tcpdump抓包实例
生活随笔
收集整理的這篇文章主要介紹了
tcpdump抓包实例
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
//IP過濾
tcpdump -i eth1 host 192.168.1.1
tcpdump -i eth1 src host 192.168.1.1
tcpdump -i eth1 dst host 192.168.1.1
//端口過濾
tcpdump -i eth1 port 25
tcpdump -i eth1 src port 25
tcpdump -i eth1 dst port 25
//網(wǎng)絡(luò)過濾
tcpdump -i eth1 net 192.168
tcpdump -i eth1 src net 192.168
tcpdump -i eth1 dst net 192.168
//協(xié)議過濾
tcpdump -i eth1 arp
tcpdump -i eth1 ip
tcpdump -i eth1 tcp
tcpdump -i eth1 udp
tcpdump -i eth1 icmp
//抓取tcp并且是80端口,并且目標(biāo)IP是192.168.1.254或者目標(biāo)IP是192.168.1.200
tcpdump -i eth1 '((tcp) and (port 80) and ((dst host 192.168.1.254) or (dst host
192.168.1.200)))'
//抓取ICMP報并且目標(biāo)MAC地址是00:01:02:03:04:05
tcpdump -i eth1 '((icmp) and ((ether dst host 00:01:02:03:04:05)))'
//抓取TCPO包并且網(wǎng)絡(luò)段是192.168的,并且目標(biāo)IP不是192.168.1.200
tcpdump -i eth1 '((tcp) and ((dst net 192.168) and (not dst host 192.168.1.200)))'
//只抓SYN包
tcpdump -i eth1 'tcp[tcpflags] = tcp-syn'
//抓取syn不等于0并且ack不等于0的包
tcpdump -i eth1 'tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack != 0'
//抓取SMTP包
tcpdump -i eth1 '((port 25) and (tcp[(tcp[12]>>2):4] = 0x4d41494c))'
//抓取HTTP GET包, "GET "的十六進制是 47455420
tcpdump -i eth1 'tcp[(tcp[12]>>2):4] = 0x47455420'
//抓取ssh返回包,"SSH-"的十六進制是 0x5353482D
tcpdump -i eth1 'tcp[(tcp[12]>>2):4] = 0x5353482D'
//抓取老版本的ssh返回包,SSH-1.99
?tcpdump -i eth1 '(tcp[(tcp[12]>>2):4] = 0x5353482D) and (tcp[((tcp[12]>>2)+4):2]
= 0x312E)'
//抓取DNS包
tcpdump -i eth1 udp dst port 53
//抓取8000端口的GET包,寫入日志
tcpdump -i eth0 '((port 8000) and (tcp[(tcp[12]>>2):4]=0x47455420))' -nnAl -w /tmp/GET.log
tcpdump -i eth1 host 192.168.1.1
tcpdump -i eth1 src host 192.168.1.1
tcpdump -i eth1 dst host 192.168.1.1
//端口過濾
tcpdump -i eth1 port 25
tcpdump -i eth1 src port 25
tcpdump -i eth1 dst port 25
//網(wǎng)絡(luò)過濾
tcpdump -i eth1 net 192.168
tcpdump -i eth1 src net 192.168
tcpdump -i eth1 dst net 192.168
//協(xié)議過濾
tcpdump -i eth1 arp
tcpdump -i eth1 ip
tcpdump -i eth1 tcp
tcpdump -i eth1 udp
tcpdump -i eth1 icmp
//抓取tcp并且是80端口,并且目標(biāo)IP是192.168.1.254或者目標(biāo)IP是192.168.1.200
tcpdump -i eth1 '((tcp) and (port 80) and ((dst host 192.168.1.254) or (dst host
192.168.1.200)))'
//抓取ICMP報并且目標(biāo)MAC地址是00:01:02:03:04:05
tcpdump -i eth1 '((icmp) and ((ether dst host 00:01:02:03:04:05)))'
//抓取TCPO包并且網(wǎng)絡(luò)段是192.168的,并且目標(biāo)IP不是192.168.1.200
tcpdump -i eth1 '((tcp) and ((dst net 192.168) and (not dst host 192.168.1.200)))'
//只抓SYN包
tcpdump -i eth1 'tcp[tcpflags] = tcp-syn'
//抓取syn不等于0并且ack不等于0的包
tcpdump -i eth1 'tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack != 0'
//抓取SMTP包
tcpdump -i eth1 '((port 25) and (tcp[(tcp[12]>>2):4] = 0x4d41494c))'
//抓取HTTP GET包, "GET "的十六進制是 47455420
tcpdump -i eth1 'tcp[(tcp[12]>>2):4] = 0x47455420'
//抓取ssh返回包,"SSH-"的十六進制是 0x5353482D
tcpdump -i eth1 'tcp[(tcp[12]>>2):4] = 0x5353482D'
//抓取老版本的ssh返回包,SSH-1.99
?tcpdump -i eth1 '(tcp[(tcp[12]>>2):4] = 0x5353482D) and (tcp[((tcp[12]>>2)+4):2]
= 0x312E)'
//抓取DNS包
tcpdump -i eth1 udp dst port 53
//抓取8000端口的GET包,寫入日志
tcpdump -i eth0 '((port 8000) and (tcp[(tcp[12]>>2):4]=0x47455420))' -nnAl -w /tmp/GET.log
總結(jié)
以上是生活随笔為你收集整理的tcpdump抓包实例的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: FreeBSD设置IP地址,网关,DNS
- 下一篇: OllyDbg捕捉MFC程序按钮事件