TCP实战抓包分析
两大网络分析利器:tcpdump和Wireshark。tcpdump常用在Linux服务器中抓取和分析网络包,Wireshark可以抓包,还提供可视化分析网络包的图形界面。tcpdump# -i eth0表示抓取eth0网口的数据包# icmp 表示抓取icmp协议的数据包# host 表示主机过滤,抓取对应IP的数据包# -nn 表示不解析IP地址和端口号的名称# tcpdump -i eth0
·
两大网络分析利器:tcpdump和Wireshark。
tcpdump常用在Linux服务器中抓取和分析网络包,
Wireshark可以抓包,还提供可视化分析网络包的图形界面。
tcpdump
# -i eth0表示抓取eth0网口的数据包
# icmp 表示抓取icmp协议的数据包
# host 表示主机过滤,抓取对应IP的数据包
# -nn 表示不解析IP地址和端口号的名称
# tcpdump -i eth0 icmp and host 106.75.117.13 -nn
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:02:09.260779 IP 10.9.134.72 > 106.75.117.13: ICMP echo request, id 64345, seq 1, length 64
14:02:09.261861 IP 106.75.117.13 > 10.9.134.72: ICMP echo request, id 64345, seq 1, length 64
14:02:09.261907 IP 10.9.134.72 > 106.75.117.13: ICMP echo reply, id 64345, seq 1, length 64
14:02:09.262186 IP 106.75.117.13 > 10.9.134.72: ICMP echo reply, id 64345, seq 1, length 64
14:02:10.262348 IP 10.9.134.72 > 106.75.117.13: ICMP echo request, id 64345, seq 2, length 64
14:02:10.263134 IP 106.75.117.13 > 10.9.134.72: ICMP echo request, id 64345, seq 2, length 64
14:02:10.263163 IP 10.9.134.72 > 106.75.117.13: ICMP echo reply, id 64345, seq 2, length 64
14:02:10.263352 IP 106.75.117.13 > 10.9.134.72: ICMP echo reply, id 64345, seq 2, length 64
14:02:11.263453 IP 10.9.134.72 > 106.75.117.13: ICMP echo request, id 64345, seq 3, length 64
14:02:11.263713 IP 106.75.117.13 > 10.9.134.72: ICMP echo request, id 64345, seq 3, length 64
14:02:11.263737 IP 10.9.134.72 > 106.75.117.13: ICMP echo reply, id 64345, seq 3, length 64
#查看网卡 可用 route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.9.0.1 0.0.0.0 UG 100 0 0 eth0
10.9.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
Wireshark
[root@10-9-134-72 ~]# tcpdump -i eth0 icmp and host 106.75.117.13 -w ping.pcap
dropped privs to tcpdump
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C36 packets captured
37 packets received by filter
0 packets dropped by kernel
三次握手四次挥手抓包
# 此次访问http://106.75.117.13:8080/ 服务端
# 终端1 用tcpdump 抓取数据包
# 客户端执行 tcpdump抓包
[root@iZwz94uzg6i8z0mp324ewlZ ~]# tcpdump -i any tcp and host 106.75.117.13 and port 80 -w http.pcap
dropped privs to tcpdump
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
# 客户端执行curl
[root@iZwz94uzg6i8z0mp324ewlZ ~]# curl http://106.75.117.13:8080/
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2F'/><script>window.location.replace('/login?from=%2F');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
-->
</body></html>
未完待续。
更多推荐
已为社区贡献1条内容
所有评论(0)