Linux使用tcpdump命令抓包保存pcap文件wireshark分析
[root@ok Desktop]# yum search tcpdump Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile * base: mirrors.yun-idc.com * extras: mirrors.yun-idc.com * updates: mirrors.yun-idc.com ======================================================================= N/S Matched: tcpdump ======================================================================== tcpdump.x86_64 : A network traffic monitoring tool Name and summary matches only, use "search all" for everything. [root@ok Desktop]# which tcpdump /usr/sbin/tcpdump [root@ok Desktop]# tcpdump -h tcpdump version 4.1-PRE-CVS_2015_07_23 libpcap version 1.4.0 Usage: tcpdump [-aAdDefhIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ] [ -i interface ] [ -j tstamptype ] [ -M secret ] [ -P in|out|inout ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ] [ -Z user ] [ expression ]
[root@ok Desktop]# yum search wireshark Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile * base: mirrors.yun-idc.com * extras: mirrors.yun-idc.com * updates: mirrors.yun-idc.com ================================================ N/S Matched: wireshark ================================================ wireshark-devel.i686 : Development headers and libraries for wireshark wireshark-devel.x86_64 : Development headers and libraries for wireshark wireshark-gnome.x86_64 : Gnome desktop integration for wireshark and wireshark-usermode wireshark.i686 : Network traffic analyzer wireshark.x86_64 : Network traffic analyzer Name and summary matches only, use "search all" for everything.
安裝:linux
[root@ok Desktop]# yum install wireshark* -y [root@ok Desktop]# which wireshark /usr/sbin/wireshark
[root@ok Desktop]# rpm -qa|grep wireshark
wireshark-devel-1.8.10-17.el6.x86_64
wireshark-1.8.10-17.el6.x86_64
wireshark-gnome-1.8.10-17.el6.x86_64
保存tcpdump抓包結果express
[root@bass Desktop]# tcpdump -i eth0 -w dump.pcap -i #是指定要抓取的網卡 -w #指定結果保存的位置 [root@bass Desktop]# tcpdump -i eth0 -w dump.pcap -v tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes ^C189 packets captured 189 packets received by filter 0 packets dropped by kernel -v#主要是爲了獲得Got 15這個數,當想要中止的時候,按下ctrl + c [root@bass Desktop]# ll -h dump.pcap -rw-r--r--. 1 tcpdump tcpdump 18K Aug 30 13:19 dump.pcap
在wireshark中打開:網絡
[root@bass Desktop]# wireshark dump.pcap #linux下查看
咱們用tcpdump抓包的時候,默認是顯示這樣的:tcp
上圖中標出三快區域,紅色框內,是用來顯示簡單的數據包信息,咱們用tcpdump抓包如時候,默認狀況是顯示成這樣的;深藍框內,是用來顯示選中的數據包的詳細信息,是按照TCP/IP四層結構顯示的,第一行是數據鏈路層的信息,第二行是網絡層信息(IP協議),第三行是傳輸層信息(TCP協議),第四層是應用層信息(HTTP協議),能夠展開第一行用來觀察具體的內容;最後一個區域淡藍色框中,是用來顯示此數據包的真實面目。(下圖列清楚)spa
------------------------------------------------------------------------------------------------------------------------------------------------------3d
sh-4.1# tcpdump -i eth0 -c 20 -w 20gebao -v tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 20 packets captured 20 packets received by filter 0 packets dropped by kernel
使用-c參數指定要監聽到的數據包數量code
相關文章
- 1. tcpdump命令抓包保存pcap文件wireshark分析
- 2. Linux使用tcpdump命令抓包並使用wireshark分析
- 3. 178_Android抓包-Tcpdump命令+Wireshark
- 4. tcpdump抓包命令和wireshark抓包分析
- 5. tcpdump抓包wireshark分析
- 6. tcpdump / wireshark 抓包及分析
- 7. tcpdump抓包與Wireshark分析
- 8. 抓包及分析(wireshark&tcpdump)
- 9. 使用wireshark分析tcpdump出來的pcap文件
- 10. tcpdump抓包命令使用
- 更多相關文章...
- • PHP 包含文件 - PHP教程
- • Kotlin 使用命令行編譯 - Kotlin 教程
- • Docker 清理命令
- • 三篇文章瞭解 TiDB 技術內幕——說存儲
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章