tcpdump 抓取dns 包
tcpdump port 53 -s0 -i any -n
11:12:40.597856 IP 10.128.0.2.52837 > 169.254.169.254.domain: 18303+ A? baidu.com. (27)
11:12:40.912517 IP 169.254.169.254.domain > 10.128.0.2.52837: 18303 3/0/0 A 123.125.114.144, A 220.181.57.217, A 111.13.101.208 (75)
11:12:42.259141 IP 10.128.0.2.47670 > 169.254.169.254.domain: 14582+ PTR? 144.114.125.123.in-addr.arpa. (46)
11:12:42.608822 IP 169.254.169.254.domain > 10.128.0.2.47670: 14582 NXDomain 0/1/0 (100)
参数简析
-s0 表示不限制包大小
-i any 表示抓取所有网卡
-n 表示,使用数字表示ip
-nn 表示,使用数字表示ip与端口
tcpdump 抓取特定端口,显示文本
tcpdump port 80 -s0 -i any -A
tcpdump 抓取特定端口,显示二进制
tcpdump port 80 -s0 -i any -XXX
9:24:09.974271 IP AY1211250421408673894.57952 > 106.11.68.13.http: Flags [P.], seq 1206111532:1206112202, ack 3930966460, win 65280, length 670
0x0000: 0004 0001 0006 0016 3e0c 0ced 0000 0800 ........>.......
0x0010: 4500 02c6 54da 4000 4006 042a 2a79 069d E...T.@.@..**y..
0x0020: 6a0b 440d e260 0050 47e3 cd2c ea4d c9bc j.D..`.PG..,.M..
0x0030: 5018 ff00 e1e6 0000 000c 0000 0298 7458 P.............tX
0x0040: 674f 5965 776f 6752 4350 6f4b 4942 3665 gOYewogRCPoKIB6e
0x0050: 344b 4438 504e 7731 334c 634f 7944 6563 4KD8PNw13LcOyDec
