Linux命令 tcpdump、nc
tcpdump -D获取网络适配器列表:[root@localhost ~]# tcpdump -D1.docker02.nflog (Linux netfilter log (NFLOG) interface)3.nfqueue (Linux netfilter queue (NFQUEUE) interface)4.usbmon1 (USB bus number 1)5.usbmon2 (US
·
一、tcpdump
1、获取网络适配器列表
[root@localhost ~]# tcpdump -D
1.docker0
2.nflog (Linux netfilter log (NFLOG) interface)
3.nfqueue (Linux netfilter queue (NFQUEUE) interface)
4.usbmon1 (USB bus number 1)
5.usbmon2 (USB bus number 2)
6.veth5c6f7e2
7.veth07eefb0
8.ens33
9.vethd96882b
10.veth772395f
11.any (Pseudo-device that captures on all interfaces)
12.lo [Loopback]2、指定网卡:tcpdump -i
tcpdump -i <需要监控的网络适配器编号>
如果不使用-i来定义监控适配器的话,默认使用列表中的第一个;
例如:我想监控我的无线网卡eth0,则使用 tcpdump -i 1
sudo tcpdump -i eth0 tcp port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:17:30.759458 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 824789810, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
08:17:30.759525 IP xxxxxxxxxxxxxxxx.ssh > n058152143193.netvigator.com.63904: Flags [S.], seq 1293005967, ack 824789811, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:17:30.767514 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [.], ack 1, win 517, length 0
08:17:30.777138 IP xxxxxxxxxxxxxxxx.ssh > n058152143193.netvigator.com.63904: Flags [P.], seq 1:42, ack 1, win 502, length 41
08:17:30.782774 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [P.], seq 1:29, ack 1, win 517, length 28
08:17:30.782792 IP xxxxxxxxxxxxxxxx.ssh > n058152143193.netvigator.com.63904: Flags [.], ack 29, win 502, length 0
08:17:30.796515 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [P.], seq 29:1613, ack 42, win 517, length 1584
08:17:30.796543 IP xxxxxxxxxxxxxxxx.ssh > n058152143193.netvigator.com.63904: Flags [P.], seq 42:1098, ack 1613, win 499, length 1056
08:17:30.809115 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [P.], seq 1613:1661, ack 1098, win 513, length 48
08:17:30.816732 IP xxxxxxxxxxxxxxxx.ssh > n058152143193.netvigator.com.63904: Flags [P.], seq 1098:1562, ack 1661, win 501, length 464
08:17:30.881620 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [.], ack 1562, win 517, length 0
08:17:33.022649 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [P.], seq 1661:1741, ack 1562, win 517, length 80
08:17:33.022800 IP xxxxxxxxxxxxxxxx.ssh > n058152143193.netvigator.com.63904: Flags [P.], seq 1562:1626, ack 1741, win 501, length 64
08:17:33.075386 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [.], ack 1626, win 517, length 0
08:18:29.529830 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [F.], seq 1741, ack 1626, win 517, length 0
08:18:29.530950 IP xxxxxxxxxxxxxxxx.ssh > n058152143193.netvigator.com.63904: Flags [F.], seq 1626, ack 1742, win 501, length 0
08:18:29.537888 IP n058152143193.netvigator.com.63904 > xxxxxxxxxxxxxxxx.ssh: Flags [.], ack 1627, win 517, length 0
08:30:25.474952 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265884464 ecr 0,sackOK,eol], length 0
08:30:25.475018 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832227316 ecr 265884464,nop,wscale 7], length 0
08:30:26.474093 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265885465 ecr 0,sackOK,eol], length 0
08:30:26.474147 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832228316 ecr 265884464,nop,wscale 7], length 0
08:30:27.478487 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265886465 ecr 0,sackOK,eol], length 0
08:30:27.478535 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832229320 ecr 265884464,nop,wscale 7], length 0
08:30:28.481048 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265887465 ecr 0,sackOK,eol], length 0
08:30:28.481094 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832230323 ecr 265884464,nop,wscale 7], length 0
08:30:29.476538 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265888467 ecr 0,sackOK,eol], length 0
08:30:29.476592 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832231318 ecr 265884464,nop,wscale 7], length 0
08:30:30.477118 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832232319 ecr 265884464,nop,wscale 7], length 0
08:30:30.707419 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265889468 ecr 0,sackOK,eol], length 0
08:30:30.707477 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832232549 ecr 265884464,nop,wscale 7], length 0
08:30:32.625531 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265891469 ecr 0,sackOK,eol], length 0
08:30:32.625580 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832234467 ecr 265884464,nop,wscale 7], length 0
08:30:34.637077 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832236479 ecr 265884464,nop,wscale 7], length 0
08:30:36.479856 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265895470 ecr 0,sackOK,eol], length 0
08:30:36.479913 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832238321 ecr 265884464,nop,wscale 7], length 0
08:30:40.493136 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832242335 ecr 265884464,nop,wscale 7], length 0
08:30:44.537322 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265903471 ecr 0,sackOK,eol], length 0
08:30:44.537373 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832246379 ecr 265884464,nop,wscale 7], length 0
08:30:52.781093 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832254623 ecr 265884464,nop,wscale 7], length 0
08:31:00.482603 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 265919472 ecr 0,sackOK,eol], length 0
08:31:00.482656 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832262324 ecr 265884464,nop,wscale 7], length 0
08:31:16.589186 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832278431 ecr 265884464,nop,wscale 7], length 0
08:31:32.486952 IP 10.95.33.36.52040 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 1253321296, win 65535, options [mss 1336,sackOK,eol], length 0
08:31:32.487007 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52040: Flags [S.], seq 3674173263, ack 1253321297, win 65160, options [mss 1460,sackOK,TS val 832294328 ecr 265884464,nop,wscale 7], length 0
08:32:09.200118 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343210014 ecr 0,sackOK,eol], length 0
08:32:09.200184 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832331042 ecr 3343210014,nop,wscale 7], length 0
08:32:10.201839 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343211015 ecr 0,sackOK,eol], length 0
08:32:10.201897 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832332043 ecr 3343210014,nop,wscale 7], length 0
08:32:11.213104 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832333055 ecr 3343210014,nop,wscale 7], length 0
08:32:11.223226 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343212015 ecr 0,sackOK,eol], length 0
08:32:11.223278 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832333065 ecr 3343210014,nop,wscale 7], length 0
08:32:12.232432 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343213016 ecr 0,sackOK,eol], length 0
08:32:12.232485 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832334074 ecr 3343210014,nop,wscale 7], length 0
08:32:13.278593 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343214017 ecr 0,sackOK,eol], length 0
08:32:13.278643 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832335120 ecr 3343210014,nop,wscale 7], length 0
08:32:14.341740 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343215018 ecr 0,sackOK,eol], length 0
08:32:14.341804 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832336183 ecr 3343210014,nop,wscale 7], length 0
08:32:16.207560 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343217018 ecr 0,sackOK,eol], length 0
08:32:16.207615 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832338049 ecr 3343210014,nop,wscale 7], length 0
08:32:18.221161 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832340063 ecr 3343210014,nop,wscale 7], length 0
08:32:20.205546 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343221019 ecr 0,sackOK,eol], length 0
08:32:20.205601 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832342047 ecr 3343210014,nop,wscale 7], length 0
08:32:24.429161 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832346271 ecr 3343210014,nop,wscale 7], length 0
08:32:28.203095 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343229020 ecr 0,sackOK,eol], length 0
08:32:28.203152 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832350045 ecr 3343210014,nop,wscale 7], length 0
08:32:36.205068 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832358047 ecr 3343210014,nop,wscale 7], length 0
08:32:44.208543 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,nop,wscale 6,nop,nop,TS val 3343245020 ecr 0,sackOK,eol], length 0
08:32:44.208600 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832366050 ecr 3343210014,nop,wscale 7], length 0
08:33:00.269080 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832382111 ecr 3343210014,nop,wscale 7], length 0
08:33:16.204287 IP 10.95.33.36.52105 > xxxxxxxxxxxxxxxx.ssh: Flags [S], seq 2797779290, win 65535, options [mss 1336,sackOK,eol], length 0
08:33:16.204342 IP xxxxxxxxxxxxxxxx.ssh > 10.95.33.36.52105: Flags [S.], seq 710539321, ack 2797779291, win 65160, options [mss 1460,sackOK,TS val 832398046 ecr 3343210014,nop,wscale 7], length 03、指定监控对象:host xxx and port xxx
使用无线网卡wlan0监控IP地址为10.13.14.255上443端口的tcp协议:
tcpdump -i 1 host 10.13.14.255 and port 8099
返回报文:
13:46:33.935981 IP rtd-uat-app-backend-6899cdb4c5-g8k98.8099 > 10-32-224-163.calico-node.kube-system.svc.cluster.local.safetynetp: Flags [S.], seq 3322025348, ack 292780842, win 27960, options [mss 1410,sackOK,TS val 2401170503 ecr 3902993413,nop,wscale 8], length 0
13:46:33.936008 IP 10-32-224-163.calico-node.kube-system.svc.cluster.local.safetynetp > rtd-uat-app-backend-6899cdb4c5-g8k98.8099: Flags [.], ack 1, win 110, options [nop,nop,TS val 3902993414 ecr 2401170503], length 0
13:46:33.936272 IP 10-32-224-163.calico-node.kube-system.svc.cluster.local.safetynetp > rtd-uat-app-backend-6899cdb4c5-g8k98.8099: Flags [F.], seq 1, ack 1, win 110, options [nop,nop,TS val 3902993414 ecr 2401170503], length 0
13:46:33.936552 IP rtd-uat-app-backend-6899cdb4c5-g8k98.8099 > 10-32-224-163.calico-node.kube-system.svc.cluster.local.safetynetp: Flags [F.], seq 1, ack 2, win 110, options [nop,nop,TS val 2401170503 ecr 3902993414], length 0
13:46:33.936574 IP 10-32-224-163.calico-node.kube-system.svc.cluster.local.safetynetp > rtd-uat-app-backend-6899cdb4c5-g8k98.8099: Flags [.], ack 2, win 110, options [nop,nop,TS val 3902993414 ecr 2401170503], length 04、查看报文内容1
tcpdump -i any host 10.13.14.255 and port 8099 -nnnvvvvvv -A
请求报文:
14:04:53.230101 IP (tos 0x0, ttl 62, id 22819, offset 0, flags [DF], proto TCP (6), length 310)
10.13.118.138.1140 > 10.13.14.255.8099: Flags [P.], cksum 0xe28b (correct), seq 2706498361:2706498619, ack 1803990390, win 148, options [nop,nop,TS val 322684795 ecr 1393064230], length 258
E..6Y#@.>.H.
.v.
....t...Q.9k..v...........
.;.{S.y&GET /actuator/prometheus HTTP/1.1
Host: 10.13.14.255:8099
User-Agent: Prometheus/2.24.1
Accept: application/openmetrics-text; version=0.0.1,text/plain;version=0.0.4;q=0.5,*/*;q=0.1
Accept-Encoding: gzip
X-Prometheus-Scrape-Timeout-Seconds: 10.000000
14:04:53.232821 IP (tos 0x0, ttl 64, id 8119, offset 0, flags [DF], proto TCP (6), length 217)
10.13.14.255.8099 > 10.13.118.138.1140: Flags [P.], cksum 0x9a6e (incorrect -> 0xb509), seq 1:166, ack 258, win 152, options [nop,nop,TS val 1393079229 ecr 322684795], length 165
E.....@.@...
...
.v....tk..v.Q.;.....n.....
S....;.{HTTP/1.1 200
Content-Type: application/json
Transfer-Encoding: chunked
Date: Thu, 24 Aug 2023 06:04:53 GMT
2d
{"code":500,"msg":"............","data":null}5、查看报文内容2
tcpdump -X -i 1 host 10.13.14.255 and port 8099
返回报文:
14:26:14.970101 IP rtd-uat-app-backend-6899cdb4c5-g8k98.8099 > 10.32.226.134.22328: Flags [P.], seq 1:166, ack 238, win 114, options [nop,nop,TS val 1013760182 ecr 3819634251], length 165
0x0000: 4500 00d9 b63e 4000 4006 7e2e 0a0d 0eff E....>@.@.~.....
0x0010: 0a20 e286 1fa3 5738 b858 40cc d909 9081 ......W8.X@.....
0x0020: 8018 0072 067e 0000 0101 080a 3c6c c0b6 ...r.~......<l..
0x0030: e3aa fe4b 4854 5450 2f31 2e31 2032 3030 ...KHTTP/1.1.200
0x0040: 200d 0a43 6f6e 7465 6e74 2d54 7970 653a ...Content-Type:
0x0050: 2061 7070 6c69 6361 7469 6f6e 2f6a 736f .application/jso
0x0060: 6e0d 0a54 7261 6e73 6665 722d 456e 636f n..Transfer-Enco
0x0070: 6469 6e67 3a20 6368 756e 6b65 640d 0a44 ding:.chunked..D
0x0080: 6174 653a 2054 6875 2c20 3234 2041 7567 ate:.Thu,.24.Aug
0x0090: 2032 3032 3320 3036 3a32 363a 3134 2047 .2023.06:26:14.G
0x00a0: 4d54 0d0a 0d0a 3264 0d0a 7b22 636f 6465 MT....2d..{"code
0x00b0: 223a 3530 302c 226d 7367 223a 22e7 b3bb ":500,"msg":"...
0x00c0: e7bb 9fe5 bc82 e5b8 b822 2c22 6461 7461 .........","data
0x00d0: 223a 6e75 6c6c 7d0d 0a ":null}..
可以看到上面命令的结果只显示了https头的一部分,没有显示全,是因为tcpdump默认将显示的数据长度截断了,可以使用-s后面加数据长度,来设置数据显示长度:
# -s 0 表示自动设置长度使其能够显示所有数据
tcpdump -X -s 0 -i 2 host 172.16.86.111 and tcp port 4436、将数据内容记录到文件里
捕获的数据太多,不断刷屏,可能需要将数据内容记录到文件里,`需要使用-w参数:
# 则将之前显示在屏幕中的内容,写入tcpdump可执行文件同级目录下的aaa文件中
tcpdump -i 1 host 10.13.9.140 and port 8099 -s 1000 -w net.log二、nc
1、概述
1.1、优点
1)网络工具中的瑞士军刀
2)侦听模式/传输模式。
3)可代替telnet获取banner信息。
4)传输文件/目录。
5)传输文本信息。
6)加密传输文件。
7)远控/木马。
8)加密所有流量。
9)充当流媒体服务器。
10)远程克隆硬盘(电子取证)。
1.2、缺点
1)缺乏加密和身份验证能力。
2)NCAT可弥补NC的不足。
3)不同平台/系统的NC参数不尽相同。
2、基本参数
-h :获取帮助。
-v :显示详细信息。
-n :不进行DNS解析IP。
-l :侦听端口。
-p :指定端口。
-q :执行完成关闭连接。
-z :只扫描,不进行交互。
-c :指定shell。
3、用法
3.1、Telnet获取banner信息
命令:nc -nv <IP> <端口>
3.2、传输文本
服务端命令:nc -lp <IP> <端口>
客户端命令:nc -nv <IP> <端口>
3.3 电子取证(不做修改的信息收集)
客户端命令:收集指令 | nc -nv <IP> <端口> 注:-q表示完成后n秒断开连接
服务端命令:nc -lp <IP> <端口> 注:当收集大量信息时可用>或>>保存至文件。
3.4、文件传输
正向:客户端向服务端传输文件。
服务端命令: nc -lp <端口> > 文件
客户端命令: nc -nv <IP> <端口> < 文件
反向:客户端从服务端接收文件。
服务端命令: nc -lp <端口> < 文件
客户端命令: nc -nv <IP> > 文件
3.5、目录传输
反向:客户端从服务端接收目录。
服务端命令: tar -cvf – 目录 | nc -lp <端口>
客户端命令: nc -nv <IP> 端口 | tar -xvf -
正向:客户端向服务端传输目录。
服务端命令: nc -lp <端口> | tar -xvf -
客户端命令:tar -cvf – 目录 | nc -nv <IP> 端口
3.6、加密传输
正向:客户端向服务端加密传输文件。
服务端命令:nc -lp 端口 | mycrypt –flush -Fbqd -a rijndael-256 -m ecb > 文件
客户端命令:mycrypt –flush -Fbq -a rijndael-256 -m ecb < 文件 | nc -nv <IP> 端口
反向:客户端从服务端加密接收目录。
服务端命令: mcrypt –flush -Fbq -a -rijndael-256 -m ecb < 文件| nc -lp <端口>
客户端命令:nc -nv <IP> 端口 | mcrypt –flush -Fqbd -a rijndael-256 -m ecb >文件
3.7、视频流传输
服务端命令:cat 流媒体文件| nc -lp 端口
客户端命令:nc -nv <IP> 端口 | mplayer -V0 -x11 -cache 3000 -
3.8、端口扫描
探测TCP端口(默认):nc -nvz 端口段
探测UDP端口(有bug):nc -nvzu 端口段
3.9、硬盘克隆
块级别备份,电子取证远程复制内存或硬盘。
客户端命令:dd if =/dev/sda | nc -nv <IP> 端口
服务端命令:nc -lp 端口 | dd of=/dev/sdb
3.10、远程控制
正向:客户端控制服务端。
服务端命令: nc -lp 端口 -c bash/cmd
客户端命令:nc -nv <IP> 端口
反向:服务端控制客户端
服务端命令: nc -lp 端口
客户端命令:nc -nv <IP> 端口 -c bash/cmd
3.11、通过NCAT实现传输加密
Ncat为Nmap套件之一,为nc的增强版。
简单举例,也可以双向。
客户端命令:ncat -nv 192.168.114.132 1111 --ssl
服务端命令:ncat -c bsh –allow <源IP> -vnl 端口 –ssl
更多推荐
0
0- 0
已为社区贡献2条内容
所有评论(0)