1.tcpdump
我的命令:
tcpdump -s0 -x -i eth0 host 192.168.5.21 or host 192.168.5.22 -w wd.cap抓取IP为192.168.5.21和192.168.5.22的包,以wd.cap名称进行保存
tcpdump -s0 -i any udp port 8500 or port 8600
tcpdump -s0 -x host 192.168.16.139
抓包结束时,使用Ctrl+z
sz wd.cap,使用sz命令将wd.cap的包放到“..\SecureCRT\download”命令下(用的SecureCRT运行的linux)
使用wireshark可以打开抓取到的包
使用man tcpdump可以得到tcpdump命令的详细说明,下面是man tcpdump的一部分
NAME
tcpdump - dump traffic on a network
DESCRIPTION
Tcpdump prints out the headers of packets on a network interface that match the boolean expression. It can
also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with
the -r flag, which causes it to read from a saved packet file rather than to read packets from a network inter-
face. In all cases, only packets that match expression will be processed by tcpdump.
Tcpdump will, if not run with the -c flag, continue capturing packets until it is interrupted by a SIGINT sig-
nal (generated, for example, by typing your interrupt character, typically control-C) or a SIGTERM signal (typ-
ically generated with the kill(1) command); if run with the -c flag, it will capture packets until it is inter-
rupted by a SIGINT or SIGTERM signal or the specified number of packets have been processed.
When tcpdump finishes capturing packets, it will report counts of:
packets ‘‘captured’’ (this is the number of packets that tcpdump has received and processed);
packets ‘‘received by filter’’ (the meaning of this depends on the OS on which you’re running tcpdump,
and possibly on the way the OS was configured - if a filter was specified on the command line, on some
OSes it counts packets regardless of whether they were matched by the filter expression and, even if
they were matched by the filter expression, regardless of whether tcpdump has read and processed them
yet, on other OSes it counts only packets that were matched by the filter expression regardless of
whether tcpdump has read and processed them yet, and on other OSes it counts only packets that were
matched by the filter expression and were processed by tcpdump);
packets ‘‘dropped by kernel’’ (this is the number of packets that were dropped, due to a lack of buffer
space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that
information to applications; if not, it will be reported as 0).
2.nc
我的命令:
nc -rn -kl port侦听端口
使用man nc可以得到nc命令的详细说明,下面是man nc的一部分
NAME
nc - arbitrary TCP and UDP connections and listens
DESCRIPTION
The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP. It can open TCP
connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4
and IPv6. Unlike telnet(1), nc scripts nicely, and separates error messages onto standard error instead of send-
ing them to standard output, as telnet(1) does with some.
分享到:
相关推荐
里面附有安装文档(亲测可用)
抓包命令tcpdump.pdf
Linux系统抓包命令tcpdump使用实例.docx
Linux tcpdump命令详解.用简单的话来定义tcpdump,就是:dump the traffic on a network,根据使用者的定义对网络上的数据包进行截获的包分析工具。 tcpdump可以将网络中传送的数据包的“头”完全截获下来提供分析。...
适用于ARMv5 Linux的tcpdump。。 那个著名的抓包程序~ 静态编译~
利用tcpdump抓包和awk处理写的基于端口的流量统计
Linux tcpdump命令 Linux tcpdump命令用于倾倒网络传输数据。 执行tcpdump指令可列出经过指定网络界面的数据包文件头,在Linux操作系统中,你必须是系统管理员。 语法tcpdump [-adeflnNOpqStvx][-c][-dd][-ddd][-F]...
主要给大家介绍了关于Linux中tcpdump命令的相关资料,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面来一起学习学习吧
Linux下tcpdump使用说明,比较详细、实用。
海思arm-hisiv300-linux- 交叉编译 tcpdump libpcap-1.8.1.tar.gz tcpdump-4.9.0 tcpdump-4.9.0.tar.gz 字数补丁
一个在LINUX上很好用的工具,查看网络流量.附加了源文件,可以参考.文件最后的RAR扩展名直接可以去掉.
Linux-tcpdump命令详细讲解.doc
linux下抓包命令--tcpdump的使用
Tcpdump命令的使用与示例—linux下的网络分析。
当 tcpdump 完成了抓包,它将展示如下计数:已捕获数据包数量(这是 tcpdump 已接受和已处理的数据包数)已由筛选器接受的数据包数量(其含义取决于运行
讲解Tcpdump的常见参数,以及命令格式,并通过举例说明。
实用命令实例 默认启动 tcpdump 普通情况下,直接启动tcpdump将监视第一个网络接口上所有流过的数据包。 监视指定网络接口的数据包 tcpdump -i eth1 如果不指定网卡,默认tcpdump只会监视第一个网络接口,一般是...
linux下利用tcpdump实现24小时自动抓包.docx
Tcpdump 4.5.1版本,解压后是一个二进制可执行文件,不需要任何编译和安装,可以直接执行,上传Linux环境解压即可使用: root@admin:/tmp# ./tcpdump -help tcpdump version 4.5.1 libpcap version 1.5.3 Usage: ...