and src ,这些关键字指明了传输的方向。举例

    说明,src 210.27.48.2 ,指明ip包中源地址是210.27.48.2 , dst net 202.0.0.0 指明目的网络地址是202.0.0.0 。如果

    没有指明方向关键字,则缺省是src or dst关键字。

    第三种是协议的关键字,主要包括fddi,ip ,arp,rarp,tcp,udp等类型。Fddi指明是在FDDI(分布式光纤数据接口网络)上的

    特定的网络协议,实际上它是"ether"的别名,fddi和ether具有类似的源地址和目的地址,所以可以将fddi协议包当作ether

    的包进行处理和分析。其他的几个关键字就是指明了监听的包的协议内容。如果没有指定任何协议,则tcpdump将会监听所有

    协议的信息包。

    除了这三种类型的关键字之外,其他重要的关键字如下:gateway, broadcast,less,greater,还有三种逻辑运算,取非运算

    是 'not ' '! ', 与运算是'and','&&';或运算 是'or' ,'||';

    3、实验

    (1)想要截获所有10.0.153.39 的主机收到的和发出的所有的数据包:

    #tcpdump host 10.0.153.39

    (TEST-DNS)-root-financedns[/home/livedoorcn]#tcpdump host 10.0.153.39

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes

    14:38:15.144062 IP finance.livedoor.com.ssh > 10.5.3.105.56745: P 1344499225:1344499417(192) a ck 3235758685\

    win 33304 14:38:15.146504 IP 10.5.3.105.56745 > finance.livedoor.com.ssh: . ack 192 win 16022 5735977 122656151>

    14:38:16.080527 IP finance.livedoor.com.ssh > 10.5.3.105.56745: P 192:512(320) ack 1 win 33304  timestamp 122656244 5735977>

    14:38:16.085164 IP 10.5.3.105.56745 > finance.livedoor.com.ssh: . ack 512 win 16022 5736212 122656244>

    (TEST-DNS)-root-financedns[/home/livedoorcn]#ping finance.livedoor.com

    PING finance.livedoor.com (10.0.153.39): 56 data bytes

    64 bytes from 10.0.153.39: icmp_seq=0 ttl=64 time=0.371 ms

    64 bytes from 10.0.153.39: icmp_seq=1 ttl=64 time=0.235 ms

    (2)想要截获主机10.0.153.39 和主机10.0.153.132 或10.0.153.38的通信,使用命令:

    #tcpdump host 10.0.153.39 and \( 10.0.153.132 or 10.0.153.38 \)

    (TEST-WEB1)-root-finance [/home/livedoorcn]#tcpdump host 10.0.153.39 and \(10.0.153.132 or 10.0.153.38\)

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes

    17:33:28.513664 IP 10.0.153.132.49166 > finance.livedoor.com.ssh: P 3076047815:3076047863(48) ack 191506560 \

    win 33304 17:33:28.513974 IP finance.livedoor.com.ssh > 10.0.153.132.49166: P 1:65(64) ack 48 win 33304 timestamp 123344768 172221611>

    17:33:28.607536 IP 10.0.153.132.49166 > finance.livedoor.com.ssh: . ack 65 win 33304 172221621 123344768>

    17:33:31.137588 IP 10.0.153.132.49166 > finance.livedoor.com.ssh: P 48:96(48) ack 65 win 33304 timestamp 172221874 123344768>

    17:33:31.137860 IP finance.livedoor.com.ssh > 10.0.153.132.49166: P 65:113(48) ack 96 win 33304 timestamp 123345030 172221874>

    17:33:31.237584 IP 10.0.153.132.49166 > finance.livedoor.com.ssh: . ack 113 win 33304 172221884 123345030>

    (3)如果想要获取主机10.0.153.39除了和主机10.0.153.132、10.5.3.105之外所有主机通信的ip包,使用命令:

    #tcpdump ip host 10.0.153.39 and ! 10.0.153.132  and ! 10.5.3.105

    (TEST-WEB1)-root-finance [/home/livedoorcn]#tcpdump ip host 10.0.153.39 and ! 10.0.153.132  and ! 10.5.3.105

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes

    17:36:32.715052 IP test.livedoor.com.64443 > finance.livedoor.com.http: S 1989359758:19893 59758(0) win \

    65535 17:36:32.715103 IP finance.livedoor.com.http > test.livedoor.com.64443: S 4236357745:42363 57745(0) ack \

    1989359759 win 65535 17:36:32.715211 IP test.livedoor.com.64443 > finance.livedoor.com.http: . ack 1 win 33304 112342868 123363188>

    17:36:32.715558 IP test.livedoor.com.64443 > finance.livedoor.com.http: P 1:849(848) ack 1  win 33304\

    17:36:32.727829 IP finance.livedoor.com.http > test.livedoor.com.64443: . 1:1449(1448) ack  849 win 33304\

    17:36:32.727854 IP finance.livedoor.com.http > test.livedoor.com.64443: . 1449:2897(1448) ack 849 win 33304\

    17:36:32.728419 IP test.livedoor.com.64443 > finance.livedoor.com.http: . ack 2897 win 325 80 timestamp 112342869 123363189>

    (4)ARP包的TCPDUMP输出信息使用命令

    #tcpdump arp

    TEST-squid]# tcpdump arp

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes

    20:08:24.396325 arp who-has test.livedoor.com tell finance.livedoor.com

    20:08:24.396341 arp reply test.livedoor.com is-at 00:0d:61:cc:4d:df

    分析: 220:08:24是时间戳, 396325是ID号,  arp表明是ARP请求包, who-has test.livedoor.com tell finance.\

    livedoor.com表明是主机finance.livedoor.com请求主机test.livedoor.com的MAC地址。 00:0d:61:cc:4d:df是主机ICE的MAC地址

    (5)过滤指定的接口数据

    #tcpdump -i vr1

    (TEST-DNS)-root-financedns[/home/livedoorcn]#tcpdump -i vr1

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on vr1, link-type EN10MB (Ethernet), capture size 96 bytes

    19:19:24.434700 IP 10.4.6.40.ssh > 10.5.3.105.37863: P 923576730:923576922(192) ack 365011995 win 33304\                19:19:24.437520 IP 10.5.3.105.37863 > 10.4.6.40.ssh: . ack 192 win 9320 (TEST-DNS)-root-financedns[/home/livedoorcn]#tcpdump -i vr0

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes

    19:19:11.474750 IP dns.livedoor.com.ssh > test.livedoor.com.59301: P 3715345990:3715346182(192) ack 1594125622\

    win 33304 19:19:11.474886 IP test.livedoor.com.59301 > dns.livedoor.com.ssh: . ack 192 win 33208 113321413 97785268>

    19:19:11.475019 IP test.livedoor.com.ssh > 10.5.3.105.37863: P 923574602:923574794(192) ack 365011755 win \

    33304 19:19:11.477552 IP 10.5.3.105.37863 > test.livedoor.com.ssh: . ack 19

    (6)过滤的是源主机为10.5.3.105与目的网络为10.4.6.0的报头

    #tcpdump src host 10.5.3.105 and dst net 10.4.6.0/24

    (TEST-WEB1)-root-finance [/home/livedoorcn]#tcpdump src host 10.5.3.105 and dst net 10.4.6.0/24

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes

    ^Z

    Suspended

    (7)过滤源主机10.0.153.39和目的端口不是telnet的报头

    #tcpdump src host 10.0.153.39 and dst port not telnet

    (TEST-WEB1)-root-finance [/home/livedoorcn]#tcpdump src host 10.0.153.39 and dst port not telnet

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes

    20:28:48.867836 IP finance.livedoor.com.ssh > 10.5.3.105.54049: P 3905303025:3905303217(192) ack 538379814\

    win 33304 20:28:49.862053 IP finance.livedoor.com.63714 > dns.livedoor.com.domain:  49917+ PTR? 105.3.5.10.in-addr.arpa.\

    (41)

    20:28:49.863859 IP finance.livedoor.com.ssh > 10.5.3.105.54049: P 192:384(192) ack 1 win 33304 timestamp 124396887 10087418>

    (8)只过滤源主机10.0.153.39的所有udp报头

    #tcpdump udp and src host 10.153.39

    (TEST-WEB1)-root-finance [/home/livedoorcn]#tcpdump udp and src host 10.0.153.39

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes

    ^Z

    Suspended

    (9)只过滤源主机10.0.153.39的所有tcp报头

    (TEST-DNS)-root-financedns[/home/livedoorcn]#tcpdump -i vr1

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on vr1, link-type EN10MB (Ethernet), capture size 96 bytes

    19:19:24.434700 IP 10.4.6.40.ssh > 10.5.3.105.37863: P 923576730:923576922(192) ack 365011995 win 33304\               19:19:24.437520 IP 10.5.3.105.37863 > 10.4.6.40.ssh: . ack 192 win 9320 (10)将数据重定向

    #tcpdump -l > /home/tcp.txt

    (TEST-WEB1)-root-finance [/home/livedoorcn]#cat /home/tcp.txt

    20:40:28.980316 IP finance.livedoor.com.ssh > 10.5.3.105.54049: P 3905319025:3905319217(192) ack 538389206 \

    win 33304 20:40:28.982823 IP 10.5.3.105.54049 > finance.livedoor.com.ssh: . ack 192 win 6324 10262437 124466797>

    20:40:29.972790 IP finance.livedoor.com.63395 > dns.livedoor.com.domain:  13519+ PTR? 105.3.5.10.in-addr.arpa. (41)

    20:40:29.974242 IP dns.livedoor.com.domain > finance.livedoor.com.63395:  13519 NXDomain 0/1/0 (118)

    (11)不进行IP地址到主机名的转换

    #tcpdump -n

    (TEST-WEB1)-root-finance [/home/livedoorcn]#tcpdump

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes

    20:59:06.057524 IP 10.5.3.105.54049 > finance.livedoor.com.ssh: . ack 192 win 7772 10541692 124578503>

    (TEST-WEB1)-root-finance [/home/livedoorcn]#tcpdump -n

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes

    20:59:09.911173 IP 10.5.3.105.54049 > 10.0.153.39.22: . ack 192 win 9220 (12)监视编址到指定端口的TCP或UDP数据包,那么执行以下命令

    #tcpdump host 10.0.153.39 and port 80

    阅读(10226) | 评论(0) | 转发(1) |

    给主人留下些什么吧!~~

    评论热议

    请登录后评论。

    展开全文
  • linux离线安装tcpdump

    2021-11-02 21:31:42
    里面附有安装文档(亲测可用)
  • tcpdump 安装+测试(AFL)

    千次阅读 2021-09-24 16:03:03
    1.安装tcpdump需要先安装libpcap,先下载libpcap包Index of /release 2.解压文件 tar zxvf libpcap... 3.切换到包目录下 cd libpcap... 4.安装依赖包 sudo apt-get install flex sudo apt-get ...

    安装libpcap

    1.安装tcpdump需要先安装libpcap,先下载libpcap包Index of /release

    2.解压文件  tar zxvf  libpcap...

    3.切换到包目录下 cd libpcap...

    4.安装依赖包

    sudo apt-get install flex

    sudo apt-get install bison

    安装过程中我遇到 错误,提示apt --fix-broken install,执行sudo apt --fix-broken install错误解决,依赖包安装成功

    5.生成配置文件  ./configure

    6.编译 sudo make install  若不报错,libpcap安装成功

    安装tcpdump

    1 .下载tcpdump  Index of /release

    2.解压文件  tar zxvf  tcpdump...

    3.切换到包目录下 cd tcpdump...

    5.生成配置文件(因为要使用afl进行测试,所以使用afl-gcc编译,仅安装 ./configure 即可)

     ./configure  CC="afl-gcc" CXX="afl-g++"

    6.编译

    make

    sudo make install 

    AFL测试

    1.新建输入文件in,将tcpdump下tests目录下的文件复制到in中,作为测试用例

    2.在tcpdump目录下找到tcpdump编译文件,与in放在同一目录下

    3.测试tcpdump从指定的文档中读取数据包的功能
    afl-fuzz -i in -o out ./tcpdump -nr @@

    展开全文
  • 分类:2007-03-10 13:17:37TcpDump的介绍一、网络数据采集分析工具TcpDump的简介顾名思义,TcpDump可以将网络中传送的数据包的“头”完全截获下来提供分析。它支持针对网络层、协议、主机、网络或端口的过滤,并提供...
  • CentOS7 tcpdump安装与使用

    千次阅读 2020-12-08 18:01:13
    yum安装 yum install tcpdump 源码安装 # flex yum -y install flex # bison yum -y install bison wget http://www.tcpdump.org/release/libpcap-1.5.3.tar.gz wget ...
  • Android下tcpdump安装及抓包
  • 1 安装tcpdump,注意需要使用root用户安装yum install -y tcpdump安装到/usr/sbin目录下2 修改admin用户的profile,把/usr/sbin加入到环境变量export PATH=$PATH:$HOME/bin:/usr/sbin3 运行tcpdump发现无权限执行...
  • 用简单的话来定义tcpdump,就是:dump the traffic on a network,根据使用者的定义对网络上的数据包进行截获的包分析工具。 tcpdump可以将网络中传送的...Tcpdump(linux)下载、安装、使用说明 对于网络管理人员来...
  • tcpdump安装教程

    2016-11-16 10:20:00
    最近迷上了linux系统运维,前端的东西应该会很少碰了,自己肯钻研...linux运维,据说重要的东西,就是这个tcpdump了,以前在w7上自己装了一个burp suite抓包用的,但是在linux上我却没有下载成功,也不知道为什么,...
  •  预装软件:   [plain] view plain copy print? yum -y install flex  yum -y install bison  yum -y install gcc  yum -y install flex yum -y install bison ...下载及安装     [p...
  • linux安装tcpdump

    千次阅读 2021-11-13 16:49:57
    1.官网下载tcpdump和libpcap压缩包 登录:https://www.tcpdump.org/index.html#latest-releases ...3.安装libpcap库(libpcap与tcpdump有依赖,需先安装) tar -zxvf libpcap-1.10.1.tar.gz; cd libpca..
  • ubuntu tcpdump 编译 安装

    2021-04-11 09:49:10
    ubuntu tcpdump 编译 Ubuntu下libpcap安装步骤 https://www.cnblogs.com/flyinggod/p/9322267.html tar -zxvf tcpdump-4.8.1.tar.gz 因为要在linux测试一个http协议伪装的需要,使用到了linux下的wireshark抓包软件...
  • tcpdump离线安装

    2022-03-03 11:09:50
    tcpdump.tar.gz,tcpdump,tcpdump-4.9.2-4.el7_7.1.x86_64.rpm,libpcap-1.5.3-12.el7.x86_64.rpm,installtcpdump.sh#!/bin/bash rpm -ivh libpcap-1.5.3-12.el7.x86_64.rpm rpm -ivh tcpdump-4.9.2-4.el7_7.1.x86_64....
  • tcpdump安装与基本使用

    2019-09-05 20:06:36
    tcpdump安装与基本使用安装tcpdump基本使用常用原语原语组合方式参数案例场景 安装tcpdump yum install tcpdump 基本使用 常用原语 类型:host、net、port、ip proto、protochain等 传输方向:src、dst、dst or src...
  • tcpdump安装步骤及使用

    2018-07-10 15:44:00
    准备工作: 1、安装flex yum -y install flex ...安装tcpdump: wget http://www.tcpdump.org/release/libpcap-1.5.3.tar.gz wget http://www.tcpdump.org/release/tcpdump-4.5.1.tar.gz ta...
  • Tcpdump源码官网 http://www.tcpdump.org 安装步骤 下载tcpdump、libpcap libpcap-1.8.1.tar.gz tcpdump-4.9.0.tar.gz 安装libpcap 解压缩 tar -vxzf libpcap-1.8.1.tar.gz 注:小技巧:Linux下一般...
  • tcpdump安装实录

    2020-03-12 22:54:19
    wget -c http://www.tcpdump.org/release/libpcap-1.9.1.tar.gz tar -zxvf libpcap-1.9.1.tar.gz cd libpcap-1.9.1 ./configure make && make install 1.1 安装小插曲 在执行./configure 的时候会遇到一个...
  • centos安装tcpdump

    千次阅读 2021-05-16 09:10:07
    viCentOS-Base.repo#在[base]、[updates]、[extras]组下面添加priority=1,在[centosplus]、[contrib]组下面添加priority=2################################################################[base]name=CentOS-$...
  • linux安装tcpdump步骤

    千次阅读 2021-01-20 15:08:31
    一、先安装libpcap库:步骤如下 yum -y install gcc-c++ yum -y install flex yum -y install bison cd /home/lijin/pacp/libpcap-1.10.0 (就是进到你下载的软件包下,解压之后的目录下面) ...二、安装tcpdump cd /h
  • tcpdump 离线安装

    千次阅读 2020-06-24 18:11:50
    ------------以下是tcpdump的下载安装------------- 一、下载安装包: 因为tcpdump需要依赖包libcap,所以需安装2个包。可以从以下网址下载。 http://www.tcpdump.org/release/libpcap-1.5.3.tar.gz ...
  • Linux centos7安装tcpdump-4.99.1
  • libpcap与tcpdump有依赖,需先安装 注意: 没有make命令进行安装:apt-get install make 以上没有报错后,执行以下命令,可以看到网口信息就安装成功了 问题1 configure: error: Your...
  • Tcpdump安装使用

    2019-10-06 17:39:56
    本来想安装wireshark yum install wireshark 命令行下使用,包含抓包的基本功能 yum install wireshark-gnome 提供wireshark(UI)工具,依赖wireshark RPM root@localhost: wiresharkwireshark: symbol lookup ...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 26,101
精华内容 10,440
关键字:

tcpdump安装