tcpdump命令使用详解(5)

[root@linuxidc ~]# tcpdump -c 3 -i ens33 -XX
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
02:03:21.704787 IP linuxidc.ssh > 10.1.1.1.55011: Flags [P.], seq 2765959902:2765960114, ack 3454752171, win 362, length 212
    0x0000:  0050 56c0 0008 000c 29ce 40b0 0800 4510  .PV.....).@...E.
    0x0010:  00fc 3612 4000 4006 edc2 0a01 0115 0a01  ..6.@.@.........
    0x0020:  0101 0016 d6e3 a4dd 32de cdeb 55ab 5018  ........2...U.P.
    0x0030:  016a 1706 0000 0000 00b0 bcc9 c244 c5bc  .j...........D..
    0x0040:  fb53 12de b143 b265 a9cb 7a34 670b f634  .S...C.e..z4g..4
    0x0050:  d2a5 d977 8de5 1bb0 6166 5394 e0dc 8311  ...w....afS.....
    0x0060:  1e63 1c33 0cae e945 d639 f505 583f dd45  .c.3...E.9..X?.E
    0x0070:  abd7 3822 4d63 2649 0e8d 19ac 2713 4732  ..8"Mc&I....'.G2
    0x0080:  7d7f eb9b df16 295a 94c9 1c68 e456 8319  }.....)Z...h.V..
    0x0090:  dc94 469a 8fbf a84b 7203 b010 0869 3193  ..F....Kr....i1.
    0x00a0:  7957 afad 19d3 3610 b0aa 4488 df5f 3f4b  yW....6...D.._?K
    0x00b0:  1f03 83f9 a480 0d08 cc6b 234c 5804 0787  .........k#LX...
    0x00c0:  180e 5cd0 e681 5c2a cd2f 216e 1f32 53dd  ..\...\*./!n.2S.
    0x00d0:  aa8e 1b22 c6d4 f8c0 896d 2b04 c00d 52f9  ...".....m+...R.
    0x00e0:  56b3 0189 1672 3e1f 35ce 72bc f8f1 3aaf  V....r>.5.r...:.
    0x00f0:  82e7 b2f6 c8af c3a5 36af 0616 c21d 6808  ........6.....h.
    0x0100:  246c bb48 2609 5583 d667                $l.H&.U..g
02:03:21.704989 IP 10.1.1.1.55011 > linuxidc.ssh: Flags [.], ack 212, win 2049, length 0
    0x0000:  000c 29ce 40b0 0050 56c0 0008 0800 4500  ..).@..PV.....E.
    0x0010:  0028 7afc 4000 8006 69bc 0a01 0101 0a01  .(z.@...i.......
    0x0020:  0115 d6e3 0016 cdeb 55ab a4dd 33b2 5010  ........U...3.P.
    0x0030:  0801 be9b 0000 0000 0000 0000            ............
02:03:21.705899 IP linuxidc.58309 > public1.alidns.com.domain: 46252+ PTR? 1.1.1.10.in-addr.arpa. (39)
    0x0000:  0050 56f5 98bc 000c 29ce 40b0 0800 4500  .PV.....).@...E.
    0x0010:  0043 e88b 4000 4011 62fe 0a01 0115 df05  .C..@.@.b.......
    0x0020:  0505 e3c5 0035 002f ef60 b4ac 0100 0001  .....5./.`......
    0x0030:  0000 0000 0000 0131 0131 0131 0231 3007  .......1.1.1.10.
    0x0040:  696e 2d61 6464 7204 6172 7061 0000 0c00  in-addr.arpa....
    0x0050:  01                                      .
3 packets captured
10 packets received by filter
0 packets dropped by kernel

[root@linuxidc ~]# tcpdump -c 3 -i ens33 -A
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
02:03:53.931462 IP 10.1.1.1.55011 > linuxidc.ssh: Flags [.], ack 2765963078, win 2048, length 0
E..({,@...i.
...
.........WG..?FP....l........
02:03:53.933710 IP linuxidc.40263 > public1.alidns.com.domain: 12427+ PTR? 21.1.1.10.in-addr.arpa. (40)
E..D..@.@.:.
........G.5.0.a0............21.1.1.10.in-addr.arpa.....
02:03:53.934052 IP linuxidc.ssh > 10.1.1.1.55011: Flags [P.], seq 1:213, ack 0, win 362, length 212
E...6.@.@...
...
.........?F..WGP..j..........T.IP.9~<..>....5...{..>> ..N.8.j.>...%.$.X;JE......}../z..Z...L..!.N6<.!'..^F...&..:+-}9.2.c.Bd.."...6Y...(W......!..QY.CWG.....s.[. L.>ED.......>.,1u..........-..> L.."... .......|.;.z|.0AB.R)z...q...N$...
3 packets captured
12 packets received by filter
0 packets dropped by kernel

四.总结

1.tcpdump的使用比较简单,上文已经列举了该工具的常用用法。

2.需要加强对TCP/IP四层参考模型的理解,文中涉及到的协议包括网络层和传输层的常见协议。

Linux公社的RSS地址https://www.linuxidc.com/rssFeed.aspx

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/12373.html