| code>tcpdump用于捕获和分析网络流量。系统管理员可以使用它来查看实时流量或将输出保存到文件中并在以后进行分析。下面列出5个常用选项 |
-r选项
如果你导出了一个 .pcap 文件,你就会知道不能使用文本编辑器来读取文件内容。因此,你应该使用-r file.pcap选项。它读取现有捕获的文件并将它们显示出来。
# 导出.pcap文件 [root@localhost ~]# tcpdump -c 4 -i any port 53 -nn -w dns.pcap -v dropped privs to tcpdump tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 4 packets captured 8 packets received by filter 0 packets dropped by kernel# 使用-r选项读取.pcap文件 [root@localhost ~]# tcpdump -r dns.pcap reading from file dns.pcap, link-type LINUX_SLL (Linux cooked) dropped privs to tcpdump 19:33:54.533792 IP localhost.localdomain.48048 > _gateway.domain: 30912+ A? www.bai. (25) 19:33:54.533835 IP localhost.localdomain.48048 > _gateway.domain: 51681+ AAAA? www.bai. (25) 19:33:54.537733 IP _gateway.domain > localhost.localdomain.48048: 51681 NXDomain 0/1/0 (100) 19:33:54.539312 IP _gateway.domain > localhost.localdomain.48048: 30912 NXDomain 0/1/0 (100)
host 选项
如果要过滤特定主机的流量,可以使用host选项后面添加ip 或者主机名来捕获特定主机的数据包。
[root@localhost ~]# tcpdump host redhat -i any -c5 dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 20:27:19.762717 IP localhost.localdomain.59096 > dhat.https: Flags [S], seq 2565597156, win 29200, options [mss 1460,sackOK,TS val 1786
本文发布于:2024-01-29 09:56:41,感谢您对本站的认可!
本文链接:https://www.4u4v.net/it/170649340414476.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
| 留言与评论(共有 0 条评论) |
