码迷,mamicode.com
首页 > 其他好文 > 详细

tcpdump抓包

时间:2020-02-02 23:33:27      阅读:88      评论:0      收藏:0      [点我收藏+]

标签:lib   ace   range   源地址   man   逻辑   进制   ||   The   

tcpdump是linux下的一个抓包工具,作用主要有

1.过滤物理口

2.过滤某个port/ip/mac

3.过滤协议

4.显示ip/mac/port不解析等

过滤某个物理口(网卡)

# 抓取eth0网卡的数据包
tcpdump -i eth0

过滤ip

# 抓取所有经过eth0,目的或源地址是192.168.1.12的数据包
tcpdump -i eth0 host 192.168.0.1

# 抓取所有经过eth0,源地址是192.168.1.12的数据包
tcpdump -i eth0 src host 192.168.0.1

# 抓取所有经过eth0,目的地址是192.168.1.12的数据包
tcpdump -i eth0 dst host 192.168.0.1

# 过滤网段
tcpdump -i eth0 net 192.168
tcpdump -i eth0 src net 192.168
tcpdump -i eth0 dst net 192.168

过滤port

# 抓取所有经过eth0,目的端口是25的数据包
tcpdump -i eth0 port 25

# 过滤端口范围
tcpdump portrange 22-125

# 源端口
tcpdump -i eth0 src port 25

# 目的端口
tcpdump -i eth0 dst port 25

# 过滤8000端口的ip为192.168.1.2的数据包(可以使用逻辑表达式)
tcpdump port 8000 and src host 192.168.1.2

过滤协议

# 过滤ssh协议
tcpdump -i eth0 ssh

常用表达式

非: !/not
且: &&/and
或: ||/or

# 过滤非22端口
tcpdump -i eth0 ! port 22

实操

查看参数

tcpdump -h
tcpdump version 4.5.1
libpcap version 1.5.3
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
        [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
        [ -i interface ] [ -j tstamptype ] [ -M secret ]
        [ -P in|out|inout ]
        [ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]
        [ -W filecount ] [ -y datalinktype ] [ -z command ]
        [ -Z user ] [ expression ]

抓包

tcpdump -i eth0 -s 0 -w a.cap

其中:-s 0 表示包有多大,抓取的数据就有多大;-w a.cap表示存取到a.cap中

另开一个窗口ping 8.8.8.8几秒后停止抓包,查看tcpdump的窗口

?  /tmp tcpdump -i eth0 -s 0 -w a.cap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes






^C2286 packets captured
2287 packets received by filter
0 packets dropped by kernel

查看包内容

tcpdump -r a.cap
22:43:23.135308 IP api0 > 169.254.128.5: ICMP echo reply, id 43468, seq 46081, length 8
22:43:23.176861 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 1:21, ack 22, win 229, options [nop,nop,TS val 139484218 ecr 2378495695], length 20
22:43:23.176926 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 21, win 227, options [nop,nop,TS val 2378496014 ecr 139484218], length 0
22:43:23.178535 IP api0.ssh > 1.179.182.186.51375: Flags [P.], seq 22:1302, ack 21, win 227, options [nop,nop,TS val 2378496016 ecr 139484218], length 1280
22:43:23.495132 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 21:173, ack 1302, win 251, options [nop,nop,TS val 139484297 ecr 2378496016], length 152
22:43:23.534485 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 173, win 235, options [nop,nop,TS val 2378496372 ecr 139484297], length 0
22:43:23.847482 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 173:317, ack 1302, win 251, options [nop,nop,TS val 139484385 ecr 2378496372], length 144
22:43:23.847524 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 317, win 243, options [nop,nop,TS val 2378496685 ecr 139484385], length 0
22:43:23.848928 IP api0.ssh > 1.179.182.186.51375: Flags [P.], seq 1302:2022, ack 317, win 243, options [nop,nop,TS val 2378496686 ecr 139484385], length 720
22:43:23.923096 IP 169.254.128.4 > api0: ICMP echo request, id 22900, seq 25224, length 8
22:43:23.923159 IP api0 > 169.254.128.4: ICMP echo reply, id 22900, seq 25224, length 8
22:43:24.174467 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 317:333, ack 2022, win 271, options [nop,nop,TS val 139484465 ecr 2378496686], length 16
22:43:24.214284 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 333, win 243, options [nop,nop,TS val 2378497052 ecr 139484465], length 0
22:43:24.528689 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 333:385, ack 2022, win 271, options [nop,nop,TS val 139484554 ecr 2378497052], length 52
22:43:24.528727 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 385, win 243, options [nop,nop,TS val 2378497366 ecr 139484554], length 0
22:43:24.528840 IP api0.ssh > 1.179.182.186.51375: Flags [P.], seq 2022:2074, ack 385, win 243, options [nop,nop,TS val 2378497366 ecr 139484554], length 52
22:43:24.836138 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 385:469, ack 2074, win 271, options [nop,nop,TS val 139484632 ecr 2378497366], length 84
22:43:24.875235 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 469, win 243, options [nop,nop,TS val 2378497713 ecr 139484632], length 0
22:43:26.037618 IP api0.57550 > 169.254.0.4.http: Flags [S], seq 2025128073, win 29200, options [mss 1460,sackOK,TS val 2378498875 ecr 0,nop,wscale 7], length 0
22:43:26.039078 IP 169.254.0.4.http > api0.57550: Flags [S.], seq 2435664468, ack 2025128074, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 1], length 0
22:43:26.039107 IP api0.57550 > 169.254.0.4.http: Flags [.], ack 1, win 229, length 0
22:43:26.039158 IP api0.57550 > 169.254.0.4.http: Flags [P.], seq 1:182, ack 1, win 229, length 181
22:43:26.040456 IP 169.254.0.4.http > api0.57550: Flags [.], ack 182, win 7836, length 0
22:43:26.040468 IP api0.57550 > 169.254.0.4.http: Flags [P.], seq 182:558, ack 1, win 229, length 376
22:43:26.041756 IP 169.254.0.4.http > api0.57550: Flags [.], ack 558, win 8372, length 0
22:43:26.041853 IP 169.254.0.4.http > api0.57550: Flags [P.], seq 1:129, ack 558, win 8372, length 128
22:43:26.041860 IP api0.57550 > 169.254.0.4.http: Flags [.], ack 129, win 237, length 0
22:43:26.041871 IP 169.254.0.4.http > api0.57550: Flags [F.], seq 129, ack 558, win 8372, length 0
22:43:26.042130 IP api0.57550 > 169.254.0.4.http: Flags [F.], seq 558, ack 130, win 237, length 0
22:43:26.043461 IP 169.254.0.4.http > api0.57550: Flags [.], ack 559, win 8372, length 0
22:43:26.152907 IP 169.254.128.5 > api0: ICMP echo request, id 43486, seq 46099, length 8
22:43:26.152944 IP api0 > 169.254.128.5: ICMP echo reply, id 43486, seq 46099, length 8
22:43:26.894580 IP api0.ssh > 1.179.182.186.51375: Flags [P.], seq 2074:2158, ack 469, win 243, options [nop,nop,TS val 2378499732 ecr 139484632], length 84
22:43:26.941364 IP 169.254.128.4 > api0: ICMP echo request, id 22923, seq 25247, length 8
22:43:26.941411 IP api0 > 169.254.128.4: ICMP echo reply, id 22923, seq 25247, length 8
22:43:27.209987 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 469:521, ack 2158, win 271, options [nop,nop,TS val 139485225 ecr 2378499732], length 52
22:43:27.210043 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 521, win 243, options [nop,nop,TS val 2378500047 ecr 139485225], length 0
22:43:27.210067 IP 1.179.182.186.51375 > api0.ssh: Flags [F.], seq 521, ack 2158, win 271, options [nop,nop,TS val 139485225 ecr 2378499732], length 0
22:43:27.211484 IP 1.179.182.186.51501 > api0.ssh: Flags [S], seq 1638027811, win 29200, options [mss 1424,sackOK,TS val 139485226 ecr 0,nop,wscale 7], length 0
22:43:27.211515 IP api0.ssh > 1.179.182.186.51501: Flags [S.], seq 1860491578, ack 1638027812, win 28960, options [mss 1460,sackOK,TS val 2378500049 ecr 139485226,nop,wscale 7], length 0
22:43:27.213376 IP api0.ssh > 1.179.182.186.51375: Flags [F.], seq 2158, ack 522, win 243, options [nop,nop,TS val 2378500051 ecr 139485225], length 0
22:43:27.528020 IP 1.179.182.186.51501 > api0.ssh: Flags [.], ack 1, win 229, options [nop,nop,TS val 139485305 ecr 2378500049], length 0
22:43:27.536453 IP api0.ssh > 1.179.182.186.51501: Flags [P.], seq 1:22, ack 1, win 227, options [nop,nop,TS val 2378500374 ecr 139485305], length 21
22:43:27.888267 IP api0.ssh > 1.179.182.186.51375: Flags [F.], seq 2158, ack 522, win 243, options [nop,nop,TS val 2378500726 ecr 139485225], length 0
22:43:28.193196 IP 1.179.182.186.51375 > api0.ssh: Flags [.], ack 2159, win 271, options [nop,nop,TS val 139485472 ecr 2378500051], length 0
22:43:28.212243 IP api0.ssh > 1.179.182.186.51501: Flags [P.], seq 1:22, ack 1, win 227, options [nop,nop,TS val 2378501050 ecr 139485305], length 21
22:43:28.416268 IP api0.53826 > 169.254.0.55.lsi-bobcat: Flags [P.], seq 2588:2752, ack 1827, win 49376, length 164
22:43:28.418257 IP 169.254.0.55.lsi-bobcat > api0.53826: Flags [P.], seq 1827:1993, ack 2752, win 20186, length 166
22:43:28.418306 IP api0.53826 > 169.254.0.55.lsi-bobcat: Flags [.], ack 1993, win 49376, length 0
22:43:28.517198 IP 1.179.182.186.51501 > api0.ssh: Flags [P.], seq 1:21, ack 22, win 229, options [nop,nop,TS val 139485553 ecr 2378500374], length 20

显示全部信息

-r 只是显示摘要信息,如果想要看详细信息可以使用

tcpdump -A -r a.cap
22:44:08.933864 IP 169.254.0.4.http > api0.57588: Flags [S.], seq 2192916898, ack 617913455, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 1], length 0
E..4..@.:............P....A.$..o..9.y...............
22:44:08.933889 IP api0.57588 > 169.254.0.4.http: Flags [.], ack 1, win 229, length 0
E..(6.@.@..............P$..o..A.P...V/..
22:44:08.933942 IP api0.57588 > 169.254.0.4.http: Flags [P.], seq 1:185, ack 1, win 229, length 184
E...6.@.@..]...........P$..o..A.P...V...POST /heart_report.cgi HTTP/1.1
Accept-Encoding: identity
Content-Length: 196
Host: 169.254.0.4
Content-Type: application/json
Connection: close
User-Agent: Python-urllib/2.6


22:44:08.934765 IP 169.254.0.4.http > api0.57588: Flags [.], ack 185, win 7836, length 0
E..(.1@.:.)..........P....A.$..'P.......
22:44:08.934777 IP api0.57588 > 169.254.0.4.http: Flags [P.], seq 185:381, ack 1, win 229, length 196
E...6.@.@..P...........P$..'..A.P...V...[{"timestamp": 1580654648, "namespace": "qce/heartbeat", "dimension": {"vmip": "172.16.0.2", "vm_uuid": "547ca70e-7e4c-4490-a8e7-01fcb1160b7f"}, "batch": [{"name": "barad_agent_hb", "value": 1}]}]
22:44:08.935550 IP 169.254.0.4.http > api0.57588: Flags [.], ack 381, win 8372, length 0
E..(.2@.:.)..........P....A.$...P. .....
22:44:08.935649 IP 169.254.0.4.http > api0.57588: Flags [P.], seq 1:129, ack 381, win 8372, length 128
E....3@.:.)P.........P....A.$...P. .s...HTTP/1.1 200 OK
Connection: close
Content-Length: 70

{"returnValue":0,"returnCode":0,"msg":"OK","seq":12335952500857952241}
22:44:08.935654 IP api0.57588 > 169.254.0.4.http: Flags [.], ack 129, win 237, length 0
E..(6.@.@..............P$.....B#P...V/..
22:44:08.935660 IP 169.254.0.4.http > api0.57588: Flags [F.], seq 129, ack 381, win 8372, length 0
E..(.4@.:.)..........P....B#$...P. ..-..
22:44:08.935896 IP api0.57588 > 169.254.0.4.http: Flags [F.], seq 381, ack 130, win 237, length 0
E..(6.@.@..............P$.....B$P...V/..
22:44:08.936970 IP 169.254.0.4.http > api0.57588: Flags [.], ack 382, win 8372, length 0
E..(.5@.:.)..........P....B$$...P. ..,..
22:44:09.014927 IP 1.179.182.186.52144 > api0.ssh: Flags [P.], seq 21:173, ack 1302, win 251, options [nop,nop,TS val 139495677 ecr 2378541555], length 152
E.....@.*..............."eW$]........\.....
.P..............7.Vh.
.?.....n....diffie-hellman-group1-sha1....ssh-rsa...
aes128-cbc...
aes128-cbc...   hmac-sha1...    hmac-sha1....none....none...................
22:44:09.042629 IP api0.58601 > 169.254.0.2.ntp: NTPv4, Client, length 48
E..L..@.@..............{.8V\..........................................^.
.5^
22:44:09.042937 IP 169.254.0.2.ntp > api0.58601: NTPv4, Server, length 48
E..L..@.;............{...8..$.....PR..........[h.Q.}..^.
.XD..^.
22:44:09.054292 IP api0.ssh > 1.179.182.186.52144: Flags [.], ack 173, win 235, options [nop,nop,TS val 2378541892 ecr 139495677], length 0
E..4S.@.@...............]..."eW.....d......
...D.P..
22:44:09.217708 IP 169.254.128.4 > api0: ICMP echo request, id 23245, seq 10033, length 8
E.........E...........v.Z.'1
22:44:09.217746 IP api0 > 169.254.128.4: ICMP echo reply, id 23245, seq 10033, length 8
E...N3..@.V...........~.Z.'1
22:44:09.324762 IP api0 > dns.google: ICMP echo request, id 5131, seq 3, length 64
E..T..@.@.............-.....9.6^............................ !"#$%&'()*+,-./01234567
22:44:09.340866 IP dns.google > api0: ICMP echo reply, id 5131, seq 3, length 64
E..T....1.............5.....9.6^............................ !"#$%&'()*+,-./01234567
22:44:09.341055 IP api0.ssh > 117.136.74.216.11923: Flags [P.], seq 6086:6202, ack 3699, win 271, length 116
.~.....s.|.W..t....+..$.r}..D..sP...m......P..o....2|a..}./`......q...{..A.AQ..GsU.....|].a..A....P=.   ...........{....HN.O.a
22:44:09.346696 IP 1.179.182.186.52144 > api0.ssh: Flags [P.], seq 173:317, ack 1302, win 251, options [nop,nop,TS val 139495760 ecr 2378541892], length 144
E.....@.*..!............"eW.]..............
.P.P...D..........l..(....
.g..io4!.lb.._.79ka.E%.k....r..q.ME..B.-\...0..............h...S../
22:44:09.346736 IP api0.ssh > 1.179.182.186.52144: Flags [.], ack 317, win 243, options [nop,nop,TS val 2378542184 ecr 139495760], length 0
E..4S.@.@...............]..."eXL....d......
...h.P.P
22:44:09.347996 IP api0.ssh > 1.179.182.186.52144: Flags [P.], seq 1302:2022, ack 317, win 243, options [nop,nop,TS val 2378542185 ecr 139495760], length 720
E...S.@.@...............]..."eXL....gv.....
}..{J........t?,..Ff[..kZq......\......:...w......>................~..E.ozV....J.`.....3~e]....P.T.{..x..s.......?kc.......y...H.u.tri.0..+..5..J.3b`.).._...&....d&I.Q.0..."e.s..u-W*.>...I..04....U..1..Q!.uJ.i.A.4...{..(..z..p.].~k...A..vS..Z#..1i...........8..]...(..X....[..l.R....K...m.9..b,......qv..N..Uv..3X.l09..ef4......"...<.......u....DW.T`.+..wG.
...........
22:44:09.366358 IP 117.136.74.216.11923 > api0.ssh: Flags [.], ack 6202, win 2034, length 0
Eh.(..@.~...u.J.........p}.s...rP...b...
22:44:09.636942 IP 117.136.74.216.11923 > api0.ssh: Flags [.], ack 6202, win 2040, length 0
Eh.(,%@.~.c.u.J.........p}.s...rP...b...
22:44:10.000216 IP api0.ssh > 1.179.182.186.52144: Flags [P.], seq 1302:2022, ack 317, win 243, options [nop,nop,TS val 2378542838 ecr 139495760], length 720
E...S.@.@...............]..."eXL....gv.....
}..{J........t?,..Ff[..kZq......\......:...w......>................~..E.ozV....J.`.....3~e]....P.T.{..x..s.......?kc.......y...H.u.tri.0..+..5..J.3b`.).._...&....d&I.Q.0..."e.s..u-W*.>...I..04....U..1..Q!.uJ.i.A.4...{..(..z..p.].~k...A..vS..Z#..1i...........8..]...(..X....[..l.R....K...m.9..b,......qv..N..Uv..3X.l09..ef4......"...<.......u....DW.T`.+..wG.
...........
22:44:10.038619 IP api0.57590 > 169.254.0.4.http: Flags [S], seq 2040860092, win 29200, options [mss 1460,sackOK,TS val 2378542876 ecr 0,nop,wscale 7], length 0
.......r.VC............Py.
............
22:44:10.040012 IP 169.254.0.4.http > api0.57590: Flags [S.], seq 1778671327, ack 2040860093, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 1], length 0
...9.................P..j.^.y.
22:44:10.040040 IP api0.57590 > 169.254.0.4.http: Flags [.], ack 1, win 229, length 0
.j.^.P...V/............Py.
22:44:10.040090 IP api0.57590 > 169.254.0.4.http: Flags [P.], seq 1:182, ack 1, win 229, length 181
.j.^.P...V...POST /ca_report.cgi HTTP/1.1
Accept-Encoding: identity
Content-Length: 268
Host: 169.254.0.4
Content-Type: application/json
Connection: close
User-Agent: Python-urllib/2.6

也可以使用十六进制显示

tcpdump -X -r a.cap
22:44:21.633293 IP api0.ssh > 1.179.182.186.52412: Flags [.], ack 173, win 235, options [nop,nop,TS val 2378554471 ecr 139498822], length 0
    0x0000:  4500 0034 84b3 4000 4006 5191 ac10 0002  E..4..@.@.Q.....
    0x0010:  01b3 b6ba 0016 ccbc 30d7 6294 6932 93aa  ........0.b.i2..
    0x0020:  8010 00eb 64a6 0000 0101 080a 8dc5 dc67  ....d..........g
    0x0030:  0850 9546                                .P.F
22:44:21.934624 IP api0.57604 > 169.254.0.4.http: Flags [S], seq 2381561220, win 29200, options [mss 1460,sackOK,TS val 2378554772 ecr 0,nop,wscale 7], length 0
    0x0000:  4500 003c 6010 4000 4006 8497 ac10 0002  E..<`.@.@.......
    0x0010:  a9fe 0004 e104 0050 8df3 bd84 0000 0000  .......P........
    0x0020:  a002 7210 5643 0000 0204 05b4 0402 080a  ..r.VC..........
    0x0030:  8dc5 dd94 0000 0000 0103 0307            ............
22:44:21.935377 IP 169.254.0.4.http > api0.57604: Flags [S.], seq 1775983592, ack 2381561221, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 1], length 0
    0x0000:  45b8 0034 0000 4000 3a06 e9f7 a9fe 0004  E..4..@.:.......
    0x0010:  ac10 0002 0050 e104 69db 5be8 8df3 bd85  .....P..i.[.....
    0x0020:  8012 3908 ed7c 0000 0204 0590 0101 0402  ..9..|..........
    0x0030:  0103 0301                                ....
22:44:21.935405 IP api0.57604 > 169.254.0.4.http: Flags [.], ack 1, win 229, length 0
    0x0000:  4500 0028 6011 4000 4006 84aa ac10 0002  E..(`.@.@.......
    0x0010:  a9fe 0004 e104 0050 8df3 bd85 69db 5be9  .......P....i.[.
    0x0020:  5010 00e5 562f 0000                      P...V/..
22:44:21.935458 IP api0.57604 > 169.254.0.4.http: Flags [P.], seq 1:182, ack 1, win 229, length 181
    0x0000:  4500 00dd 6012 4000 4006 83f4 ac10 0002  E...`.@.@.......
    0x0010:  a9fe 0004 e104 0050 8df3 bd85 69db 5be9  .......P....i.[.
    0x0020:  5018 00e5 56e4 0000 504f 5354 202f 6361  P...V...POST./ca
    0x0030:  5f72 6570 6f72 742e 6367 6920 4854 5450  _report.cgi.HTTP
    0x0040:  2f31 2e31 0d0a 4163 6365 7074 2d45 6e63  /1.1..Accept-Enc
    0x0050:  6f64 696e 673a 2069 6465 6e74 6974 790d  oding:.identity.
    0x0060:  0a43 6f6e 7465 6e74 2d4c 656e 6774 683a  .Content-Length:
    0x0070:  2033 3335 0d0a 486f 7374 3a20 3136 392e  .335..Host:.169.
    0x0080:  3235 342e 302e 340d 0a43 6f6e 7465 6e74  254.0.4..Content
    0x0090:  2d54 7970 653a 2061 7070 6c69 6361 7469  -Type:.applicati
    0x00a0:  6f6e 2f6a 736f 6e0d 0a43 6f6e 6e65 6374  on/json..Connect
    0x00b0:  696f 6e3a 2063 6c6f 7365 0d0a 5573 6572  ion:.close..User
    0x00c0:  2d41 6765 6e74 3a20 5079 7468 6f6e 2d75  -Agent:.Python-u
    0x00d0:  726c 6c69 622f 322e 360d 0a0d 0a         rllib/2.6....
22:44:21.936159 IP 169.254.0.4.http > api0.57604: Flags [.], ack 182, win 7836, length 0
    0x0000:  45b8 0028 a301 4000 3a06 4702 a9fe 0004  E..(..@.:.G.....
    0x0010:  ac10 0002 0050 e104 69db 5be9 8df3 be3a  .....P..i.[....:
    0x0020:  5010 1e9c 47dc 0000                      P...G...
22:44:21.936170 IP api0.57604 > 169.254.0.4.http: Flags [P.], seq 182:517, ack 1, win 229, length 335
    0x0000:  4500 0177 6013 4000 4006 8359 ac10 0002  E..w`.@.@..Y....
    0x0010:  a9fe 0004 e104 0050 8df3 be3a 69db 5be9  .......P...:i.[.
    0x0020:  5018 00e5 577e 0000 5b7b 2274 696d 6573  P...W~..[{"times
    0x0030:  7461 6d70 223a 2031 3538 3036 3534 3636  tamp":.158065466
    0x0040:  312c 2022 6e61 6d65 7370 6163 6522 3a20  1,."namespace":.
    0x0050:  2271 6365 2f63 766d 222c 2022 6469 6d65  "qce/cvm",."dime
    0x0060:  6e73 696f 6e22 3a20 7b22 766d 6970 223a  nsion":.{"vmip":
    0x0070:  2022 3137 322e 3136 2e30 2e32 222c 2022  ."172.16.0.2",."
    0x0080:  766d 5f75 7569 6422 3a20 2235 3437 6361  vm_uuid":."547ca
    0x0090:  3730 652d 3765 3463 2d34 3439 302d 6138  70e-7e4c-4490-a8
    0x00a0:  6537 2d30 3166 6362 3131 3630 6237 6622  e7-01fcb1160b7f"
    0x00b0:  7d2c 2022 6261 7463 6822 3a20 5b7b 226e  },."batch":.[{"n
    0x00c0:  616d 6522 3a20 2263 7075 5f75 7361 6765  ame":."cpu_usage
    0x00d0:  222c 2022 7661 6c75 6522 3a20 312e 3630  ",."value":.1.60
    0x00e0:  3030 3030 3030 3030 3030 3030 3031 7d2c  00000000000001},
    0x00f0:  207b 226e 616d 6522 3a20 2263 7075 5f6c  .{"name":."cpu_l
    0x0100:  6f61 645f 3122 2c20 2276 616c 7565 223a  oad_1",."value":
    0x0110:  2030 2e30 7d2c 207b 226e 616d 6522 3a20  .0.0},.{"name":.
    0x0120:  2263 7075 5f6c 6f61 645f 3522 2c20 2276  "cpu_load_5",."v
    0x0130:  616c 7565 223a 2030 2e30 317d 2c20 7b22  alue":.0.01},.{"
    0x0140:  6e61 6d65 223a 2022 6370 755f 6c6f 6164  name":."cpu_load
    0x0150:  5f31 3522 2c20 2276 616c 7565 223a 2030  _15",."value":.0
    0x0160:  2e30 3530 3030 3030 3030 3030 3030 3030  .050000000000000
    0x0170:  3030 337d 5d7d 5d                        003}]}]

tcpdump抓包

标签:lib   ace   range   源地址   man   逻辑   进制   ||   The   

原文地址:https://www.cnblogs.com/zzliu/p/12254221.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!