centos tcpdump

yum install tcpdump

tcpdump -i <network interface, eg: ens33> -nnAx 'expression' (nn: ip:port, A: ascii, X 16进制和ascii）

eg:

[root@k8s-node1 ~]# tcpdump -i ens33 -nn 'icmp'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
16:18:29.849568 IP 192.168.159.135 > 192.168.159.132: ICMP echo request, id 36909, seq 1, length 64
16:18:29.849623 IP 192.168.159.132 > 192.168.159.135: ICMP echo reply, id 36909, seq 1, length 64
16:18:30.850185 IP 192.168.159.135 > 192.168.159.132: ICMP echo request, id 36909, seq 2, length 64
16:18:30.850225 IP 192.168.159.132 > 192.168.159.135: ICMP echo reply, id 36909, seq 2, length 64

[root@k8s-node1 ~]# tcpdump -i ens33 -nn 'dest host 192.168.159.135'
tcpdump: syntax error
[root@k8s-node1 ~]# tcpdump -i ens33 -nn 'dst host 192.168.159.135'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
16:21:44.688050 IP 192.168.159.2.53 > 192.168.159.135.33407: 18436 NXDomain 0/1/0 (119)
16:21:44.696574 IP 192.168.159.2.53 > 192.168.159.135.39596: 690 1/0/0 PTR localhost. (64)
16:21:46.503880 IP 192.168.159.2.53 > 192.168.159.135.41822: 60113 1/0/0 PTR localhost. (64)
16:21:47.435254 IP 192.168.159.2.53 > 192.168.159.135.42791: 33934 ServFail 0/0/0 (20)
16:21:47.444501 IP 192.168.159.2.53 > 192.168.159.135.42121: 33934 ServFail 0/0/0 (20)
16:21:56.177021 IP 192.168.159.1 > 192.168.159.135: ICMP echo request, id 1, seq 11, length 40
16:21:57.186776 IP 192.168.159.1 > 192.168.159.135: ICMP echo request, id 1, seq 12, length 40
16:21:58.035536 IP 192.168.159.2.53 > 192.168.159.135.42967: 42641 1/0/0 PTR localhost. (64)
16:21:58.193385 IP 192.168.159.1 > 192.168.159.135: ICMP echo request, id 1, seq 13, length 40
16:21:58.849807 IP 192.168.159.2.53 > 192.168.159.135.55290: 32129 ServFail 0/0/0 (20)
16:21:58.855056 IP 192.168.159.2.53 > 192.168.159.135.41988: 32129 ServFail 0/0/0 (20)
16:21:59.199716 IP 192.168.159.1 > 192.168.159.135: ICMP echo request, id 1, seq 14, length 40

[root@k8s-node1 ~]# tcpdump -i ens33 -nn 'src host 192.168.159.135'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
16:22:49.630891 IP 192.168.159.135.41634 > 192.168.159.2.53: 27789+ A? ui.localdomain. (32)
16:22:55.449932 IP 192.168.159.135.50146 > 192.168.159.2.53: 40936+ PTR? 1.0.20.172.in-addr.arpa. (41)
16:22:55.588400 IP 192.168.159.135.22 > 192.168.159.1.6745: Flags [P.], seq 754791894:754791946, ack 1747553912, win 255, length 52
16:22:55.682886 IP 192.168.159.135.22 > 192.168.159.1.6745: Flags [P.], seq 52:104, ack 53, win 255, length 52
16:22:55.827732 IP 192.168.159.135.22 > 192.168.159.1.6745: Flags [P.], seq 104:156, ack 105, win 255, length 52
16:22:55.966425 IP 192.168.159.135.22 > 192.168.159.1.6745: Flags [P.], seq 156:208, ack 157, win 255, length 52
16:22:56.015862 IP 192.168.159.135.22 > 192.168.159.1.6745: Flags [P.], seq 208:260, ack 209, win 255, length 52
16:22:56.199467 IP 192.168.159.135.44520 > 192.168.159.2.53: 16301+ A? ui. (20)
16:22:56.205896 IP 192.168.159.135.46922 > 192.168.159.2.53: 16301+ A? ui. (20)
16:22:56.213089 IP 192.168.159.135.37464 > 192.168.159.2.53: 60359+ A? ui.localdomain. (32)
16:22:57.300528 IP 192.168.159.135.22 > 192.168.159.1.6745: Flags [P.], seq 260:312, ack 261, win 255, length 52
16:22:57.490417 IP 192.168.159.135.22 > 192.168.159.1.6745: Flags [P.], seq 312:364, ack 313, win 255, length 52
16:22:57.662922 IP 192.168.159.135.22 > 192.168.159.1.6745: Flags [P.], seq 364:416, ack 365, win 255, length 52

centos tcpdump相关推荐

CentOS tcpdump的使用实例
tcpdump是一个用于截取网络分组,并输出分组内容的工具.tcpdump凭借强大的功能和灵活的截取策略,使其成为类UNIX系统下用于网络分析和问题排查的首选工具. 选项: -A 以ASCII格式打印 ...
查找局域网中的DHCP服务器
某天,在xenserver中的某一台主机启动后发现IP地址是DHCP获得的,但是网段却是我从没有配置过的.想了很久都不记得自己曾经架过这么一台DHCP服务器.我要做的就是揪出它,看看是哪台机器在提供D ...
Linux（Centos 7）使用tcpdump抓取流量包
在Linux(Centos 7)上实现抓取流量数据包,这里我使用的是tcpdump(离线安装) 1.检查是否有gcc编译器 ,如果没有可以直接执行 : yum -y install gcc 安装,或者 ...
CentOS 7 使用RPM一键离线安装 GCC+tcpdump 环境
前因服务器装系统的时候可能使用了最小安装,导致装完以后是没有gcc盒tcpdump命令的.但是服务器又不能联网,没法通过yum安装. 调试过程中需要用到这两个,收集了一下相关的依赖包,解压后直接在文 ...
肝了三天，万字长文教你玩转 tcpdump，从此抓包不用愁
图源 | 视觉中国来源|Python编程时光(ID: Cool-Python) 今天要给大家介绍的一个 Unix 下的一个网络数据采集分析工具 -- Tcpdump,也就是我们常说的抓包工具. 与 ...
CentOS7定制封装发行版－基于CentOS minimal
CentOS7定制封装发行版-基于CentOS minimal 2014-12-24 13:28:00 分类: LINUX 在实际工作中,CentOS的安装需要设置的语言.键盘模 ...
Tcpdump配合Tcpreplay回放实现网络探测
实际上,这个需求来自IT的监控,监控的根本目标是随时发现局域网内的非法DHCP服务器,以报警. 实现的具体策略:找一台机器,每分钟跑一次cron,执行检查并在出错时报警(邮件或者短信).具体的核心策略 ...
CentOS+Nginx+Tomcat+Mysql+PHP 环境搭建及系统部署
==============安装centos 7.0======================= 选择最小安装,将相关的"调试工具"."兼容性程序库".&qu ...
linux centos tcpreplay 重放数据
tcpreplay是什么? 简单的说, tcpreplay是一种pcap包的重放工具, 它可以将用ethreal, wireshark工具抓下来的包原样或经过任意修改后重放回去. 它允许你对报文做任意 ...

centos tcpdump

centos tcpdump相关推荐

最新文章

热门文章