tcpdump 抓包工具的使用《openstack 网络》

简介: tcpdump 抓包工具的使用《openstack 网络》

tcpdump是一个用于截取网络分组,并输出分组内容的工具。凭借强大的功能和灵活的截取策略,使其成为类UNIX系统下用于网络分析和问题排查的首选工具

tcpdump 支持针对网络层、协议、主机、网络或端口的过滤,并提供and、or、not等逻辑语句来帮助你去掉无用的信息

tcpdump 命令使用示例

linux系统下执行tcpdump命令需要root账号或者具备sudo权限的账号,否则执行tcpdump命令说,系统会提示tcpdump: no suitable device found。

在下面的例子中,-i eth0 参数表示只抓取 eth0 接口数据包,不加-i eth0 是表示抓取所有的接口包括 lo。

01、抓取所有网络包,并在terminal中显示抓取的结果,将包以十六进制的形式显示。

tcpdump
02、抓取所有的网络包,并存到 result.cap 文件中。

tcpdump -w result.cap
03、抓取所有的经过eth0网卡的网络包,并存到result.cap 文件中。

tcpdump -i eth0 -w result.cap
04、抓取源地址是192.168.1.100的包,并将结果保存到 result.cap 文件中。

tcpdump src host 192.168.1.100 -w result.cap
05、抓取地址包含是192.168.1.100的包,并将结果保存到 result.cap 文件中。

tcpdump host 192.168.1.100 -w result.cap
06、抓取目的地址包含是192.168.1.100的包,并将结果保存到 result.cap 文件中。

tcpdump dest host 192.168.1.100 -w result.cap
07、抓取主机地址为 192.168.1.100 的数据包

tcpdump -i eth0 -vnn host 192.168.1.100
08、抓取包含192.168.1.0/24网段的数据包

tcpdump -i eth0 -vnn net 192.168.1.0/24
09、抓取网卡eth0上所有包含端口22的数据包

tcpdump -i eth0 -vnn port 22
10、抓取指定协议格式的数据包,协议格式可以是「udp,icmp,arp,ip」中的任何一种,例如以下命令:

tcpdump udp  -i eth0 -vnn
11、抓取经过 eth0 网卡的源 ip 是 192.168.1.100 数据包,src参数表示源。

tcpdump -i eth0 -vnn src host 192.168.1.100
12、抓取经过 eth0 网卡目的 ip 是 192.168.1.100 数据包,dst参数表示目的。

tcpdump -i eth0 -vnn dst host 192.168.1.100
13、抓取源端口是22的数据包

tcpdump -i eth0 -vnn src port 22
14、抓取源ip是 192.168.1.100 且目的ip端口是22的数据包

tcpdump -i eth0 -vnn src host 192.168.1.100 and dst port 22
15、抓取源ip``192.168.1.100``22

tcpdump -i eth0 -vnn src host 192.168.1.100 or port 22
16、抓取源ip``192.168.1.100``22

tcpdump -i eth0 -vnn src host 192.168.1.100 and not port 22
17、抓取源ip是192.168.1.100且目的端口是22,或源ip是192.168.1.102且目的端口是80的数据包。

tcpdump -i eth0 -vnn ( src host 192.168.1.100 and dst port 22 ) or ( src host 192.168.1.102 and dst port 80 )
18、把抓取的数据包记录存到/tmp/result文件中,当抓取100个数据包后就退出程序。

tcpdump –i eth0 -vnn -w /tmp/result -c 100
19、从/tmp/result记录中读取tcp协议的数据包

tcpdump -i eth0  tcp  -vnn -r /tmp/result
20、想要截获所有192.168.1.100的主机收到的和发出的所有的数据包:

tcpdump host 192.168.1.100
21、如果想要获取主机192.168.1.100除了和主机192.168.1.101之外所有主机通信的ip包,使用命令:

tcpdump ip host 192.168.1.100 and ! 192.168.1.101
22、如果想要获取主机 192.168.1.100 接收或发出的 telnet 包,使用如下命令:

tcpdump tcp port 23 host 192.168.1.100

查看cap文件

tcpdump -r result.cap

19:18:13.256780 IP host-10-6-10-56.openstacklocal.ssh > 10.0.100.121.53712: Flags [P.], seq 3099367847:3099367947, ack 3498477490, win 298, options [nop,nop,TS val 3313648 ecr 21114196], length 100
19:18:13.299286 IP 10.0.100.121.53712 > host-10-6-10-56.openstacklocal.ssh: Flags [.], ack 100, win 4070, options [nop,nop,TS val 21114205 ecr 3313610], length 0
19:18:13.448969 IP host-10-6-10-51.openstacklocal.51567 > host-10-6-10-53.openstacklocal.spcsdlobby: Flags [P.], seq 1082971748:1082971768, ack 1913390286, win 229, options [nop,nop,TS val 1746704988 ecr 1746
687267], length 20
19:18:13.452643 ARP, Request who-has host-10-6-10-54.openstacklocal tell host-10-6-10-28.openstacklocal, length 46
19:18:13.827050 ARP, Request who-has host-10-6-10-49.openstacklocal tell host-10-6-10-22.openstacklocal, length 46
19:18:14.476700 ARP, Request who-has host-10-6-10-54.openstacklocal tell host-10-6-10-28.openstacklocal, length 46
19:18:14.682684 IP host-10-6-10-75.openstacklocal.41006 > host-10-6-10-70.openstacklocal.postgres: Flags [S], seq 860357188, win 29200, options [mss 1460,sackOK,TS val 28676834 ecr 0,nop,wscale 7], length 0
19:18:14.683431 IP host-10-6-10-75.openstacklocal.41008 > host-10-6-10-70.openstacklocal.postgres: Flags [S], seq 3515804874, win 29200, options [mss 1460,sackOK,TS val 28676835 ecr 0,nop,wscale 7], length 0
19:18:14.683439 IP host-10-6-10-75.openstacklocal.41006 > host-10-6-10-70.openstacklocal.postgres: Flags [.], ack 1980546721, win 229, options [nop,nop,TS val 28676835 ecr 28669253], length 0
19:18:14.683445 IP host-10-6-10-75.openstacklocal.41006 > host-10-6-10-70.openstacklocal.postgres: Flags [F.], seq 0, ack 1, win 229, options [nop,nop,TS val 28676835 ecr 28669253], length 0
19:18:14.683628 IP host-10-6-10-75.openstacklocal.41008 > host-10-6-10-70.openstacklocal.postgres: Flags [.], ack 2679719999, win 229, options [nop,nop,TS val 28676835 ecr 28669254], length 0
19:18:14.683725 IP host-10-6-10-75.openstacklocal.41008 > host-10-6-10-70.openstacklocal.postgres: Flags [F.], seq 0, ack 1, win 229, options [nop,nop,TS val 28676835 ecr 28669254], length 0
19:18:14.687927 IP host-10-6-10-75.openstacklocal.41006 > host-10-6-10-70.openstacklocal.postgres: Flags [.], ack 2, win 229, options [nop,nop,TS val 28676839 ecr 28669258], length 0
19:18:14.689062 IP host-10-6-10-75.openstacklocal.41008 > host-10-6-10-70.openstacklocal.postgres: Flags [.], ack 2, win 229, options [nop,nop,TS val 28676841 ecr 28669259], length 0
19:18:14.850932 ARP, Request who-has host-10-6-10-49.openstacklocal tell host-10-6-10-22.openstacklocal, length 46
19:18:14.949139 IP host-10-6-10-51.openstacklocal.51567 > host-10-6-10-53.openstacklocal.spcsdlobby: Flags [P.], seq 20:40, ack 21, win 229, options [nop,nop,TS val 1746706488 ecr 1746688767], length 20
19:18:15.833304 IP 10.0.31.174.32003 > host-10-6-10-56.openstacklocal.37482: Flags [P.], seq 1195098192:1195098200, ack 2867760332, win 501, options [nop,nop,TS val 2786542746 ecr 3286222], length 8
19:18:15.833405 IP host-10-6-10-56.openstacklocal.37482 > 10.0.31.174.32003: Flags [.], ack 8, win 251, options [nop,nop,TS val 3316224 ecr 2786542746], length 0
19:18:15.874912 ARP, Request who-has host-10-6-10-49.openstacklocal tell host-10-6-10-22.openstacklocal, length 46
19:18:15.981443 IP host-10-6-10-47.openstacklocal.ssh > host-10-6-10-44.openstacklocal.40826: Flags [.], ack 3476650715, win 24576, options [nop,nop,TS val 4240378251 ecr 670974340], length 0
19:18:16.057943 IP 10.0.31.174.32003 > host-10-6-10-56.openstacklocal.37484: Flags [P.], seq 3298882722:3298882730, ack 3403222495, win 501, options [nop,nop,TS val 2786542971 ecr 3257255], length 8
19:18:16.057996 IP host-10-6-10-56.openstacklocal.37484 > 10.0.31.174.32003: Flags [.], ack 8, win 238, options [nop,nop,TS val 3316449 ecr 2786542971], length 0
19:18:16.311399 IP host-10-6-10-51.openstacklocal.8441 > host-10-6-10-53.openstacklocal.40980: Flags [P.], seq 200227942:200228156, ack 3982844457, win 1427, options [nop,nop,TS val 1746707851 ecr 1746690129], length 214
19:18:16.436227 ARP, Request who-has host-10-6-10-54.openstacklocal tell host-10-6-10-28.openstacklocal, length 46
19:18:16.449225 IP host-10-6-10-51.openstacklocal.51567 > host-10-6-10-53.openstacklocal.spcsdlobby: Flags [P.], seq 40:60, ack 41, win 229, options [nop,nop,TS val 1746707988 ecr 1746690267], length 20
19:18:16.459197 IP 10.0.31.174.32003 > host-10-6-10-56.openstacklocal.37486: Flags [P.], seq 200139947:200139955, ack 3482776466, win 501, options [nop,nop,TS val 2786543373 ecr 3286850], length 8
19:18:16.459246 IP host-10-6-10-56.openstacklocal.37486 > 10.0.31.174.32003: Flags [.], ack 8, win 337, options [nop,nop,TS val 3316850 ecr 2786543373], length 0
19:18:16.494231 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39406: Flags [S.], seq 3306713232, ack 297850110, win 28960, options [mss 1460,sackOK,TS val 28678646 ecr 28671064,nop,wscale 7], length 0
19:18:16.494437 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39406: Flags [.], ack 17, win 227, options [nop,nop,TS val 28678646 ecr 28671065], length 0
19:18:16.497888 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39406: Flags [F.], seq 1, ack 17, win 227, options [nop,nop,TS val 28678649 ecr 28671065], length 0
19:18:16.498143 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39406: Flags [.], ack 18, win 227, options [nop,nop,TS val 28678650 ecr 28671069], length 0
19:18:16.498386 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39082: Flags [P.], seq 3194856494:3194856560, ack 2874590546, win 676, options [nop,nop,TS val 28678650 ecr 28671069], length 66
19:18:16.750405 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39082: Flags [P.], seq 66:151, ack 45, win 676, options [nop,nop,TS val 28678902 ecr 28671320], length 85
19:18:16.756402 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39082: Flags [P.], seq 151:173, ack 593, win 685, options [nop,nop,TS val 28678908 ecr 28671321], length 22
19:18:16.756443 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39080: Flags [P.], seq 1238779238:1238779492, ack 987142720, win 227, options [nop,nop,TS val 28678908 ecr 28666068], length 254
19:18:16.756698 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39082: Flags [P.], seq 173:248, ack 636, win 685, options [nop,nop,TS val 28678908 ecr 28671327], length 75
19:18:16.756776 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39080: Flags [.], ack 40, win 227, options [nop,nop,TS val 28678908 ecr 28671327], length 0
19:18:16.759008 IP host-10-6-10-56.openstacklocal.37484 > 10.0.31.174.32003: Flags [P.], seq 1:1949, ack 8, win 238, options [nop,nop,TS val 3317150 ecr 2786542971], length 1948
19:18:16.761670 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39080: Flags [.], ack 79, win 227, options [nop,nop,TS val 28678913 ecr 28671332], length 0
19:18:16.761757 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39080: Flags [.], ack 118, win 227, options [nop,nop,TS val 28678913 ecr 28671332], length 0
19:18:16.785723 IP 10.0.31.174.32003 > host-10-6-10-56.openstacklocal.37484: Flags [.], ack 1949, win 501, options [nop,nop,TS val 2786543698 ecr 3317150], length 0
19:18:16.785760 IP 10.0.31.174.32003 > host-10-6-10-56.openstacklocal.37484: Flags [P.], seq 8:29, ack 1949, win 501, options [nop,nop,TS val 2786543699 ecr 3317150], length 21
19:18:16.785770 IP host-10-6-10-56.openstacklocal.37484 > 10.0.31.174.32003: Flags [.], ack 29, win 238, options [nop,nop,TS val 3317177 ecr 2786543699], length 0
19:18:16.804679 IP host-10-6-10-56.openstacklocal.37484 > 10.0.31.174.32003: Flags [P.], seq 1949:3695, ack 29, win 238, options [nop,nop,TS val 3317196 ecr 2786543699], length 1746
19:18:16.828989 IP 10.0.31.174.32003 > host-10-6-10-56.openstacklocal.37484: Flags [.], ack 3695, win 501, options [nop,nop,TS val 2786543743 ecr 3317196], length 0
19:18:16.829673 IP 10.0.31.174.32003 > host-10-6-10-56.openstacklocal.37484: Flags [P.], seq 29:50, ack 3695, win 501, options [nop,nop,TS val 2786543744 ecr 3317196], length 21
19:18:16.869657 IP host-10-6-10-56.openstacklocal.37484 > 10.0.31.174.32003: Flags [.], ack 50, win 238, options [nop,nop,TS val 3317261 ecr 2786543744], length 0
19:18:16.898941 ARP, Request who-has host-10-6-10-49.openstacklocal tell host-10-6-10-22.openstacklocal, length 46
19:18:17.095497 IP 10.0.100.121.53712 > host-10-6-10-56.openstacklocal.ssh: Flags [P.], seq 1:37, ack 100, win 4070, options [nop,nop,TS val 21114584 ecr 3313610], length 36
19:18:17.095791 IP host-10-6-10-56.openstacklocal.ssh > 10.0.100.121.53712: Flags [P.], seq 100:136, ack 37, win 298, options [nop,nop,TS val 3317487 ecr 21114584], length 36
19:18:17.314228 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39080: Flags [P.], seq 254:340, ack 118, win 227, options [nop,nop,TS val 28679466 ecr 28671332], length 86
19:18:17.314629 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39080: Flags [.], ack 157, win 227, options [nop,nop,TS val 28679466 ecr 28671885], length 0
19:18:17.319506 IP host-10-6-10-75.openstacklocal.postgres > host-10-6-10-70.openstacklocal.39080: Flags [.], ack 196, win 227, options [nop,nop,TS val 28679471 ecr 28671890], length 0
相关文章
|
20天前
|
Linux 网络性能优化 网络安全
Linux(openwrt)下iptables+tc工具实现网络流量限速控制(QoS)
通过以上步骤,您可以在Linux(OpenWrt)系统中使用iptables和tc工具实现网络流量限速控制(QoS)。这种方法灵活且功能强大,可以帮助管理员有效管理网络带宽,确保关键业务的网络性能。希望本文能够为您提供有价值的参考。
75 28
|
1月前
|
数据采集 人工智能 自然语言处理
FireCrawl:开源 AI 网络爬虫工具,自动爬取网站及子页面内容,预处理为结构化数据
FireCrawl 是一款开源的 AI 网络爬虫工具,专为处理动态网页内容、自动爬取网站及子页面而设计,支持多种数据提取和输出格式。
263 19
FireCrawl:开源 AI 网络爬虫工具,自动爬取网站及子页面内容,预处理为结构化数据
|
17天前
|
网络协议 Unix Linux
深入解析:Linux网络配置工具ifconfig与ip命令的全面对比
虽然 `ifconfig`作为一个经典的网络配置工具,简单易用,但其功能已经不能满足现代网络配置的需求。相比之下,`ip`命令不仅功能全面,而且提供了一致且简洁的语法,适用于各种网络配置场景。因此,在实际使用中,推荐逐步过渡到 `ip`命令,以更好地适应现代网络管理需求。
31 11
|
2月前
|
存储 安全 物联网
浅析Kismet:无线网络监测与分析工具
Kismet是一款开源的无线网络监测和入侵检测系统(IDS),支持Wi-Fi、Bluetooth、ZigBee等协议,具备被动监听、实时数据分析、地理定位等功能。广泛应用于安全审计、网络优化和频谱管理。本文介绍其安装配置、基本操作及高级应用技巧,帮助用户掌握这一强大的无线网络安全工具。
90 9
浅析Kismet:无线网络监测与分析工具
|
1月前
|
网络协议 安全 测试技术
Nping工具详解:网络工程师的瑞士军刀
### Nping工具详解:网络工程师的瑞士军刀 Nping是Nmap项目的一部分,支持TCP、UDP、ICMP和ARP等多种协议,用于生成和分析网络数据包。它提供灵活的命令行界面,适用于网络探测、安全测试和故障排除。本文介绍Nping的基础与高级用法,包括发送不同类型的网络请求、自定义TCP标志位、路由跟踪等,并通过实战案例展示其应用。掌握Nping有助于更好地理解和管理网络环境。 (239字符)
76 8
|
2月前
|
前端开发 网络协议 安全
【网络原理】——HTTP协议、fiddler抓包
HTTP超文本传输,HTML,fiddler抓包,URL,urlencode,HTTP首行方法,GET方法,POST方法
|
3月前
|
安全 Windows
【Azure Cloud Service】在Windows系统中抓取网络包 ( 不需要另外安全抓包工具)
通常,在生产环境中,为了保证系统环境的安全和纯粹,是不建议安装其它软件或排查工具(如果可以安装,也是需要走审批流程)。 本文将介绍一种,不用安装Wireshark / tcpdump 等工具,使用Windows系统自带的 netsh trace 命令来获取网络包的步骤
101 32
|
2月前
|
Web App开发 网络协议 安全
网络编程懒人入门(十六):手把手教你使用网络编程抓包神器Wireshark
Wireshark是一款开源和跨平台的抓包工具。它通过调用操作系统底层的API,直接捕获网卡上的数据包,因此捕获的数据包详细、功能强大。但Wireshark本身稍显复杂,本文将以用抓包实例,手把手带你一步步用好Wireshark,并真正理解抓到的数据包的各项含义。
138 2
|
3月前
|
安全 网络安全 数据安全/隐私保护
访问控制列表(ACL)是网络安全管理的重要工具,用于定义和管理网络资源的访问权限。
访问控制列表(ACL)是网络安全管理的重要工具,用于定义和管理网络资源的访问权限。ACL 可应用于路由器、防火墙等设备,通过设定规则控制访问。其类型包括标准、扩展、基于时间和基于用户的ACL,广泛用于企业网络和互联网安全中,以增强安全性、实现精细管理和灵活调整。然而,ACL 也存在管理复杂和可能影响性能的局限性。未来,ACL 将趋向智能化和自动化,与其他安全技术结合,提供更全面的安全保障。
194 4
|
2月前
|
SQL 安全 网络安全
网络安全与信息安全:知识分享####
【10月更文挑战第21天】 随着数字化时代的快速发展,网络安全和信息安全已成为个人和企业不可忽视的关键问题。本文将探讨网络安全漏洞、加密技术以及安全意识的重要性,并提供一些实用的建议,帮助读者提高自身的网络安全防护能力。 ####
86 17

热门文章

最新文章