Centos6.5 using tcpdump grab bag and Wireshark analysis

Source: Internet
Author: User
Original article welcome reprint, please retain the source.
If you have any questions and suggestions, please reply.
Email: Maxwell_nc@163.com

Under Centos6.5, through the use of tcpdump grab and Wireshark analysis kits, preliminary understanding of the grab and package installation

First we need to install tcpdump, the necessary libraries:

Yum Install flex  
Yum Install Bison yum Install  

In addition Tcpdump is based on Libpcap, this is not found in Yum, we go to Tcpdump's official website (http://www.tcpdump.org/#latest-release) can download Libpcap and tcpdump
I use the tcpdump-4.7.3 tar.gz and libpcap-1.7.2. tar.gz.
First unpack the Libpcap, then go to the directory configuration installation

./configure make make              

Then unzip the tcpdump and go to the directory configuration installation

./configure make make              

If everything goes well, you can use tcpdump to grab the bag. Grab Bag

The tcpdump filter rule is to use the BPF syntax
(Refer to http://blog.csdn.net/jk110333/article/details/8675547)
We simply crawl can be used (note to start tcpdump with root privileges)

(1)-I eth0: Only grab packets that pass through the interface eth0
(1) Port 80: Crawl packets crawl only 80 ports
(3)-C 3: Crawl only 3 packets
(4)-T: Do not show time stamp

But this is more trouble, output to the console for the data packet when it appears to be troublesome, we put him out to the file, with the help of Wireshark to analyze the packet, the first to install Wireshark, directly through the Yum installation.

Yum install Wireshark (core, can use command Tshark)
yum Install (interface, can use command Wireshark-gnome)

After installation, start the graphical interface with the Wireshark command under root permission.
However, there is an error in CentOS 6.5 wireshark:symbol lookup error:wireshark:undefined Symbol:gtk_combo_box_text_new_with_entry
This error is a bug in Gtk2, we want to update the next GTK2:

Yum Update gtk2

Then you can start the normal Wireshark, we can also use Wireshark grab bag, here do not do demonstrations, we mainly use Wireshark to help us analyze the package, so first with the tcpdump grab package and save to the file. You can add-W to specify the output file after the Tcpdump command, and we

Tcpdump-i eth0 Port 80-c 3-t-w/home/max/tcpdump.pcap

Grab the bag after we open wireshark (Root permission), click File-open Open just grab the package file

can analyze the package, here is not specific analysis.
After a few days to write a grab bag, to achieve grab bag and save it through Wireshark to analyze.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.