English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
Linux tcpdump 명령어는 네트워크 전송 데이터를 푸시합니다.
tcpdump 명령어를 실행하면 지정된 네트워크 인터페이스를 통해 흐르는 데이터 패킷 헤더를 나열할 수 있습니다. Linux 운영 체제에서는 시스템 관리자여야 합니다.
tcpdump [-adeflnNOpqStvx][-c<데이터 패킷 수>][-dd][-ddd][-F<표현 파일>][-i<네트워크 인터페이스>][-r<데이터 패킷 파일>][-s<데이터 패킷 크기>][-tt][-T<데이터 패킷 타입>][-vv][-w<데이터 패킷 파일>][출력 데이터 필드]
파라미터 설명:
TCP 패킷 정보를 표시합니다
# tcpdump tcpdump: verbose output suppressed, use -v 또는 -vv 전체 프로토콜 디코딩을 위해 eth0, 링크에서 듣고 있습니다-тип EN10MB (이더넷), 캡처 크기 96 바이트 23:35:55.129998 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 148872068:148872168(100) ack 4184371747 win 2100 23:35:55.182357 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 100 win 64240 23:35:55.182397 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 100:200(100) ack 1 win 2100 23:35:55.131713 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 50226+ PTR? 1.0.168.192.in-addr.arpa. (42) 23:35:55.131896 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 50226+ PTR? 1.0.168.192.in-addr.arpa. (42) 23:35:55.154238 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 50226 NXDomain 0/0/0 (42) 23:35:55.156298 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 50226 NXDomain 0/0/0 (42) 23:35:55.159292 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 30304+ PTR? 3.0.168.192.in-addr.arpa. (42) 23:35:55.159449 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 30304+ PTR? 3.0.168.192.in-addr.arpa. (42) 23:35:55.179816 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 30304 NXDomain 0/0/0 (42) 23:35:55.181279 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 30304 NXDomain 0/0/0 (42) 23:35:55.181806 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 200:268(68) ack 1 win 2100 23:35:55.182177 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 268 win 64198 23:35:55.182677 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 43983+ PTR? 112.96.103.202.in-addr.arpa. (45) 23:35:55.182807 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 43983+ PTR? 112.96.103.202.in-addr.arpa. (45) 23:35:55.183055 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 268:352(84) ack 1 win 2100 23:35:55.201096 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 43983 1/0/0 (72) 23:35:55.203087 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 43983 1/0/0 (72) 23:35:55.204666 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 352:452(100) ack 1 win 2100 23:35:55.204852 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 452 win 64152 23:35:55.205305 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 452:520(68) ack 1 win 2100 23:35:55.205889 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 9318+ PTR? 85.6.250.118.in-addr.arpa. (43) 23:35:55.206071 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 9318+ PTR? 85.6.250.118.in-addr.arpa. (43) 23:35:55.215338 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: P 2392751922:2392751987(65) ack 2849759785 win 54 23:35:55.216273 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 2392751922:2392751987(65) ack 2849759785 win 54 23:35:55.329204 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 520 win 64135 23:35:55.458214 IP 192.168.0.65.2057 > 115.238.1.45.3724: . ack 65 win 32590 23:35:55.458221 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724: . ack 65 win 32590 23:35:55.708228 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: P 65:118(53) ack 1 win 54 23:35:55.710213 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 65:118(53) ack 1 win 54 23:35:55.865151 IP 192.168.0.65.2057 > 115.238.1.45.3724: . ack 118 win 32768 23:35:55.865157 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724: . ack 118 win 32768 23:35:56.242805 IP 192.168.0.65.2057 > 115.238.1.45.3724: P 1:25(24) ack 118 win 32768 23:35:56.242812 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724: P 1:25(24) ack 118 win 32768 23:35:56.276816 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: . ack 25 win 54 23:35:56.278240 IP 115.238.1.45.3724 > 192.168.0.65.2057: . ack 25 win 54 23:35:56.349747 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: P 118:159(41) ack 25 win 54 23:35:56.351780 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 118:159(41) ack 25 win 54 23:35:56.400051 PPPoE [ses 0x1cb0] IP 119.147.18.44.8000 > 118.250.6.85.4000: UDP, 길이 79 23:35:56.475050 IP 192.168.0.65.2057 > 115.238.1.45.3724: . ack 159 win 32762 23:35:56.475063 PPPoE [ses 0x1cb0] IP 118.250.6.85.64120 > 115.238.1.45.3724: . ack 159 win 32762 23:35:56.508968 PPPoE [ses 0x1cb0] IP 115.238.1.45.3724 > 118.250.6.85.64120: P 159:411(252) ack 25 win 54 23:35:56.510182 IP 115.238.1.45.3724 > 192.168.0.65.2057: P 159:411(252) ack 25 win 54 23:35:56.592028 PPPoE [ses 0x1cb0] IP 117.136.2.43.38959 > 118.250.6.85.63283: UDP, 길이 36 44 캡처된 패킷 76 필터에 의해 수신된 패킷 0 패킷이 커널에 의해 버려졌습니다
지정된 수의 패킷을 표시합니다
# tcpdump -c 20 tcpdump: verbose output suppressed, use -v 또는 -vv 전체 프로토콜 디코딩을 위해 eth0, 링크에서 듣고 있습니다-тип EN10MB (이더넷), 캡처 크기 96 바이트 23:36:28.949538 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 148875984:148876020(36) ack 4184373187 win 2100 23:36:28.994325 IP 192.168.0.1.2101 > 192.168.0.3.ssh: . ack 36 win 64020 23:36:28.994368 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 36:72(36) ack 1 win 2100 23:36:28.950779 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 18242+ PTR? 1.0.168.192.in-addr.arpa. (42) 23:36:28.950948 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 18242+ PTR? 1.0.168.192.in-addr.arpa. (42) 23:36:28.960105 PPPoE [ses 0x1cb0] IP 222.82.119.41.13594 > 118.250.6.85.63283: UDP, 길이 36 23:36:28.962192 IP 222.82.119.41.13594 > 192.168.0.65.13965: UDP, 길이 36 23:36:28.963118 IP 192.168.0.65.13965 > 222.82.119.41.13594: UDP, 길이 34 23:36:28.963123 PPPoE [ses 0x1cb0] IP 118.250.6.85.63283 > 222.82.119.41.13594: UDP, 길이 34 23:36:28.970185 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 18242 NXDomain 0/0/0 (42) 23:36:28.970413 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 18242 NXDomain 0/0/0 (42) 23:36:28.972352 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: 17862+ PTR? 3.0.168.192.in-addr.arpa. (42) 23:36:28.972474 PPPoE [ses 0x1cb0] IP 118.250.6.85.64215 > dns2.cs.hn.cn.domain: 17862+ PTR? 3.0.168.192.in-addr.arpa. (42) 23:36:28.982287 PPPoE [ses 0x1cb0] IP 121.12.131.163.13109 > 118.250.6.85.63283: UDP, 길이 27 23:36:28.984162 IP 121.12.131.163.13109 > 192.168.0.65.13965: UDP, 길이 27 23:36:28.985021 IP 192.168.0.65.13965 > 121.12.131.163.13109: UDP, 길이 103 23:36:28.985027 PPPoE [ses 0x1cb0] IP 118.250.6.85.63283 > 121.12.131.163.13109: UDP, 길이 103 23:36:28.991919 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64215: 17862 NXDomain 0/0/0 (42) 23:36:28.993142 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: 17862 NXDomain 0/0/0 (42) 23:36:28.993574 IP 192.168.0.3.ssh > 192.168.0.1.2101: P 72:140(68) ack 1 win 2100 20 패킷이 캡처되었습니다 206 필터에 의해 수신된 패킷 129 커널에 의해 버려진 패킷
condensed display
# tcpdump -c 10 -q //condensed mode display 10개 패킷 tcpdump: verbose output suppressed, use -v 또는 -vv 전체 프로토콜 디코딩을 위해 eth0, 링크에서 듣고 있습니다-тип EN10MB (이더넷), 캡처 크기 96 바이트 23:43:05.792280 IP 192.168.0.3.ssh > 192.168.0.1.2101: tcp 36 23:43:05.842115 IP 192.168.0.1.2101 > 192.168.0.3.ssh: tcp 0 23:43:05.845074 IP 115.238.1.45.3724 > 192.168.0.65.2057: tcp 0 23:43:05.907155 IP 192.168.0.3.ssh > 192.168.0.1.2101: tcp 36 23:43:05.793880 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: UDP, 길이 42 23:43:05.794076 PPPoE [ses 0x1cb0] IP 118.250.6.85.64219 > dns2.cs.hn.cn.domain: UDP, 길이 42 23:43:05.811127 PPPoE [ses 0x1cb0] IP dns2.cs.hn.cn.domain > 118.250.6.85.64219: UDP, 길이 42 23:43:05.814764 IP dns2.cs.hn.cn.domain > 192.168.0.3.32804: UDP, 길이 42 23:43:05.816404 IP 192.168.0.3.32804 > dns2.cs.hn.cn.domain: UDP, 길이 42 23:43:05.816545 PPPoE [ses 0x1cb0] IP 118.250.6.85.64219 > dns2.cs.hn.cn.domain: UDP, 길이 42 10 캡처된 패킷 39 필터에 의해 수신된 패킷 0 패킷이 커널에 의해 버려졌습니다
십진수 읽기 형식으로 변환
# tcpdump -d (000) ret #96
십진수 형식으로 변환
# tcpdump -ddd 1 6 0 0 96