Prerequisites:
1. A machine with Linux installed .... This is necessary;
2. tcpdump procedures;
3. All of the following are root login operations, and the command does not support direct copy to the Linux console, please enter it manually!
4. Tools and tutorials Document points I
Operation Steps:
1. Upload tcpdump to Linux, first execute the right, I am directly assigned 777 permissions, if considering the other, can assign 755 of the permissions,
Empowering Commands:
CHOMD 777 Tcpdump
Such as
650) this.width=650; "alt=" Click to view the original "src=" Http://upload.server110.com/image/20140404/1FS21142-0.png "style=" border:0 px; "/>
Execute command after successful empowerment
ll Tcpdump
You can see the result of empowerment, such as.
650) this.width=650; "alt=" Click to view the original "src=" Http://upload.server110.com/image/20140404/1FS24C7-1.png "style=" border:0 px; "/>
2. View the NIC information. If you encounter a multi-nic machine, you should choose to execute the network card information,
Check the network card information command first:
Ifconfig
Such as. is a single network card machine, when we grasp the packet as long as the monitoring eth0 .
650) this.width=650; "alt=" Click to view the original "src=" Http://upload.server110.com/image/20140404/1FS222a-2.png "style=" border:0 px; "/>
3. Execute a simple packet grab command
Tcpdump-i eth0-s 0-vv-w/root/test.pcap
For example, start grabbing the bag.
650) this.width=650; "alt=" Click to view the original "src=" Http://upload.server110.com/image/20140404/1FS25540-3.png "style=" border:0 px; "/>
Detailed parameters:
-I eth0 monitoring specified network interfaces
- S 0 The default fetch length when fetching packets is the bytes. Plus - s 0 can catch complete packets
-VV Show detailed packet capture information
- w /root/test.pcap saved as pcap file for easy analysis with wireshark
4. Fetching message commands for a specified port
Tcpdump-i eth0-s 0-vv-w/root/test.pcap port 8080
5. Fetching the specified Access IP message command
Tcpdump-i eth0-s 0-vv-w/root/test.pcap host 192.168.0.20
6. Fetching commands for specified IP and ports
Tcpdump-i eth0-s 0–vv-w/root/test.pcap Port and host 192.168.0.20
At present, the use of the above command to grasp the package is sufficient, and continue to study in the back.
This article is from the "XFICC" blog, make sure to keep this source http://xficc.blog.51cto.com/1189288/1566390
Linux system uses tcpdump command to grab packets