Linux packet capture tool tcpdump command introduction
Source: Internet
Author: User
The Tcpdump command of the Linux network performance debugging tool is used to monitor TCP/IP connections and directly read data headers at the data link layer. You can specify which data packets are monitored and which control formats are to be displayed. For example, we want to monitor the communication between all Ethernet connections and execute the following command: Tcpdump-ieth0, even on a relatively calm network, many Linux network performance debugging tools also use the Tcpdump command to monitor TCP/IP connections and directly read data headers at the data link layer. You can specify which data packets are monitored and which control formats are to be displayed.
For example, to monitor communication between all Ethernet devices, run the following command:
Tcpdump-I eth0
Even on a relatively calm network, there is a lot of communication, so we may only need to get the information of the packets we are interested in. In general, the TCP/IP stack only binds data packets from the local host to the receiving station and ignores the address of other computers on the network (unless you are using a vro ). When you run a Linux network performance debugging tool
TcpdumpIt sets the TCP/IP stack to the promiscuous mode. This mode can receive all the data packets and display them effectively. If we only care about the communication of our local host, one way is to use the "-p" parameter to disable promiscuous mode, and another way is to specify the host name:
Tcpdump-I eth0 host hostname
In this case, the system only monitors the communication data packets of the host named hostname. The host name can be a local host or any computer on the network. The following command reads all data sent by the host hostname:
Tcpdump-I eth0 src host hostname
The following Command monitors all data packets sent to the host hostname:
Tcpdump-I eth0 dst host hostname
We can also monitor data packets through the specified Gateway:
Tcpdump-I eth0 gateway Gatewayname
If you want to monitor the TCP or UDP data packets mapped to the specified port, run the following command:
Tcpdump-I eth0 host hostname and port 80
This command displays the outgoing headers from each packet and the address of port 80 from the host hostname. Port 80 is the default HTTP service port number. If we only need to list the data packets sent to port 80, use dstport; if we only want to see the data packets returned to port 80, use src port.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
