Use tcpdump to capture packets in Mac

Tcpdump is a powerful socket packet capture tool that analyzes network communication conditions. you must use the root permission to execute this tool on mac. Sudotcpdump: Enter the root password. The following is a simple UDP socket interaction used to demonstrate the parameters of tcpdump. udp server: requiresocketincludeSocket: Constantsso

TcpdumpIs a powerful socket packet capture tool that can analyze network communication conditions. you must use the root permission to execute this tool on mac.

Sudo tcpdump: Enter the root password.

The following is a simple UDP socket interaction used to demonstrate the parameters of tcpdump,

Udp server:

Require "socket"
Include Socket: Constants
Socket = Socket. new (AF_INET, SOCK_DGRAM, 0)
Sockaddr = Socket. pack_sockaddr_in (2200, "127.0.0.1 ")
Socket. bind (sockaddr)
Loop {
Message, client_addr = socket. recvfrom (20)
P message
Sleep 1
Socket. send (message, 0, client_addr)
}

Udp client:

Require "socket"
Include Socket: Constants
Socket = Socket. new (AF_INET, SOCK_DGRAM, 0)
Sockaddr = Socket. pack_sockaddr_in (2200, "127.0.0.1 ")
Loop {
Msg = STDIN. gets
Socket. send (msg, 0, sockaddr)
Sleep (3)
Message, client_addr = socket. recvfrom (20)
P message
}

Tcpdump-D. parameter D lists the network adapters.

~ Sudo tcpdump-D

1. en0

2. fw0

3. utun0

4. en1

5. p2p0

6. lo0

The above code uses the Loop address 127.0.0.1, so the corresponding adapter is 6. lo0

The tcpdump command to capture the above code is as follows:

~ Sudo tcpdump-I 6 udp port 2200

-I 6 indicates network communication with the monitoring loop adapter, udp protocol, and Port 2200.

~ Sudo tcpdump-X-I six udp port 2200

-X: Display communication data

Start the UDP server and client, and send data. in the terminal window that opens tcpdump, you can see the following:

Tcpdump: verbose output suppressed, use-v or-vv for fullprotocol decode

Listening on lo0, link-type NULL (BSD loopback), capture size65535 bytes

15:25:35. 952875 IP localhost.30713> localhost. ici: UDP, length 6

0x0000: 4500 0022 b236 0000 4011 0000 7f00 0001 E... ". 6 ..@.......

0x0010: 7f00 0001 77f9 0898 000e fe21 6865 6c6c ...... w ......! Hell

0x0020: 6f0a o.

15:25:36. 953409 IP localhost. ici> localhost.30713: UDP, length 6

0x0000: 4500 0022 8777 0000 4011 0000 7f00 0001 E... ". w ..@.......

0x0010: 7f00 0001 0898 77f9 000e fe21 6865 6c6c ...... w ....! Hell

0x0020: 6f0a o.

The above is the packet captured by tcpdump.

~ Sudo tcpdump-I 6

Restart the tcpdump tool and monitor the data used on the loop

Now, the UDP server is interrupted. only the client is started and data is sent. observe the tcpdump situation as follows:

15:49:40. 283935 IP localhost.12195> localhost. ici: UDP, length 7

15:49:40. 283982 IP localhost> localhost: ICMP localhost udpport ici unreachable, length 36

The cause of the error is ICMP localhost udp port iciunreachable.