Tcpdump and wireshark

Source: Internet
Author: User
In Linux, the packet capture tool tcpdump and the analysis package tool wiresharkTcpdump are used. (1) The first type of keyword mainly includes host and net, port such as host210.27.48.2, indicating that is a host, net202.0.0.0 indicates 202 .... how to use tcpdump, a packet capture tool, and wireshark Tcpdump in Linux (1) The first type of keyword mainly includes host and net, port for example: host, specify as a host. net indicates that is a network address, and port 23 indicates that the port number is 23. If no type is specified, the default type is host. (2) The second keyword determines the transmission direction mainly includes src, dst, dst or src, dst and src, which indicate the transmission direction, for example, src, specify that the source address in the IP package is, and dst net indicates that the destination network address is If no direction keyword is specified, the src or dst keyword is used by default. (3) The third is the protocol keyword, which mainly includes fddi, ip, arp, rarp, tcp, udp, and other types. Fddi indicates a specific network protocol on FDDI (distributed optical fiber data interface network). In fact, it is an alias of "ether". fddi and ether have similar source and destination addresses, therefore, the fddi protocol package can be processed and analyzed as the ether package. The other keywords indicate the protocol content of the listener package. If no protocol is specified, tcpdump listens to the information packages of all protocols. In addition to these three types of keywords, other important keywords include gateway, broadcast, less, greater, and three logical operations. The non-calculation is 'not ','! ', And the operation is 'and',' & '; or the operation is 'or',' │ '; these keywords can be combined to form a powerful combination condition to meet people's needs. The following are several examples. Under normal circumstances, directly starting tcpdump will monitor all the data packets flowing through the first network interface. A. tcpdump-I eth0-c 10 use the-I parameter to specify the network interface of the tcpdump listener, which is very useful when the computer has multiple network interfaces, use the-c parameter to specify the number of data packets to be monitored, and use the-w parameter to specify to write the data packets to the file to save B. to intercept communication between host and host or, run '\ 'tcpdump host and \ ( \) C. if you want to obtain an ip packet for all hosts except and, run the command: tcpdump ip host and! D. to obtain the telnet packet received or sent by the host, run the following command: tcpdump tcp port 23 host E. monitor the udp port 123 of the local machine (123 is the ntp service port) tcpdump udp port 123 F. the system only monitors the communication data packets of the host named hostname. The host name can be a local host or any computer on the network. The following command reads all data sent by the host hostname: tcpdump-I eth0 src host hostname G. the following Command monitors all data packets sent to the host hostname: tcpdump-I eth0 dst host hostname # src indicates the source, that is, sending # dst indicates the destination, that is, receiving H. we can also monitor the data packets through the specified gateway: tcpdump-I eth0 gateway Gatewayname I. if you want to monitor the TCP or UDP data packets mapped to the specified port, run the following command: tcpdump-I eth0 host hostname and port 80 J. to obtain the telnet packet received or sent by the host, run the following command: tcpdump tcp port 23 host K. if we only need to list the packets sent to port 80, use dst Port 80; if we only want to see the packet that returns port 80, use src port 80. Tcpdump-I eth0 host hostname and dst port 80 destination port is 80 or tcpdump-I eth0 host hostname and src port 80 source port is 80 port is generally the host tcpdump that provides http services the output format is as follows: system time source host. port> target host. if wireshark is used to analyze Port data packet parameters: tcpdump-I eth0-c 100-s 0-w/home/data. pcap directly uses wireshark/home/data. pcap
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.