Home > Others

Possible commands for Ubuntu to catch a packet

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1. tcpdump

Tcpdump #捕捉包

Tcpdump-i eth1 #捕捉指定接口eth1捕捉数据

Tcpdump-i any

Tcpdump Host Sundown

Tcpdump host 210.27.48.1

Tcpdump host Helios and \ (hot or ACE \)

Tcpdump host 210.27.48.1 and \ (210.27.48.2 or 210.27.48.3 \)

Tcpdump IP host ace and not Helios

Tcpdump IP host 210.27.48.1 and! 210.27.48.2

Tcpdump-i eth0 SRC host hostname

Tcpdump-i eth0 DST host hostname

Tcpdump TCP port and host 210.27.48.1

tcpdump UDP port 123

tcpdump Net Ucb-ether

Tcpdump ' Gateway Snup and (port ftp or Ftp-data) '

tcpdump IP and not net LocalNet

Tcpdump ' tcp[tcpflags] & (tcp-syn|tcp-fin)! = 0 and not src and DST net localnet '

Tcpdump ' TCP port and (((Ip[2:2)-((IP[0]&0XF) <<2)-((tcp[12]&0xf0) >>2))! = 0) '

Tcpdump ' Gateway Snup and Ip[2:2] > 576 '

Tcpdump ' ether[0] & 1 = 0 and ip[16] >= 224 '

Tcpdump ' icmp[icmptype]! = Icmp-echo and Icmp[icmptype]! = Icmp-echoreply '

Tcpdump tcp-i eth1-t-S 0-c and DST Port! and src net 192.168.1.0/24-w./target.cap

Tcpdump-xvvennss 0-i eth0 tcp[20:2]=0x4745 or tcp[20:2]=0x4854


Tcpdump-i eth0-s 0 #用-S% ignore capture size

Tcpdump-c 1 #收到1个包后停止

Tcpdump-nn #不进行端口名称的转换

Tcpdump-n #不把网络地址转换成名字

Tcpdump-b Arp #在数据链路层上选择协议, ARP, RARP, IP, IPX

Tcpdump-t #在输出的每一行不打印时间戳

Tcpdump-w #直接将分组写入文件中 instead of parsing and printing out


2. View network card information

Ethtool eth1 #查看网卡详细信息

Ethtool-i eth2 #查看驱动信息

Lspci #查看网卡详细信息, too much to read

Lspci | Grep-i net #查看网卡类型, Intel or other types


3. Historical records

History #查看历史记录

History | Grep-i "www" #查看

History-c #删除历史记录


4. Use of Tcpreplay

$tcpprep--port--cachefile=cache_test.cache--pcap=http.pcap

The whole instruction means using the Port-spllit mode to process the Http.pcap file (differentiating between the client and the server in the Http.pcap) and then saving the processing results to the Cache_test.cache file.

$tcprewrite--endpoints=192.168.0.1:192.168.0.2--cachefile=cache_test.cache--infile=http.pcap--outfile=http_ Rewrite.pcap

Two IP is the modified client: Server Ip,cache_test.cache file is used to distinguish the direction, Http.pcap is to process the Pcap file, the processing results are stored in the Http_rewrite.pcap file.

$tcpreplay--intf1=eth0--intf2=eth0-t--cachefile=cache_test.cache http_rewrite.pcap

The. cache file is used to differentiate the direction, INTF1 Main interface: client-server packet send interface, INTF2 from interface,. pcap file is the source of packets sent. -T is sent as fast as possible.

$tcpreplay--mbps=1000--intf1=eth0--intf2=eth0--cachefile=cache_test.cache http_rewrite.pcap


5. Modify the MTU value

sudo ifconfig eth0 MTU #经过试探, the maximum MTU for this server is 9710



Possible commands for Ubuntu to catch a packet

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
packet tracer commands cisco packet tracer commands possible to decrypt md5 how to enter commands in ubuntu best book to study for a certification how to check for packet loss cmd ubuntu packet manager

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More