Linux command--tcpdump

Introduction

The simple definition of tcpdump is: The dump the traffic on a network, based on the user's definition of the packet interception of packets on the Data Packet Analysis tool. Tcpdump can intercept the "head" of the packets that are transmitted in the network to provide analysis. It supports filtering on the network layer, protocol, host, network, or port, and provides logical statements such as and, or, not, to help you get rid of useless information.

Practical Command Instances

1. Default Boot

Tcpdump

Direct boot tcpdump will monitor all packets flowing on the first network interface

2. Listening for specified network interface packets

Tcpdump-i ENS32

3. Monitoring packets for a specified host

Specifies IP, such as all packets received and emitted by the host that intercepts all 59.78.139.215

59.78. 139.215

Print host 59.78.139.215 with host 59.78.139.216 or with host 59.78.139.217 Communication Packets

59.78. 139.215 and \ (59.78.  139.21659.78. 139.217\)

Print the IP packets that the host 59.78.139.215 communicates with any other host, but does not include packets between the host 59.78.139.216

59.78. 139.215 59.78. 139.216

Intercept all data sent by host 59.78.139.215

59.78. 139.215

Monitor all packets sent to host hostname

59.78. 139.215

4. Monitoring packets for a specified host and port

If you want to get the Telnet packet received or issued by the host 59.78.139.215 , use the following command

 at 59.78. 139.215

monitoring the UDP 123 port on this computer 123 service port for NTP

123

Linux command--tcpdump