码迷,mamicode.com
首页 > 其他好文 > 详细

tcpdump

时间:2020-07-04 16:48:32      阅读:74      评论:0      收藏:0      [点我收藏+]

标签:gzip   html   nop   correct   rev   received   uri   htm   packet   

  

  1. tcpdump -i interface -nc 10 ether dst MAC     使用MAC地址进行抓包,加入ether修饰
    技术图片

     

     
    win表示发送方窗口大小,ack213表示对序列号213的包进行响应
    Flags表示tcp的标志位信息

    .    ACK
    S    SYN
    F    FIN
    P     PUSH
    R    RST

     



  2. tcpdump 支持逻辑运算
    not
    and
    or

    tcpdump -i ens33 -nvc 10 not ether host 00:0c:29:82:6a:34

    技术图片

     

     



  3. tcpdump -i ens33 -X broadcast     广播包的抓取
    技术图片

     

     

  4. tcpdump -i ens33 -nvc 10 ip broadcast        UDP进行的广播包
  5. tcpdump -i ens33 -nvc 10 ip multicast          多播包抓取
    技术图片

     

     

  6. tcpdump -i ens33 -nvc 10 dst net 192.168.8.0/24 and ip proto ‘\tcp‘ and src port 8080
    [root@pend2 ~]# tcpdump -i ens33 -nvc 10 dst net 192.168.8.0/24 and ip proto \tcp and src port 8080
    tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
    15:46:56.412210 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
        192.168.8.7.webcache > 192.168.8.1.10464: Flags [S.], cksum 0x9187 (incorrect -> 0xc48e), seq 2953867736, ack 2874435796, win 28960, options [mss 1460,sackOK,TS val 8642153 ecr 9380586,nop,wscale 7], length 0
    15:46:56.414122 IP (tos 0x0, ttl 64, id 44978, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.8.7.webcache > 192.168.8.1.10464: Flags [.], cksum 0x917f (incorrect -> 0x6258), ack 307, win 235, options [nop,nop,TS val 8642155 ecr 9380590], length 0
    15:46:56.456616 IP (tos 0x0, ttl 64, id 44979, offset 0, flags [DF], proto TCP (6), length 1581)
        192.168.8.7.webcache > 192.168.8.1.10464: Flags [P.], cksum 0x9778 (incorrect -> 0x0e28), seq 1:1530, ack 307, win 235, options [nop,nop,TS val 8642198 ecr 9380590], length 1529: HTTP, length: 1529
        HTTP/1.1 403 Forbidden
        Date: Sat, 04 Jul 2020 07:46:56 GMT
        X-Content-Type-Options: nosniff
        Set-Cookie: JSESSIONID.4dc69a9a=node0xq21sxjijqq7e9iekqtmn4ub1.node0; Path=/; HttpOnly
        Expires: Thu, 01 Jan 1970 00:00:00 GMT
        Content-Type: text/html;charset=utf-8
        X-Hudson: 1.395
        X-Jenkins: 2.235.1
        X-Jenkins-Session: 95aeabfd
        X-You-Are-Authenticated-As: anonymous
        X-You-Are-In-Group-Disabled: JENKINS-39402: use -Dhudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS=true or use /whoAmI to diagnose
        X-Required-Permission: hudson.model.Hudson.Read
        X-Permission-Implied-By: hudson.security.Permission.GenericRead
        X-Permission-Implied-By: hudson.model.Hudson.Administer
        Content-Length: 793
        Server: Jetty(9.4.27.v20200227)
        
        <html><head><meta http-equiv=refresh content=1;url=/login?from=%2F/><script>window.location.replace(/login?from=%2F);</script></head><body style=background-color:white; color:white;>
        
        
        Authentication required
        <!--
        You are authenticated as: anonymous
        Groups that you are in:
          
        Permission you need to have (but didnt): hudson.model.Hudson.Read
         ... which is implied by: hudson.security.Permission.GenericRead
         ... which is implied by: hudson.model.Hudson.Administer
        -->
        
        </body></html>                                                                                                                                                                                                                                                                                                            [!http]
    15:46:56.514246 IP (tos 0x0, ttl 64, id 44981, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.8.7.webcache > 192.168.8.1.10464: Flags [.], cksum 0x917f (incorrect -> 0x59eb), ack 728, win 243, options [nop,nop,TS val 8642255 ecr 9380689], length 0
    15:46:56.584110 IP (tos 0x0, ttl 64, id 44982, offset 0, flags [DF], proto TCP (6), length 1696)
        192.168.8.7.webcache > 192.168.8.1.10464: Flags [P.], cksum 0x97eb (incorrect -> 0x534f), seq 1530:3174, ack 728, win 243, options [nop,nop,TS val 8642325 ecr 9380689], length 1644: HTTP, length: 1644
        HTTP/1.1 200 OK
        Date: Sat, 04 Jul 2020 07:46:56 GMT
        X-Content-Type-Options: nosniff
        Content-Type: text/html;charset=utf-8
        Expires: 0
        Cache-Control: no-cache,no-store,must-revalidate
        X-Hudson: 1.395
        X-Jenkins: 2.235.1
        X-Jenkins-Session: 95aeabfd
        X-Frame-Options: sameorigin
        Content-Encoding: gzip
        X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4q5JmYrPCHXIARHK7WOVJAKV6p2oQwE6VXJoxAd511wAw7UHc/eyuJjkZenTv83WumXZh9YTw30NZEck04C8/Nl8An0tcZtityzuWOYk/KN7hHBKg9KDa3h7krLZ2JL6Q0RY4a/NUOuCFNudnJHLMvcFOfzujOb7oMgKodt+mkVSdMMiMG9L7dsetpOR3fTDoOUZmLXy9+dOjuCu0Z2nTZkWnNVMT9gjcAHdAnjGZs+LHIGZqXn82HCzBFpZ3Vx7XeU/8c77uCV7hS9rTlmRh60Dhu4JYQNg3WWQH+d3vrkANXjFWRGEQfnVYHipSSBSrNw3Jo1WjhqPWZFt+uTrwIDAQAB
        Content-Length: 866
        Server: Jetty(9.4.27.v20200227)
        
    15:46:56.596696 IP (tos 0x0, ttl 64, id 44984, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.8.7.webcache > 192.168.8.1.10464: Flags [.], cksum 0x917f (incorrect -> 0x5132), ack 1149, win 252, options [nop,nop,TS val 8642338 ecr 9380765], length 0
    15:46:56.596956 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
        192.168.8.7.webcache > 192.168.8.1.10466: Flags [S.], cksum 0x9187 (incorrect -> 0x79ab), seq 2796501852, ack 2497448090, win 28960, options [mss 1460,sackOK,TS val 8642338 ecr 9380770,nop,wscale 7], length 0
    15:46:56.597004 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
        192.168.8.7.webcache > 192.168.8.1.10467: Flags [S.], cksum 0x9187 (incorrect -> 0x7a1b), seq 4193343063, ack 1964161461, win 28960, options [mss 1460,sackOK,TS val 8642338 ecr 9380770,nop,wscale 7], length 0
    15:46:56.601560 IP (tos 0x0, ttl 64, id 35198, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.8.7.webcache > 192.168.8.1.10467: Flags [.], cksum 0x917f (incorrect -> 0x176b), ack 428, win 235, options [nop,nop,TS val 8642342 ecr 9380773], length 0
    15:46:56.601632 IP (tos 0x0, ttl 64, id 58491, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.8.7.webcache > 192.168.8.1.10466: Flags [.], cksum 0x917f (incorrect -> 0x16fb), ack 428, win 235, options [nop,nop,TS val 8642342 ecr 9380773], length 0
    10 packets captured
    10 packets received by filter
    0 packets dropped by kernel

     

  7. tcpdump -i ens33 arp dst net 192.168.8.0/24 进行arp报文抓取
    技术图片

     

     

  8. 常用组合条件
    dst host ip
    src host ip
    host ip
    dst net cidr
    src net cidr
    net cidr

     

tcpdump

标签:gzip   html   nop   correct   rev   received   uri   htm   packet   

原文地址:https://www.cnblogs.com/dissipate/p/13235186.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!