linux-Network Analysis-tcpdump__linux

In front of the netstat expanded analysis and description, under Linux, there are other analytical tools. Tcpdump is LinuxA grasping bag tool commonly used in the command line, recording the usual way, Mac OS。 Tcpdump This function parameter many, the expression choice is also very many, very powerful, but the commonly used function does not have many. Details can be viewed through the man system manual. in the client development, you can use Fiddler or Charles to carry out the analysis of the bag, more convenient bar.
Under the 2g network or non-wifi, want to grab package debugging, Tcpdump+wireshark, this combination is very good ~ Wireshark (formerly known as Ethereal) is a network packet analysis software. The function of network packet analysis software is to retrieve network packet, and display the most detailed network packet data as far as possible. I. Tcpdump case


Tcpdump a large number of parameters , as follows


(Ethernet network Diagram ETH1/0/10 represents a network card, network card two, Nic three lo representative 127.0.0.1, that is localhost)
Two. Tcpdump Common operation
default startupTcpdump

monitoring packets for a specified network interfaceTcpdump-i eth1 If you do not specify a network adapter, the default tcpdump will only monitor the first network interface, typically eth0, and the following example does not specify a network interface.

listening for the specified host$ tcpdump-i eth0-nn ' host 192.168.1.231 ' This way, the packets received by this host 192.168.1.231 and the packets sent will be crawled. $ tcpdump-i eth0-nn ' src host 192.168.1.231 ' so only the packets sent by 192.168.1.231 This host will be crawled. $ tcpdump-i eth0-nn ' DST host 192.168.1.231 ' so only the packets received by 192.168.1.231 This host will be crawled.
listening on specified ports$ tcpdump-i Eth0-nna ' Port 80 ' is used to monitor all packets received and sent by the 80 port of the host, combining the-a parameter, which is very useful in web development.
listening for specified hosts and ports$ tcpdump-i eth0-nna ' port and SRC host 192.168.1.231 ' multiple conditions can be connected by and,or. The example above indicates a packet that listens to a 192.168.1.231 host sent over port 80.
listen for other ports except one port$ tcpdump-i Eth0-nna '!port 22 ' If you need to exclude a port or host, you can use the '! ' Symbol, the above example indicates a packet that listens for a non-22 port.
Three. The other front described netstat correlation analysis, so what difference do they have. Tcpdump program Tcpdump displays a large amount of information about these groupings while reading from the network to the group. It can also display only those groupings that match the criteria you specify.
The netstat program netstat serves multiple purposes: (1) displaying the state of the network endpoint. (2) to show the multicast group to which each interface on a host belongs. (3) Use the-s option to display statistical information for each protocol. (4) Use the-r option to display the routing table or display the interface information using the-I option.
The LSOF program name lsof represents "list open files", which lists the open file. One common use of lsof is to find out which process has a set of interfaces open on the specified IP address or port number. Netstat tells us which IP addresses and ports are in use and the status of each TCP connection, but does not identify the corresponding processes. Lsof make up for this flaw.
Related articles: Summary of initial use of Tcpdump&wireshark: http://www.51testing.com/html/34/361634-938657.html Linux under Grab Kit tool tcpdump use: http://blog.csdn.net/gzh0222/article/details/8239196 Linux uses tcpdump to crawl network packets sample :http://blog.csdn.net/kobejayandy/article/details/17208137/
This article address: