Centos6.5 using tcpdump grab bag and Wireshark analysis

Preface

Original article welcome reprint, please retain the source.
If you have any questions and suggestions, please reply.
Email: Maxwell_nc@163.com

Under Centos6.5, through the use of tcpdump grab and Wireshark analysis kits, preliminary understanding of the grab and package installation

First we need to install tcpdump, the necessary libraries:

Yum Install flex  
Yum Install Bison yum Install  
gcc  

In addition Tcpdump is based on Libpcap, this is not found in Yum, we go to Tcpdump's official website (http://www.tcpdump.org/#latest-release) can download Libpcap and tcpdump
I use the tcpdump-4.7.3 tar.gz and libpcap-1.7.2. tar.gz.
First unpack the Libpcap, then go to the directory configuration installation

./configure make make              
install   

Then unzip the tcpdump and go to the directory configuration installation

./configure make make              
install   

If everything goes well, you can use tcpdump to grab the bag. Grab Bag

The tcpdump filter rule is to use the BPF syntax
(Refer to http://blog.csdn.net/jk110333/article/details/8675547)
We simply crawl can be used (note to start tcpdump with root privileges)

(1)-I eth0: Only grab packets that pass through the interface eth0
(1) Port 80: Crawl packets crawl only 80 ports
(3)-C 3: Crawl only 3 packets
(4)-T: Do not show time stamp

But this is more trouble, output to the console for the data packet when it appears to be troublesome, we put him out to the file, with the help of Wireshark to analyze the packet, the first to install Wireshark, directly through the Yum installation.

Yum install Wireshark (core, can use command Tshark)
yum Install (interface, can use command Wireshark-gnome)

After installation, start the graphical interface with the Wireshark command under root permission.
However, there is an error in CentOS 6.5 wireshark:symbol lookup error:wireshark:undefined Symbol:gtk_combo_box_text_new_with_entry
This error is a bug in Gtk2, we want to update the next GTK2:

Yum Update gtk2

Then you can start the normal Wireshark, we can also use Wireshark grab bag, here do not do demonstrations, we mainly use Wireshark to help us analyze the package, so first with the tcpdump grab package and save to the file. You can add-W to specify the output file after the Tcpdump command, and we

Tcpdump-i eth0 Port 80-c 3-t-w/home/max/tcpdump.pcap

Grab the bag after we open wireshark (Root permission), click File-open Open just grab the package file

can analyze the package, here is not specific analysis.
After a few days to write a grab bag, to achieve grab bag and save it through Wireshark to analyze.