Article title: Linux network performance debugging tool Tcpdump command. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
The Tcpdump command of the Linux network performance debugging tool is used to monitor TCP/IP connections and directly read data headers at the data link layer. You can specify which data packets are monitored and which control formats are to be displayed.
For example, to monitor communication between all Ethernet devices, run the following command:
Tcpdump-I eth0
Even on a relatively calm network, there is a lot of communication, so we may only need to get the information of the packets we are interested in. In general, the TCP/IP stack only binds data packets from the local host to the receiving station and ignores the address of other computers on the network (unless you are using a vro ). When you run the tcpdump command of the Linux network performance debugging tool, it sets the TCP/IP stack to promiscuous mode. This mode can receive all the data packets and display them effectively. If we only care about the communication of our local host, one way is to use the "-p" parameter to disable promiscuous mode, and another way is to specify the host name:
Tcpdump-I eth0 host hostname
In this case, the system only monitors the communication data packets of the host named hostname. The host name can be a local host or any computer on the network. The following command reads all data sent by the host hostname:
Tcpdump-I eth0 src host hostname
The following Command monitors all data packets sent to the host hostname:
Tcpdump-I eth0 dst host hostname
We can also monitor data packets through the specified Gateway:
Tcpdump-I eth0 gateway Gatewayname
If you want to monitor the TCP or UDP data packets mapped to the specified port, run the following command:
Tcpdump-I eth0 host hostname and port 80
This command displays the outgoing headers from each packet and the address of port 80 from the host hostname. Port 80 is the default HTTP service port number. If we only need to list the data packets sent to port 80, use dst port; if we only want to see the data packets returned to port 80, use src port.