Original article welcome reprint, please retain the source.
If you have any questions and suggestions, please reply.
Under Centos6.5, through the use of tcpdump grab and Wireshark analysis kits, preliminary understanding of the grab and package installation
First we need to install tcpdump, the necessary libraries:
Yum Install flex
Yum Install Bison yum Install
In addition Tcpdump is based on Libpcap, this is not found in Yum, we go to Tcpdump's official website (http://www.tcpdump.org/#latest-release) can download Libpcap and tcpdump
I use the tcpdump-4.7.3 tar.gz and libpcap-1.7.2. tar.gz.
First unpack the Libpcap, then go to the directory configuration installation
./configure make make
Then unzip the tcpdump and go to the directory configuration installation
./configure make make
If everything goes well, you can use tcpdump to grab the bag. Grab Bag
The tcpdump filter rule is to use the BPF syntax
(Refer to http://blog.csdn.net/jk110333/article/details/8675547)
We simply crawl can be used (note to start tcpdump with root privileges)
(1)-I eth0: Only grab packets that pass through the interface eth0
(1) Port 80: Crawl packets crawl only 80 ports
(3)-C 3: Crawl only 3 packets
(4)-T: Do not show time stamp
But this is more trouble, output to the console for the data packet when it appears to be troublesome, we put him out to the file, with the help of Wireshark to analyze the packet, the first to install Wireshark, directly through the Yum installation.
Yum install Wireshark (core, can use command Tshark)
yum Install (interface, can use command Wireshark-gnome)
After installation, start the graphical interface with the Wireshark command under root permission.
However, there is an error in CentOS 6.5 wireshark:symbol lookup error:wireshark:undefined Symbol:gtk_combo_box_text_new_with_entry
This error is a bug in Gtk2, we want to update the next GTK2:
Yum Update gtk2
Then you can start the normal Wireshark, we can also use Wireshark grab bag, here do not do demonstrations, we mainly use Wireshark to help us analyze the package, so first with the tcpdump grab package and save to the file. You can add-W to specify the output file after the Tcpdump command, and we
Tcpdump-i eth0 Port 80-c 3-t-w/home/max/tcpdump.pcap
Grab the bag after we open wireshark (Root permission), click File-open Open just grab the package file
can analyze the package, here is not specific analysis.
After a few days to write a grab bag, to achieve grab bag and save it through Wireshark to analyze.