Prerequisites: 1. a machine with Linux installed .... This is necessary; 2. Tcpdump program; 3. all of the following are root user logon operations, and commands cannot be copied directly to the Linux console. please enter them manually! 4. for tools and tutorials, click my Operation steps: 1. Upload tcpdump to Linux. first, grant permissions.
Prerequisites:
1. a machine installed with Linux .... This is necessary;
2. Tcpdump program;
3. All of the following are rootThe user logs on, and commands cannot be copied directly to LinuxConsole. enter it manually!
4. click me for tools and tutorials
Procedure:
1. setTcpdumpTo upload data to Linux, grant permissions first. I grant 777 permissions directly. if other permissions are considered, Grant 755 permissions,
Authorization command:
Chomd 777 tcpdump
For example
Run the command after the authorization is successful.
Ll tcpdump
The authorization result is displayed, as shown in.
2. view the Nic information. If you encounter a machine with multiple NICs, you need to select the Nic information,
Run the following command to view the Nic information:
Ifconfig
For example. It is a single Nic machine. we only need to listen when we capture packets.Eth0 .
3. execute the simple packet capture command
Tcpdump-I eth0-s 0-vv-w/root/test. pcap
For example, start packet capture.
Parameters:
-IEth0Monitor specified network interfaces
-S 0The default capture length is68Bytes. Add-S 0 Then you can capture the complete data packet.
-Vv Show detailed packet capture information
-W/Root/test. pcapSavePcapFile for ease of useWiresharkAnalysis
4. capture the packet command of the specified port
Tcpdump-I eth0-s 0-vv-w/root/test. pcap port 8080
5. command for capturing specified incoming and outgoing IP packets
Tcpdump-I eth0-s 0-vv-w/root/test. pcap host 192.168.0.20
6. capture commands for the specified IP address and port
Tcpdump-I eth0-s 0? Vv-w/root/test. pcap port 23 andhost 192.168.0.20
At present, it is enough to use the above packet capture command, and we will continue to study it later.