Tcpdump is a network packet analysis tool in linux. TcpDump can completely intercept the "header" of the packets transmitted in the network for analysis. It supports filtering network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information. Tcpdump is a free network analysis tool, especially Tcpdump is a network data packet analysis tool in linux,
TcpDump can completely intercept the "header" of the packets transmitted in the network for analysis. It supports filtering network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information.
TcpdumpIt is a free network analysis tool, especially the source code and open interfaces. Therefore, it has high scalability and is very useful for network maintenance and intruders.
TcpdumpIt exists in the basic FreeBSD System. because it needs to set the network interface to the mixed mode, normal users cannot execute normally, however, users with root permissions can directly execute the command to obtain information on the network. Therefore, the network analysis tools in the system are not a threat to the security of the local machine, but a threat to the security of other computers on the network.
The last time a kv java client was created, when it was connected to the kv c ++ server, no data was returned and it was not clear whether the connection was established. Therefore, tcpdump was used to diagnose whether the connection was received, check whether the content of the tcp package is consistent with that of the package connecting c ++ client to c ++ server.
Common options:
-W writes data to the file, and-r reads data from the file through expressions.
-C: abort the specified number of packages
-F. Read the expression from the file.
-When I is used to specify multiple NICs
-L row buffering during output
-N does not convert the IP address to the hostname, that is, dns query is not performed.
-Nn does not convert known protocols to names.
-S length indicates the size of each package to be recorded. generally, 0 indicates full record.
-V: Detailed information of the output package, such as ttl and length
Filter in three ways
Type: host net port portrange
For example, host foo, net 10.0.0.0?
Dir: Transmission direction, src dst and or
Proto: protocol type, ether, fddi, tr, wlan, ip, ip6 ,? Arp ,? Rarp ,? Decnet, tcp? And? Udp .?
Other available
Less length: the package length must be smaller than the length.
Greater length: the package length must be greater than the length.
Combination of subexpressions
Through or [|], and [&] and not [!]
Parentheses, escape
? Tcpdump host helios and \ (hot or ace \)
Tcpdump src 10.0000150.206 check the package whose source address is the ip address
Tcp output analysis
Format
Src> dst: flags data-seqno ack window urgent options
Flags are some combination of S (SYN), F (FIN), P (PUSH), R (RST), W (ECNCWR) or E (ECN-Echo ), or a single '. '(no flags ).
Data sequence sent by data-seqno
Start of the next data sequence of Ack
Window size
Data in Tcp 22 Port
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
