Tcpdump is a Sniffer tool, which is actually a packet capture tool on the network. It can also analyze captured packets. Generally, the system is installed by default. Tcpdump command description: tcpdump uses the command line method. the command format is: tcpdump [-adeflnNOpqStvx] [-c quantity] [-F file name] [-I network interface] [-
TcpdumpIt is an Sniffer tool, which is actually a packet capture tool on the network. It can also analyze captured packets. Generally, the system is installed by default.
Tcpdump command description: Tcpdump adopts the command line method. its command format is:
Tcpdump [-adeflnNOpqStvx] [-c quantity] [-F file name]
[-I network interface] [-r file name] [-s snaplen]
[-T type] [-w file name] [expression]
Tcpdump options: -A converts a network address and broadcast address into a name;
-D. give the code that matches the information package in an assembly format that people can understand;
-Dd provides the code that matches the information package in the format of the C program segment;
-Ddd provides the matching information package code in decimal format;
-E prints the header information of the data link layer in the output line;
-F print the Internet address in numbers;
-L changes the standard output to the buffer row format;
-N does not convert the network address into a name;
-T no timestamp is printed on each output line;
-V outputs a slightly detailed information. for example, the IP package can contain ttl and service type information;
-Vv: output detailed message information;
-C. after receiving the specified number of packages, tcpdump stops;
-F read the expression from the specified file and ignore other expressions;
-I indicates the network interface of the listener;
-R reads packets from a specified file (these packets are generally generated using the-w option );
-W directly writes the package into the file and does not analyze or print it out;
-T directly interpret the listening packet as a specified type of message. Common types include rpc (remote process call) and snmp (Simple Network Management Protocol ;)
-S sets the packet capture size limit. the default packet capture size is limited to 96 bytes (including Ethernet frames ). Modify the parameter:
-S 0. If the value is 0, the size limit of the package is ignored and captured based on the actual length of the package.
Example: tcpdump
-VvTcpport5270
-C100
-S1500
-W/Opt/sniffer. pack
Error in tcpdump in ubuntu: Permission denied Run the script in ubuntu10.10. when tcpdump is used for packet capture, the following error is reported;
Sudo tcpdump-w test1.log Tcpdump: test1.log: Permission denied At first, I thought it was a problem with user permissions. later I switched to the root account but it was still not good. after searching, it was a problem with AppArmor.
The solution is as follows:
First, check the current tcpdump mode:
Grep tcpdump/sys/kernel/security/apparmor/profiles /Usr/sbin/tcpdump (
Enforce)
The above shows the enforce mode, so if you have this problem, change it to the complain mode:
Aa-complain/usr/sbin/tcpdump------ This will change it to complain
When tcpdump is used again and the file is written, there is no problem.
To convert to enforce mode:
Aa-enforce/usr/sbin/tcpdump----- This will renable theAppArmor profile for tcpdump
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
