标签:帮助文档 cheat
实验环境:
vmware workstation 11
centos6.7的系统下
ip:192.168.244.129 防火墙关闭 setenforce 0
putty(ssh远程连接软件)
软件介绍:
什么是cheat?
cheat是在GNU通用公共许可证下,为Linux命令行用户发行的交互式备忘单应用程序。它提供显示Linux命令使用案例,包括该命令所有的选项和简短但尚可理解的功能。
实验过程:
‘Cheat’有两个主要的依赖——‘python’ 和 ‘pip’,在安装‘cheat’之前,确保你的系统安装了python和pip。
一、安装pip
[root@fwc ~]# yum install python-pip -y
二、安装cheat
[root@fwc ~]# pip install cheat Collecting cheat /usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning Downloading cheat-2.1.25.tar.gz (43kB) 100% |████████████████████████████████| 45kB 111kB/s Collecting docopt>=0.6.1 (from cheat) Downloading docopt-0.6.2.tar.gz Collecting pygments>=1.6.0 (from cheat) Downloading Pygments-2.1.3-py2.py3-none-any.whl (755kB) 100% |████████████████████████████████| 757kB 172kB/s Installing collected packages: docopt, pygments, cheat Running setup.py install for docopt Running setup.py install for cheat Successfully installed cheat-2.1.25 docopt-0.6.2 pygments-2.1.3
三、软件的使用方法
[root@fwc ~]# cheat tcpdump # TCPDump is a packet analyzer. It allows the user to intercept and display TCP/IP # and other packets being transmitted or received over a network. (cf Wikipedia). # Note: 173.194.40.120 => google.com # Intercepts all packets on eth0 tcpdump -i eth0 # Intercepts all packets from/to 173.194.40.120 tcpdump host 173.194.40.120 # Intercepts all packets on all interfaces from / to 173.194.40.120 port 80 # -nn => Disables name resolution for IP addresses and port numbers. tcpdump -nn -i any host 173.194.40.120 and port 80 # Make a grep on tcpdump (ASCII) # -A => Show only ASCII in packets. # -s0 => By default, tcpdump only captures 68 bytes. tcpdump -i -A any host 173.194.40.120 and port 80 | grep ‘User-Agent‘ # With ngrep # -d eth0 => To force eth0 (else ngrep work on all interfaces) # -s0 => force ngrep to look at the entire packet. (Default snaplen: 65536 bytes) ngrep ‘User-Agent‘ host 173.194.40.120 and port 80 # Intercepts all packets on all interfaces from / to 8.8.8.8 or 173.194.40.127 on port 80 tcpdump ‘host ( 8.8.8.8 or 173.194.40.127 ) and port 80‘ -i any # Intercepts all packets SYN and FIN of each TCP session. tcpdump ‘tcp[tcpflags] & (tcp-syn|tcp-fin) != 0‘ # To display SYN and FIN packets of each TCP session to a host that is not on our network tcpdump ‘tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net local_addr‘ # To display all IPv4 HTTP packets that come or arrive on port 80 and that contain only data (no SYN, FIN no, no packet containing an ACK) tcpdump ‘tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)‘ # Saving captured data tcpdump -w file.cap # Reading from capture file tcpdump -r file.cap # Show content in hexa # Change -x to -xx => show extra header (ethernet). tcpdump -x # Show content in hexa and ASCII # Change -X to -XX => show extra header (ethernet). tcpdump -X # Note on packet maching: # Port matching: # - portrange 22-23 # - not port 22 # - port ssh # - dst port 22 # - src port 22 # # Host matching: # - dst host 8.8.8.8 # - not dst host 8.8.8.8 # - src net 67.207.148.0 mask 255.255.255.0 # - src net 67.207.148.0/24
可以看到输出简单易懂,用法清晰明了。
参考文章链接:http://os.51cto.com/art/201409/450709.htm
本文出自 “积少成多” 博客,谢绝转载!
标签:帮助文档 cheat
原文地址:http://9399369.blog.51cto.com/9389369/1790791