本文介绍了如何使用tcpdump命令进行接口包抓取。通过示例展示了如何针对特定接口和端口,以及源或目标地址进行抓包。在抓包过程中,可以使用'-i'参数指定接口,'-n'选项避免域名解析,并根据目的地址抓取特定主机的数据包。
Tcpdump
命令格式
System>tcpdump -i any port 23
–
n
先用这个来确定本地地址,再来抓包
tcpdump -i eth0 port 22 and src host 192.168.1.100
–
n
tcpdump -i eth0 port 22 and dst host 192.168.1.100
–
n
-i -----interface
R
是接收
X
是转发
根据目的地址抓包
TopsecOS# system tcpdump -i any host 172.16.1.20 -n
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 68 bytes
02:13:31.934485 R@eth0 IP 172.16.1.20.8002 > 198.100.100.200.1241: F 2607699394:
2607699394(0) ack 908633180 win 65123
02:13:31.934501 X@eth1 IP 172.16.1.20.8002 > 47.17.225.30.1241: F 2607699394:260
7699394(0) ack 908633180 win 65123
02:13:31.934644 R@eth0 IP 172.16.1.20.8002 > 198.100.100.200.1243: F 683368251:6
83368251(0) ack 2932894753 win 65123
02:13:31.934652 X@eth1 IP 172.16.1.20.8002 > 47.17.225.30.1243: F 683368251:6833
68251(0) ack 2932894753 win 65123
02:13:31.934850 R@eth0 IP 172.16.1.20.8002 > 198.100.100.200.1242: F 3204228935:
3204228935(0) ack 378320269 win 65123
02:13:31.934863 X@eth1 IP 172.16.1.20.8002 > 47.17.225.30.1242: F 3204228935:320
4228935(0) ack 378320269 win 65123
02:13:31.935053 R@eth0 IP 172.16.1.20.8002 > 198.100.100.200.1239: F 302027424:3
02027424(0) ack 737677523 win 65100
02:13:31.935060 X@eth1 IP 172.16.1.20.8002 > 47.17.225.30.1239: F 302027424:3020
27424(0) ack 737677523 win 65100
首先,在“系统”
“开放服务”中,添加需要
telnet
区域的相应的
telnet
权限,
“开始”
“运行”
“
cmd
”
,
输入
telnet 10.0.0.1
。
说明:
tcpdump
要在
system
目录下运行,基本格式即
Topsec. System # tcpdump
–
i any
–
n
(
and arp
)
(全局抓包)
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
