linux 抓包利器之tcpdump 技巧&经验

tcpdump 抓取dns 包

tcpdump port 53 -s0 -i any -n
11:12:40.597856 IP 10.128.0.2.52837 > 169.254.169.254.domain: 18303+ A? baidu.com. (27)
11:12:40.912517 IP 169.254.169.254.domain > 10.128.0.2.52837: 18303 3/0/0 A 123.125.114.144, A 220.181.57.217, A 111.13.101.208 (75)
11:12:42.259141 IP 10.128.0.2.47670 > 169.254.169.254.domain: 14582+ PTR? 144.114.125.123.in-addr.arpa. (46)
11:12:42.608822 IP 169.254.169.254.domain > 10.128.0.2.47670: 14582 NXDomain 0/1/0 (100)

参数简析

-s0 表示不限制包大小

-i any 表示抓取所有网卡

-n 表示,使用数字表示ip

-nn 表示,使用数字表示ip与端口

tcpdump 抓取特定端口,显示文本

tcpdump port 80 -s0 -i any -A

tcpdump 抓取特定端口,显示二进制

tcpdump port 80 -s0 -i any -XXX
9:24:09.974271 IP AY1211250421408673894.57952 > 106.11.68.13.http: Flags [P.], seq 1206111532:1206112202, ack 3930966460, win 65280, length 670
0x0000:  0004 0001 0006 0016 3e0c 0ced 0000 0800  ........>.......
0x0010:  4500 02c6 54da 4000 4006 042a 2a79 069d  E...T.@.@..**y..
0x0020:  6a0b 440d e260 0050 47e3 cd2c ea4d c9bc  j.D..`.PG..,.M..
0x0030:  5018 ff00 e1e6 0000 000c 0000 0298 7458  P.............tX
0x0040:  674f 5965 776f 6752 4350 6f4b 4942 3665  gOYewogRCPoKIB6e
0x0050:  344b 4438 504e 7731 334c 634f 7944 6563  4KD8PNw13LcOyDec
humboldt Written by:

humboldt 的趣味程序园