碼上歡樂
相關內容    簡體    繁體

linux各種抓包情況說明

本文轉載自   查看原文   2018-10-16 12:05   2078    Linux

  大家都知道抓包指令:tcpdump    抓包的主要目的是測試端口、網絡協議通不通,以及對抓取的數據包進行分析、測試,抓包對熟悉linux的大神都不陌生,網絡對於我來說也是一竅不通,只是在這里記錄一下自己在工作中常用到的一些抓包使用說明。

#抓取主機上所有來自四面八方的數據包

[root@AAA-caiji1 Log]# tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:37:02.100344 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (202), id: 0xa4 length: 345
11:37:02.100352 IP 133.38.7.145.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (137), id: 0x9b length: 33

#抓取本機指定網卡上的數據包,-i 指定的本機網卡eth0

[root@AAA-caiji1 Log]# tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:03:12.238556 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (177), id: 0x49 length: 480
10:03:12.238559 IP 133.38.7.146.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (93), id: 0x27 length: 524

#監聽本機端口數據包,指定網卡eth0,端口1812

[root@AAA-caiji1 Log]# tcpdump -i eth0 -s 0 port 1812
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:46:41.940333 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (130), id: 0x14 length: 606
11:46:41.940333 IP 133.38.7.146.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (160), id: 0xe4 length: 33
11:46:41.940894 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (131), id: 0x14 length: 606

#ICMP協議數據包(從一台主機對本機發起的ping)

[root@AAA-caiji1 Log]# tcpdump host 133.37.22.84
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:49:12.200801 IP 133.37.22.84 > 133.37.22.83: ICMP echo request, id 18010, seq 1, length 64
11:49:12.200954 IP 133.37.22.83 > 133.37.22.84: ICMP echo reply, id 18010, seq 1, length 64

#抓取來自於某個主機的數據包,src host x.x.x.x

[root@AAA-caiji1 Log]# tcpdump -i eth0 src host 133.38.7.144
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:00:06.768507 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (134), id: 0x22 length: 602
12:00:06.769007 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (135), id: 0x22 length: 344
12:00:06.769400 IP 133.38.7.144.11811 > 133.37.22.83.radius: RADIUS, Unknown Command (136), id: 0x22 length: 288

 

#抓包生成文件保存,將端口1812上抓到的包保存為b.cap文件,-w xxx.cap

[root@AAA-caiji1 Log]# tcpdump -i eth0 -s 0 port 1812 -w b.cap 

 

抓包文件分析軟件:Wireshark,對於各種抓包報文的解析規則,涉及更深層次的協議知識,后面會分享一篇關於redius協議的報文解析規則

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 怎么在Linux上抓包分析 linux抓包命令之tcpdump linux系統抓包命令 Linux基礎:用tcpdump抓包 【Charles】使用Charles時,抓不到包的情況。 Charles在Mac中抓包使用說明 【Golang】嗅探抓包工具,解決線上偶現問題來不及抓包的情況 linux下libpcap抓包分析 linux tcpdump抓包,wireshark實時解析 linux的p0f檢測,分析抓包信息
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM