Home > Developer > Linux

Simple packet capture Analysis in linux and packet capture in linux

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Simple packet capture Analysis in linux and packet capture in linux

Sometimes we may encounter some problems that require packet capture analysis. When there is no professional packet capture tool at hand, we can use tcpdump instead (this tool is provided in general releases)

For example, we need to analyze the packet sending status of port 22 of the destination IP address 192.168.7.188 under the eth0 interface.

Tcpdump-I eth0 dst 192.168.7.188 and port 22



Tcpdump-I eth0 dst 192.168.7.188 and port 22
Tcpdump: verbose output suppressed, use-v or-vv for full protocol decode
Listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:51:55. 861670 IP 192.168.7.26.ssh> 192.168.7.188.37540: Flags [P.], seq 2209699250: 2209699442, ack 582840950, win 249, options [nop, nop, TS val 428468844 ecr 517889], length 192
16:51:55. 868590 IP 192.168.7.26.ssh> 192.168.7.188.37540: Flags [P.], seq 192: 416, ack 1, win 249, options [nop, nop, TS val 428468851 ecr 517897], length 224
16:51:55. 870577 IP 192.168.7.26.ssh> 192.168.7.188.37540: Flags [P.], seq 416: 624, ack 1, win 249, options [nop, nop, TS val 428468853 ecr 517899], length 208
16:51:55. 872602 IP 192.168.7.26.ssh> 192.168.7.188.37540: Flags [P.], seq 624: 832, ack 1, win 249, options [nop, nop, TS val 428468855 ecr 517899], length 208
16:51:55. 874576 IP 192.168.7.26.ssh> 192.168.7.188.37540: Flags [P.], seq 832: 1040, ack 1, win 249, options [nop, nop, TS val 428468857 ecr 517900], length 208
16:51:55. 876573 IP 192.168.7.26.ssh> 192.168.7.188.37540: Flags [P.], seq 1040: 1248, ack 1, win 249, options [nop, nop, TS val 428468859 ecr 517900], length 208
16:51:55. 878574 IP 192.168.7.26.ssh> 192.168.7.188.37540: Flags [P.], seq 1248: 1456, ack 1, win 249, options [nop, nop, TS val 428468861 ecr 517901], length 208
16:51:55. 880574 IP 192.168.7.26.ssh> 192.168.7.188.37540: Flags [P.], seq 1456: 1664, ack 1, win 249, options [nop, nop, TS val 428468863 ecr 517901], length 208



How to Write a packet capture program in linux

You create the original socket in SOCK_RAW mode and then receive the packet.
The rest is about content analysis .... You can use multiple threads at most.

Use the most basic knowledge of socket programming in linux and understand the details of network protocols. The former is very detailed when you look for a socket programming book, and you should understand the latter.

------
For example, you need to include the following headers:
Stdio. h, stdlib. h, unistd. h, sys/socket. h, sys/types. h, netinet/if_ether.h, netinet/in. h,

Use
Socket (PF_PACKET, SOCK_RAW, htons (ETH_P_IP), you can use this socket to listen to Ethernet packets.
Then, call the recvfrom function cyclically to listen to the data received by the socket, and then analyze the data.

If you want to sniff packets from other machines, ARP spoofing is required .. Haha

Packet capture software for Linux

TcpDump, a powerful network data collection and analysis tool in Linux
 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
asa packet capture arp packet capture ethereal packet capture wireless packet capture packet capture appliance wireshark packet capture packet capture android

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More