[root@svr5 ~]# tcpdump -A host 192.168.4.100 and tcp port 21
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
.. .. //进入等待捕获数据包的状态
2)执行FTP访问,并观察tcpdump抓包结果
参考前面的测试操作,再次从客户机pc120访问主机mail的vsftpd服务。然后查看执行中tcpdump程序的输出,仔��分析FTP连接的建立过程、确认收集到的用户名和口令信息。
. ..
18:47:25.964110 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [S], seq 1201822818, win 65535, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
E..4..@.@......x...d.*..G.\b........;...............
18:47:25.964268 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [S.], seq 2284929633, ack 1201822819, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
E..4..@.@......d...x...*.1BaG.\c..9.7...............
18:47:25.964436 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [.], ack 1, win 65535, length 0
E..(..@.@.. ...x...d.*..G.\c.1BbP.............
18:47:25.967592 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [P.], seq 1:21, ack 1, win 229, length 20
E..<FJ@.@.jE...d...x...*.1BbG.\cP...V...220 (vsFTPd 2.2.2)
18:47:26.117057 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [.], ack 21, win 65515, length 0
E..(..@.@......x...d.*..G.\c.1BvP.............
18:47:27.960530 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [P.], seq 1:14, ack 21, win 65515, length 13
E..5..@.@......x...d.*..G.\c.1BvP.......USER mickey
18:47:27.960544 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [.], ack 14, win 229, length 0
E..(FK@.@.jX...d...x...*.1BvG.\pP.............
18:47:27.960783 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [P.], seq 21:55, ack 14, win 229, length 34
E..JFL@.@.j5...d...x...*.1BvG.\pP...i~..331 Please specify the password.
18:47:28.085168 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [.], ack 55, win 65481, length 0
E..(..@.@......x...d.*..G.\p.1B.P.............
18:47:29.657364 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [P.], seq 14:27, ack 55, win 65481, length 13
E..5..@.@......x...d.*..G.\p.1B.P.......PASS pwd123
18:47:29.696968 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [.], ack 27, win 229, length 0
E..(FM@.@.jV...d...x...*.1B.G.\}P.............
18:47:29.702671 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [P.], seq 55:78, ack 27, win 229, length 23
E..?FN@.@.j>...d...x...*.1B.G.\}P.......230 Login successful.
18:47:29.835258 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [.], ack 78, win 65458, length 0
E..(..@.@......x...d.*..G.\}.1B.P.............
18:47:31.716375 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [P.], seq 27:33, ack 78, win 65458, length 6
E.....@.@......x...d.*..G.\}.1B.P... ...QUIT
18:47:31.716532 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [.], ack 33, win 229, length 0
E..(FO@.@.jT...d...x...*.1B.G.\.P....}........
18:47:31.716634 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [P.], seq 78:92, ack 33, win 229, length 14
E..6FP@.@.jE...d...x...*.1B.G.\.P.......221 Goodbye.
18:47:31.716677 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [F.], seq 92, ack 33, win 229, length 0
E..(FQ@.@.jR...d...x...*.1B.G.\.P....n........
18:47:31.717053 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [.], ack 93, win 65444, length 0
E..(..@.@......x...d.*..G.\..1B.P.............
18:47:31.718796 IP 192.168.4.120.novation > 192.168.4.100.ftp: Flags [F.], seq 33, ack 93, win 65444, length 0
E..(..@.@......x...d.*..G.\..1B.P.............
18:47:31.719097 IP 192.168.4.100.ftp > 192.168.4.120.novation: Flags [.], ack 34, win 229, length 0
E..(..@.@......d...x...*.1B.G.\.P....m........
Nmap 7.80 发布,新的Npcap Windows数据包捕获驱动 https://www.linuxidc.com/Linux/2019-08/160067.htm
CentOS 7下安装使用最新版本Nmap https://www.linuxidc.com/Linux/2019-09/160563.htm
Linux公社的RSS地址:https://www.linuxidc.com/rssFeed.aspx