C/C++教程

tcpdump note

本文主要是介绍tcpdump note,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

参数

tcpdump | grep ip找不到想要的报文

推荐加上-n, 或者-nn

-n 不做域名解析(显示ip)

-nn不做协议,端口解析

tcpdump默认做了反向域名解析,所有grep不到ip

-t参数

●没有-同参数
[root@fqguoCentos ~]# tcpdump -i ens192
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
22:22:04.350003 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2211629083:2211629323, ack 3337987731, win 306, length 240
22:22:04.350323 IP fqguoCentos.51002 > hangzhou.zjhzptt.net.cn.domain: 32317+ PTR? 135.4.201.10.in-addr.arpa. (43)
22:22:04.350622 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.51002: 32317 NXDomain* 0/1/0 (102)
22:22:04.350959 IP fqguoCentos.44141 > hangzhou.zjhzptt.net.cn.domain: 25933+ PTR? 83.106.168.192.in-addr.arpa. (45)
22:22:04.351176 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.44141: 25933 NXDomain* 0/1/0 (104)
22:22:04.351316 IP fqguoCentos.37441 > hangzhou.zjhzptt.net.cn.domain: 36041+ PTR? 35.172.101.202.in-addr.arpa. (45)
22:22:04.351324 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 240:432, ack 1, win 306, length 192
22:22:04.352765 IP 10.201.4.135.51351 > fqguoCentos.ssh: Flags [.], ack 240, win 251, length 0
22:22:04.359955 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.37441: 36041 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
22:22:04.360086 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 432:704, ack 1, win 306, length 272
22:22:04.360117 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 704:1296, ack 1, win 306, length 592
22:22:04.360202 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1296:1760, ack 1, win 306, length 464

 

●-t 不输出时间
[root@fqguoCentos ~]# tcpdump -i ens192 -t
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2212171515:2212171755, ack 3337990259, win 507, length 240
IP fqguoCentos.59960 > hangzhou.zjhzptt.net.cn.domain: 57658+ PTR? 135.4.201.10.in-addr.arpa. (43)
IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.59960: 57658 NXDomain* 0/1/0 (102)
IP fqguoCentos.55148 > hangzhou.zjhzptt.net.cn.domain: 65180+ PTR? 83.106.168.192.in-addr.arpa. (45)
IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.55148: 65180 NXDomain* 0/1/0 (104)
IP fqguoCentos.50360 > hangzhou.zjhzptt.net.cn.domain: 17409+ PTR? 35.172.101.202.in-addr.arpa. (45)
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 240:416, ack 1, win 507, length 176
IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.50360: 17409 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 416:1136, ack 1, win 507, length 720
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1136:1296, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1296:1456, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1456:1616, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1616:1776, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1776:1936, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1936:2096, ack 1, win 507, length 160
IP 192.168.106.56.netbios-ns > 192.168.106.255.netbios-ns: UDP, length 50
●-tt 输出时间戳
[root@fqguoCentos ~]# tcpdump -c 10 -i ens192 -tt
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
1663295087.511500 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2212766251:2212766491, ack 3337992691, win 580, length 240
1663295087.511834 IP fqguoCentos.52209 > hangzhou.zjhzptt.net.cn.domain: 32855+ PTR? 135.4.201.10.in-addr.arpa. (43)
1663295087.512089 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.52209: 32855 NXDomain* 0/1/0 (102)
1663295087.512463 IP fqguoCentos.59282 > hangzhou.zjhzptt.net.cn.domain: 15892+ PTR? 83.106.168.192.in-addr.arpa. (45)
1663295087.512754 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.59282: 15892 NXDomain* 0/1/0 (104)
1663295087.512868 IP fqguoCentos.42780 > hangzhou.zjhzptt.net.cn.domain: 2109+ PTR? 35.172.101.202.in-addr.arpa. (45)
1663295087.512906 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 240:432, ack 1, win 580, length 192
1663295087.513168 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.42780: 2109 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
1663295087.513264 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 432:1280, ack 1, win 580, length 848
1663295087.513304 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1280:1456, ack 1, win 580, length 176
10 packets captured
10 packets received by filter
0 packets dropped by kernel
●-ttt 两行打印的时间间隔(以毫秒为单位)
[root@fqguoCentos ~]# tcpdump -c 10 -i ens192 -ttt
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
 00:00:00.000000 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2212769179:2212769259, ack 3337993459, win 580, length 80
 00:00:00.000035 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 80:288, ack 1, win 580, length 208
 00:00:00.000546 IP fqguoCentos.35319 > hangzhou.zjhzptt.net.cn.domain: 26390+ PTR? 135.4.201.10.in-addr.arpa. (43)
 00:00:00.000348 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.35319: 26390 NXDomain* 0/1/0 (102)
 00:00:00.000317 IP fqguoCentos.34763 > hangzhou.zjhzptt.net.cn.domain: 56467+ PTR? 83.106.168.192.in-addr.arpa. (45)
 00:00:00.000338 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.34763: 56467 NXDomain* 0/1/0 (104)
 00:00:00.000109 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 288:592, ack 1, win 580, length 304
 00:00:00.000009 IP fqguoCentos.49622 > hangzhou.zjhzptt.net.cn.domain: 61571+ PTR? 35.172.101.202.in-addr.arpa. (45)
 00:00:00.000211 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.49622: 61571 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
 00:00:00.000061 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 592:768, ack 1, win 580, length 176
●-tttt  在每行打印的时间戳之前添加日期的打印
 
[root@fqguoCentos ~]# tcpdump -c 10 -i ens192 -tttt
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
2022-09-15 22:25:19.362468 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2212771291:2212771531, ack 3337993651, win 580, length 240
2022-09-15 22:25:19.362736 IP fqguoCentos.52303 > hangzhou.zjhzptt.net.cn.domain: 30585+ PTR? 135.4.201.10.in-addr.arpa. (43)
2022-09-15 22:25:19.363069 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.52303: 30585 NXDomain* 0/1/0 (102)
2022-09-15 22:25:19.363404 IP fqguoCentos.47101 > hangzhou.zjhzptt.net.cn.domain: 7843+ PTR? 83.106.168.192.in-addr.arpa. (45)
2022-09-15 22:25:19.363672 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.47101: 7843 NXDomain* 0/1/0 (104)
2022-09-15 22:25:19.363779 IP fqguoCentos.49039 > hangzhou.zjhzptt.net.cn.domain: 38777+ PTR? 35.172.101.202.in-addr.arpa. (45)
2022-09-15 22:25:19.363819 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 240:448, ack 1, win 580, length 208
2022-09-15 22:25:19.363986 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.49039: 38777 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
2022-09-15 22:25:19.364067 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 448:1360, ack 1, win 580, length 912
2022-09-15 22:25:19.364110 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1360:1536, ack 1, win 580, length 176
10 packets captured
10 packets received by filter
0 packets dropped by kernel

抓任意接口

tcpdump -i any

-c 指定报文个数

tcpdump -i ens192 -c 10

-C与-W

-C 指定抓包文件大小
-W 当文件到达指定的大小后,保存几个文件
循环

[root@fqguoCentos tmp]# tcpdump -i ens192 -C 2 -W 5 -w /tmp/ttt
dropped privs to tcpdump
tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
^C56947 packets captured
56951 packets received by filter
0 packets dropped by kernel
[root@fqguoCentos tmp]# ll
total 9188
-rw-rw-r--. 1 fqguo   fqguo         0 Sep 15 08:33 aa
drwx------. 3 root    root         17 Aug 23 04:29 systemd-private-45eff7d8d95840e8ac264e256de42ef7-chronyd.service-OYPQej
-rw-r--r--. 1 tcpdump tcpdump 2001230 Sep 15 22:35 ttt0
-rw-r--r--. 1 tcpdump tcpdump 2000210 Sep 15 22:35 ttt1
-rw-r--r--. 1 tcpdump tcpdump 2000976 Sep 15 22:35 ttt2
-rw-r--r--. 1 tcpdump tcpdump 1396260 Sep 15 22:35 ttt3
-rw-r--r--. 1 tcpdump tcpdump 2000220 Sep 15 22:35 ttt4
[root@fqguoCentos tmp]#

-e 显示mac信息

[root@fqguoCentos ~]# tcpdump -i ens192 -e -c 20
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
10:37:52.376494 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 294: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 40574662:40574902, ack 1424672344, win 781, length 240
10:37:52.376790 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 88: fqguoCentos.42780 > hangzhou.zjhzptt.net.cn.domain: 15429+ PTR? 235.107.168.192.in-addr.arpa. (46)
10:37:52.377081 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 147: hangzhou.zjhzptt.net.cn.domain > fqguoCentos.42780: 15429 NXDomain* 0/1/0 (105)
10:37:52.377415 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 87: fqguoCentos.60316 > hangzhou.zjhzptt.net.cn.domain: 2294+ PTR? 83.106.168.192.in-addr.arpa. (45)
10:37:52.377709 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 146: hangzhou.zjhzptt.net.cn.domain > fqguoCentos.60316: 2294 NXDomain* 0/1/0 (104)
10:37:52.377823 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 87: fqguoCentos.34374 > hangzhou.zjhzptt.net.cn.domain: 26673+ PTR? 35.172.101.202.in-addr.arpa. (45)
10:37:52.377858 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 342: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 240:528, ack 1, win 781, length 288
10:37:52.378067 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 124: hangzhou.zjhzptt.net.cn.domain > fqguoCentos.34374: 26673 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
10:37:52.378166 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 1590: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 528:2064, ack 1, win 781, length 1536
10:37:52.378220 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 2064:2336, ack 1, win 781, length 272
10:37:52.378259 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 2336:2608, ack 1, win 781, length 272
10:37:52.378321 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 2608:2880, ack 1, win 781, length 272
10:37:52.378383 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 2880:3152, ack 1, win 781, length 272
10:37:52.378436 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 3152:3424, ack 1, win 781, length 272
10:37:52.390140 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 60: 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 240, win 4196, length 0
10:37:52.390153 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 3424:3696, ack 1, win 781, length 272
10:37:52.390244 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 518: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 3696:4160, ack 1, win 781, length 464
10:37:52.390316 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 4160:4432, ack 1, win 781, length 272
10:37:52.390375 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 4432:4704, ack 1, win 781, length 272
10:37:52.392585 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 66: 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 528, win 4195, options [nop,nop,sack 1 {2064:2336}], length 0
20 packets captured
21 packets received by filter
0 packets dropped by kernel

 

-Q 指定方向:in,out, inout


tcpdump -c 10 -i ens192 -Q in
[root@fqguoCentos ~]# tcpdump -i ens192 -Q in -c 20
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
10:41:38.811420 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 40585254, win 4193, length 0
10:41:38.812133 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.46304: 45180 NXDomain* 0/1/0 (104)
10:41:38.812805 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.53212: 44282 NXDomain* 0/1/0 (105)
10:41:38.813314 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.51862: 55899 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
10:41:38.830906 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 529, win 4196, length 0
10:41:38.899027 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 689, win 4196, length 0
10:41:38.957398 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 849, win 4195, length 0
10:41:39.020331 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1009, win 4195, length 0
10:41:39.085778 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1169, win 4194, length 0
10:41:39.147766 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1329, win 4193, length 0
10:41:39.170742 ARP, Request who-has 192.168.106.70 tell _gateway, length 46
10:41:39.171256 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.45518: 26636 NXDomain* 0/1/0 (104)
10:41:39.171767 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.44893: 5459 NXDomain* 0/1/0 (103)
10:41:39.187272 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1825, win 4191, length 0
10:41:39.244328 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1985, win 4196, length 0
10:41:39.308391 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2145, win 4196, length 0
10:41:39.380643 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2305, win 4195, length 0
10:41:39.445398 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2465, win 4195, length 0
10:41:39.499997 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2625, win 4194, length 0
10:41:39.555488 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2785, win 4193, length 0
20 packets captured
41 packets received by filter
0 packets dropped by kernel

 

-q 简版显示

[root@fqguoCentos ~]# tcpdump -i ens192 -q -c 20
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
10:44:16.911465 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 240
10:44:16.911836 IP fqguoCentos.33186 > hangzhou.zjhzptt.net.cn.domain: UDP, length 46
10:44:16.912063 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.33186: UDP, length 105
10:44:16.912394 IP fqguoCentos.54929 > hangzhou.zjhzptt.net.cn.domain: UDP, length 45
10:44:16.912642 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.54929: UDP, length 104
10:44:16.912744 IP fqguoCentos.52573 > hangzhou.zjhzptt.net.cn.domain: UDP, length 45
10:44:16.912785 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.912974 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.52573: UDP, length 82
10:44:16.913067 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 656
10:44:16.913109 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913146 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913184 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913243 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913311 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913375 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.927142 IP 192.168.107.235.51591 > fqguoCentos.ssh: tcp 0
10:44:16.927158 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.927225 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 192
10:44:16.927276 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.927319 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
20 packets captured
21 packets received by filter
0 packets dropped by kernel

 

-D -L


-D 显示网络接口列表
-L 显示网络链路列表
这篇关于tcpdump note的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!