perintah tcpdump Linux
Linux perintah tcpdump digunakan untuk membuang jaringan transmisi data.
Mengeksekusi daftar perintah tcpdump melalui header paket menentukan antarmuka jaringan di sistem operasi Linux, Anda harus menjadi administrator sistem.
tatabahasa
tcpdump [-adeflnNOpqStvx][-c<数据包数目>][-dd][-ddd][-F<表达文件>][-i<网络界面>][-r<数据包文件>][-s<数据包大小>][-tt][-T<数据包类型>][-vv][-w<数据包文件>][输出数据栏位]
Parameter Deskripsi:
- -a mencoba untuk jaringan dan alamat broadcast ke nama.
- Setelah -c <jumlah paket> Menentukan jumlah paket yang diterima, menghentikan operasi pembuangan.
- -d paket data tersebut dikompilasi dikodekan dikonversi ke dalam format yang dapat dibaca dan dibuang ke output standar.
- -dd disusun paket data format encoding diubah ke dalam bahasa C, dan dibuang ke output standar.
- -ddd paket data yang dikumpulkan diubah menjadi format desimal kode dan dibuang ke output standar.
- -e Menampilkan header koneksi-level pada setiap kolom dump data.
- -f Menampilkan alamat Internet menggunakan nomor tersebut.
- F <Berkas ekspresi> Menentukan file yang berisi alat ekspresi.
- -i <antarmuka jaringan> Gunakan ditentukan sectional jaringan mengirim paket.
- -l menggunakan buffer untuk kolom output standar.
- -n tidak host alamat jaringan ke nama.
- N Jangan daftar nama domain.
- -O Tidak dikodekan optimasi paket.
- p membiarkan antarmuka jaringan ke modus promiscuous.
- -q keluaran cepat, untuk daftar hanya beberapa informasi protokol transmisi.
- r <file paket> membaca data paket dari file yang ditentukan.
- -s <ukuran paket> Mengatur ukuran masing-masing paket.
- -S Absolute daripada nilai relatif dari sejumlah asosiasi yang terdaftar di TCP.
- t tidak menampilkan waktu yang tertera pada setiap kolom dump data.
- -tT menampilkan timestamp terformat pada setiap kolom dump data.
- -T <Jenis paket> untuk memaksa paket ekspresi yang ditentukan Data pengaturan jenis diterjemahkan paket.
- menampilkan v rinci eksekusi instruksi.
- -vv menunjukkan lebih detail eksekusi instruksi.
- -x kode karakter heksadesimal tercantum dalam paket data.
- w <file paket> menulis paket data ke file yang ditentukan.
contoh
Informasi paket TCP
# tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 23:35:55.129998 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 148872068:148872168(100) ack 4184371747 win 2100 23:35:55.182357 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 100 win 64240 23:35:55.182397 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 100:200(100) ack 1 win 2100 23:35:55.131713 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 50226+ PTR? 1.0.168.192.in-addr.arpa. (42) 23:35:55.131896 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 50226+ PTR? 1.0.168.192.in-addr.arpa. (42) 23:35:55.154238 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 50226 NXDomain 0/0/0 (42) 23:35:55.156298 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 50226 NXDomain 0/0/0 (42) 23:35:55.159292 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 30304+ PTR? 3.0.168.192.in-addr.arpa. (42) 23:35:55.159449 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 30304+ PTR? 3.0.168.192.in-addr.arpa. (42) 23:35:55.179816 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 30304 NXDomain 0/0/0 (42) 23:35:55.181279 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 30304 NXDomain 0/0/0 (42) 23:35:55.181806 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 200:268(68) ack 1 win 2100 23:35:55.182177 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 268 win 64198 23:35:55.182677 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 43983+ PTR? 112.96.103.202.in-addr.arpa. (45) 23:35:55.182807 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 43983+ PTR? 112.96.103.202.in-addr.arpa. (45) 23:35:55.183055 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 268:352(84) ack 1 win 2100 23:35:55.201096 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 43983 1/0/0 (72) 23:35:55.203087 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 43983 1/0/0 (72) 23:35:55.204666 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 352:452(100) ack 1 win 2100 23:35:55.204852 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 452 win 64152 23:35:55.205305 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 452:520(68) ack 1 win 2100 23:35:55.205889 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 9318+ PTR? 85.6.250.118.in-addr.arpa. (43) 23:35:55.206071 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 9318+ PTR? 85.6.250.118.in-addr.arpa. (43) 23:35:55.215338 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: P 2392751922:2392751987(65) ack 2849759785 win 54 23:35:55.216273 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 2392751922:2392751987(65) ack 2849759785 win 54 23:35:55.329204 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 520 win 64135 23:35:55.458214 IP 192.168.0.65.2057 > 115.238.1.45.3724: . ack 65 win 32590 23:35:55.458221 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724: . ack 65 win 32590 23:35:55.708228 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: P 65:118(53) ack 1 win 54 23:35:55.710213 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 65:118(53) ack 1 win 54 23:35:55.865151 IP 192.168.0.65.2057 > 115.238.1.45.3724: . ack 118 win 32768 23:35:55.865157 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724: . ack 118 win 32768 23:35:56.242805 IP 192.168.0.65.2057 > 115.238.1.45.3724: P 1:25(24) ack 118 win 32768 23:35:56.242812 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724: P 1:25(24) ack 118 win 32768 23:35:56.276816 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: . ack 25 win 54 23:35:56.278240 IP 115.238.1.45.3724 > 192.168.0.65.2057: . ack 25 win 54 23:35:56.349747 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: P 118:159(41) ack 25 win 54 23:35:56.351780 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 118:159(41) ack 25 win 54 23:35:56.400051 PPPoE [ses 0x1cb0] IP 119.147.18.44.8000 > 118.250.6.85.4000: UDP, length 79 23:35:56.475050 IP 192.168.0.65.2057 > 115.238.1.45.3724: . ack 159 win 32762 23:35:56.475063 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724: . ack 159 win 32762 23:35:56.508968 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: P 159:411(252) ack 25 win 54 23:35:56.510182 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 159:411(252) ack 25 win 54 23:35:56.592028 PPPoE [ses 0x1cb0] IP 117.136.2.43.38959 > 118.250.6.85.63283: UDP, length 36 44 packets captured 76 packets received by filter 0 packets dropped by kernel
Menampilkan jumlah paket
# tcpdump -c 20 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 23:36:28.949538 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 148875984:148876020(36) ack 4184373187 win 2100 23:36:28.994325 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 36 win 64020 23:36:28.994368 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 36:72(36) ack 1 win 2100 23:36:28.950779 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 18242+ PTR? 1.0.168.192.in-addr.arpa. (42) 23:36:28.950948 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 18242+ PTR? 1.0.168.192.in-addr.arpa. (42) 23:36:28.960105 PPPoE [ses 0x1cb0] IP 222.82.119.41.13594 > 118.250.6.85.63283: UDP, length 36 23:36:28.962192 IP 222.82.119.41.13594 > 192.168.0.65.13965: UDP, length 36 23:36:28.963118 IP 192.168.0.65.13965 > 222.82.119.41.13594: UDP, length 34 23:36:28.963123 PPPoE [ses 0x1cb0] IP 118.250.6.85.63283 > 222.82.119.41.13594: UDP, length 34 23:36:28.970185 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 18242 NXDomain 0/0/0 (42) 23:36:28.970413 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 18242 NXDomain 0/0/0 (42) 23:36:28.972352 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 17862+ PTR? 3.0.168.192.in-addr.arpa. (42) 23:36:28.972474 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 17862+ PTR? 3.0.168.192.in-addr.arpa. (42) 23:36:28.982287 PPPoE [ses 0x1cb0] IP 121.12.131.163.13109 > 118.250.6.85.63283: UDP, length 27 23:36:28.984162 IP 121.12.131.163.13109 > 192.168.0.65.13965: UDP, length 27 23:36:28.985021 IP 192.168.0.65.13965 > 121.12.131.163.13109: UDP, length 103 23:36:28.985027 PPPoE [ses 0x1cb0] IP 118.250.6.85.63283 > 121.12.131.163.13109: UDP, length 103 23:36:28.991919 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 17862 NXDomain 0/0/0 (42) 23:36:28.993142 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 17862 NXDomain 0/0/0 (42) 23:36:28.993574 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 72:140(68) ack 1 win 2100 20 packets captured 206 packets received by filter 129 packets dropped by kernel
display kompak
# tcpdump -c 10 -q //精简模式显示 10个包 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 23:43:05.792280 IP 192.168.0.3.ssh > 192.168.0.1.2101: tcp 36 23:43:05.842115 IP 192.168.0.1.2101 > 192.168.0.3.ssh: tcp 0 23:43:05.845074 IP 115.238.1.45.3724 > 192.168.0.65.2057: tcp 0 23:43:05.907155 IP 192.168.0.3.ssh > 192.168.0.1.2101: tcp 36 23:43:05.793880 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: UDP, length 42 23:43:05.794076 PPPoE [ses 0x1cb0] IP 118.250.6.85.64219 > dns2.cs.hn.cn.domain: UDP, length 42 23:43:05.811127 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64219: UDP, length 42 23:43:05.814764 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: UDP, length 42 23:43:05.816404 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: UDP, length 42 23:43:05.816545 PPPoE [ses 0x1cb0] IP 118.250.6.85.64219 > dns2.cs.hn.cn.domain: UDP, length 42 10 packets captured 39 packets received by filter 0 packets dropped by kernel
Mengkonversi gram untuk membaca format
# tcpdump -d (000) ret #96
Dikonversi ke format desimal
# tcpdump -ddd 1 6 0 0 96