• 要找福利?记不住网址?搜不到?如何与我们保持联系?试试 CTRL+D 把零点博客添加进您的浏览器收藏夹,一键直达永不失联!

网络通讯-Linux tcpdump命令

linux系统 涛涛 176次浏览 0个评论

Linux tcpdump命令用于倾倒网络传输数据。

执行tcpdump指令可列出经过指定网络界面的数据包文件头,在Linux操作系统中,你必须是系统管理员。

语法

<span class="pln">tcpdump </span><span class="pun">[-</span><span class="pln">adeflnNOpqStvx</span><span class="pun">][-</span><span class="pln">c</span><span class="pun"><数据包数目>][-</span><span class="pln">dd</span><span class="pun">][-</span><span class="pln">ddd</span><span class="pun">][-</span><span class="pln">F</span><span class="pun"><表达文件>][-</span><span class="pln">i</span><span class="pun"><网络界面>][-</span><span class="pln">r</span><span class="pun"><数据包文件>][-</span><span class="pln">s</span><span class="pun"><数据包大小>][-</span><span class="pln">tt</span><span class="pun">][-</span><span class="pln">T</span><span class="pun"><数据包类型>][-</span><span class="pln">vv</span><span class="pun">][-</span><span class="pln">w</span><span class="pun"><数据包文件>][输出数据栏位]</span>

参数说明

  • -a 尝试将网络和广播地址转换成名称。
  • -c<数据包数目> 收到指定的数据包数目后,就停止进行倾倒操作。
  • -d 把编译过的数据包编码转换成可阅读的格式,并倾倒到标准输出。
  • -dd 把编译过的数据包编码转换成C语言的格式,并倾倒到标准输出。
  • -ddd 把编译过的数据包编码转换成十进制数字的格式,并倾倒到标准输出。
  • -e 在每列倾倒资料上显示连接层级的文件头。
  • -f 用数字显示网际网络地址。
  • -F<表达文件> 指定内含表达方式的文件。
  • -i<网络界面> 使用指定的网络截面送出数据包。
  • -l 使用标准输出列的缓冲区。
  • -n 不把主机的网络地址转换成名字。
  • -N 不列出域名。
  • -O 不将数据包编码最佳化。
  • -p 不让网络界面进入混杂模式。
  • -q 快速输出,仅列出少数的传输协议信息。
  • -r<数据包文件> 从指定的文件读取数据包数据。
  • -s<数据包大小> 设置每个数据包的大小。
  • -S 用绝对而非相对数值列出TCP关联数。
  • -t 在每列倾倒资料上不显示时间戳记。
  • -tt 在每列倾倒资料上显示未经格式化的时间戳记。
  • -T<数据包类型> 强制将表达方式所指定的数据包转译成设置的数据包类型。
  • -v 详细显示指令执行过程。
  • -vv 更详细显示指令执行过程。
  • -x 用十六进制字码列出数据包资料。
  • -w<数据包文件> 把数据包数据写入指定的文件。

实例

显示TCP包信息

<span class="com"># tcpdump</span><span class="pln">
tcpdump</span><span class="pun">:</span><span class="pln"> verbose output suppressed</span><span class="pun">,</span> <span class="kwd">use</span> <span class="pun">-</span><span class="pln">v </span><span class="kwd">or</span> <span class="pun">-</span><span class="pln">vv </span><span class="kwd">for</span><span class="pln"> full protocol decode
listening on eth0</span><span class="pun">,</span><span class="pln"> link</span><span class="pun">-</span><span class="pln">type EN10MB </span><span class="pun">(</span><span class="typ">Ethernet</span><span class="pun">),</span><span class="pln"> capture size </span><span class="lit">96</span><span class="pln"> bytes
</span><span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.129998</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">148872068</span><span class="pun">:</span><span class="lit">148872168</span><span class="pun">(</span><span class="lit">100</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">4184371747</span><span class="pln"> win </span><span class="lit">2100</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.182357</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">100</span><span class="pln"> win </span><span class="lit">64240</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.182397</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">100</span><span class="pun">:</span><span class="lit">200</span><span class="pun">(</span><span class="lit">100</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">1</span><span class="pln"> win </span><span class="lit">2100</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.131713</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">50226</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">168.192</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.131896</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">50226</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">168.192</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.154238</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span><span class="pun">:</span> <span class="lit">50226</span> <span class="typ">NXDomain</span> <span class="lit">0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.156298</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span><span class="pun">:</span> <span class="lit">50226</span> <span class="typ">NXDomain</span> <span class="lit">0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.159292</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">30304</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">3.0</span><span class="pun">.</span><span class="lit">168.192</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.159449</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">30304</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">3.0</span><span class="pun">.</span><span class="lit">168.192</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.179816</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span><span class="pun">:</span> <span class="lit">30304</span> <span class="typ">NXDomain</span> <span class="lit">0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.181279</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span><span class="pun">:</span> <span class="lit">30304</span> <span class="typ">NXDomain</span> <span class="lit">0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.181806</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">200</span><span class="pun">:</span><span class="lit">268</span><span class="pun">(</span><span class="lit">68</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">1</span><span class="pln"> win </span><span class="lit">2100</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.182177</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">268</span><span class="pln"> win </span><span class="lit">64198</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.182677</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">43983</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">112.96</span><span class="pun">.</span><span class="lit">103.202</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">45</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.182807</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">43983</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">112.96</span><span class="pun">.</span><span class="lit">103.202</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">45</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.183055</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">268</span><span class="pun">:</span><span class="lit">352</span><span class="pun">(</span><span class="lit">84</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">1</span><span class="pln"> win </span><span class="lit">2100</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.201096</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span><span class="pun">:</span> <span class="lit">43983</span> <span class="lit">1</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">72</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.203087</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span><span class="pun">:</span> <span class="lit">43983</span> <span class="lit">1</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">72</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.204666</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">352</span><span class="pun">:</span><span class="lit">452</span><span class="pun">(</span><span class="lit">100</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">1</span><span class="pln"> win </span><span class="lit">2100</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.204852</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">452</span><span class="pln"> win </span><span class="lit">64152</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.205305</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">452</span><span class="pun">:</span><span class="lit">520</span><span class="pun">(</span><span class="lit">68</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">1</span><span class="pln"> win </span><span class="lit">2100</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.205889</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">9318</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">85.6</span><span class="pun">.</span><span class="lit">250.118</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">43</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.206071</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">9318</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">85.6</span><span class="pun">.</span><span class="lit">250.118</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">43</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.215338</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64120</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">2392751922</span><span class="pun">:</span><span class="lit">2392751987</span><span class="pun">(</span><span class="lit">65</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">2849759785</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.216273</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">2392751922</span><span class="pun">:</span><span class="lit">2392751987</span><span class="pun">(</span><span class="lit">65</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">2849759785</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.329204</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">520</span><span class="pln"> win </span><span class="lit">64135</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.458214</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span> <span class="pun">></span> <span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">65</span><span class="pln"> win </span><span class="lit">32590</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.458221</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64120</span> <span class="pun">></span> <span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">65</span><span class="pln"> win </span><span class="lit">32590</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.708228</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64120</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">65</span><span class="pun">:</span><span class="lit">118</span><span class="pun">(</span><span class="lit">53</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">1</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.710213</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">65</span><span class="pun">:</span><span class="lit">118</span><span class="pun">(</span><span class="lit">53</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">1</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.865151</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span> <span class="pun">></span> <span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">118</span><span class="pln"> win </span><span class="lit">32768</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">55.865157</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64120</span> <span class="pun">></span> <span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">118</span><span class="pln"> win </span><span class="lit">32768</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.242805</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span> <span class="pun">></span> <span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">1</span><span class="pun">:</span><span class="lit">25</span><span class="pun">(</span><span class="lit">24</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">118</span><span class="pln"> win </span><span class="lit">32768</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.242812</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64120</span> <span class="pun">></span> <span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">1</span><span class="pun">:</span><span class="lit">25</span><span class="pun">(</span><span class="lit">24</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">118</span><span class="pln"> win </span><span class="lit">32768</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.276816</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64120</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">25</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.278240</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">25</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.349747</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64120</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">118</span><span class="pun">:</span><span class="lit">159</span><span class="pun">(</span><span class="lit">41</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">25</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.351780</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">118</span><span class="pun">:</span><span class="lit">159</span><span class="pun">(</span><span class="lit">41</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">25</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.400051</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">119.147</span><span class="pun">.</span><span class="lit">18.44</span><span class="pun">.</span><span class="lit">8000</span> <span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">4000</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">79</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.475050</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span> <span class="pun">></span> <span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">159</span><span class="pln"> win </span><span class="lit">32762</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.475063</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64120</span> <span class="pun">></span> <span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">159</span><span class="pln"> win </span><span class="lit">32762</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.508968</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64120</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">159</span><span class="pun">:</span><span class="lit">411</span><span class="pun">(</span><span class="lit">252</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">25</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.510182</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">159</span><span class="pun">:</span><span class="lit">411</span><span class="pun">(</span><span class="lit">252</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">25</span><span class="pln"> win </span><span class="lit">54</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">35</span><span class="pun">:</span><span class="lit">56.592028</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">117.136</span><span class="pun">.</span><span class="lit">2.43</span><span class="pun">.</span><span class="lit">38959</span> <span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">63283</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">36</span>

<span class="lit">44</span><span class="pln"> packets captured
</span><span class="lit">76</span><span class="pln"> packets received </span><span class="kwd">by</span><span class="pln"> filter
</span><span class="lit">0</span><span class="pln"> packets dropped </span><span class="kwd">by</span><span class="pln"> kernel</span>

显示指定数量包

<span class="com"># tcpdump -c 20</span><span class="pln">
tcpdump</span><span class="pun">:</span><span class="pln"> verbose output suppressed</span><span class="pun">,</span> <span class="kwd">use</span> <span class="pun">-</span><span class="pln">v </span><span class="kwd">or</span> <span class="pun">-</span><span class="pln">vv </span><span class="kwd">for</span><span class="pln"> full protocol decode
listening on eth0</span><span class="pun">,</span><span class="pln"> link</span><span class="pun">-</span><span class="pln">type EN10MB </span><span class="pun">(</span><span class="typ">Ethernet</span><span class="pun">),</span><span class="pln"> capture size </span><span class="lit">96</span><span class="pln"> bytes
</span><span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.949538</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">148875984</span><span class="pun">:</span><span class="lit">148876020</span><span class="pun">(</span><span class="lit">36</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">4184373187</span><span class="pln"> win </span><span class="lit">2100</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.994325</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh</span><span class="pun">:</span> <span class="pun">.</span><span class="pln"> ack </span><span class="lit">36</span><span class="pln"> win </span><span class="lit">64020</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.994368</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">36</span><span class="pun">:</span><span class="lit">72</span><span class="pun">(</span><span class="lit">36</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">1</span><span class="pln"> win </span><span class="lit">2100</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.950779</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">18242</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">168.192</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.950948</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">18242</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">168.192</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.960105</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">222.82</span><span class="pun">.</span><span class="lit">119.41</span><span class="pun">.</span><span class="lit">13594</span> <span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">63283</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">36</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.962192</span><span class="pln"> IP </span><span class="lit">222.82</span><span class="pun">.</span><span class="lit">119.41</span><span class="pun">.</span><span class="lit">13594</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">13965</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">36</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.963118</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">13965</span> <span class="pun">></span> <span class="lit">222.82</span><span class="pun">.</span><span class="lit">119.41</span><span class="pun">.</span><span class="lit">13594</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">34</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.963123</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">63283</span> <span class="pun">></span> <span class="lit">222.82</span><span class="pun">.</span><span class="lit">119.41</span><span class="pun">.</span><span class="lit">13594</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">34</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.970185</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span><span class="pun">:</span> <span class="lit">18242</span> <span class="typ">NXDomain</span> <span class="lit">0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.970413</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span><span class="pun">:</span> <span class="lit">18242</span> <span class="typ">NXDomain</span> <span class="lit">0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.972352</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">17862</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">3.0</span><span class="pun">.</span><span class="lit">168.192</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.972474</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span> <span class="lit">17862</span><span class="pun">+</span><span class="pln"> PTR</span><span class="pun">?</span> <span class="lit">3.0</span><span class="pun">.</span><span class="lit">168.192</span><span class="pun">.</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">addr</span><span class="pun">.</span><span class="pln">arpa</span><span class="pun">.</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.982287</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">121.12</span><span class="pun">.</span><span class="lit">131.163</span><span class="pun">.</span><span class="lit">13109</span> <span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">63283</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">27</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.984162</span><span class="pln"> IP </span><span class="lit">121.12</span><span class="pun">.</span><span class="lit">131.163</span><span class="pun">.</span><span class="lit">13109</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">13965</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">27</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.985021</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">13965</span> <span class="pun">></span> <span class="lit">121.12</span><span class="pun">.</span><span class="lit">131.163</span><span class="pun">.</span><span class="lit">13109</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">103</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.985027</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">63283</span> <span class="pun">></span> <span class="lit">121.12</span><span class="pun">.</span><span class="lit">131.163</span><span class="pun">.</span><span class="lit">13109</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">103</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.991919</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64215</span><span class="pun">:</span> <span class="lit">17862</span> <span class="typ">NXDomain</span> <span class="lit">0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.993142</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span><span class="pun">:</span> <span class="lit">17862</span> <span class="typ">NXDomain</span> <span class="lit">0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span> <span class="pun">(</span><span class="lit">42</span><span class="pun">)</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">36</span><span class="pun">:</span><span class="lit">28.993574</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> P </span><span class="lit">72</span><span class="pun">:</span><span class="lit">140</span><span class="pun">(</span><span class="lit">68</span><span class="pun">)</span><span class="pln"> ack </span><span class="lit">1</span><span class="pln"> win </span><span class="lit">2100</span>
<span class="lit">20</span><span class="pln"> packets captured
</span><span class="lit">206</span><span class="pln"> packets received </span><span class="kwd">by</span><span class="pln"> filter
</span><span class="lit">129</span><span class="pln"> packets dropped </span><span class="kwd">by</span><span class="pln"> kernel</span>

精简显示

<span class="com"># tcpdump -c 10 -q //精简模式显示 10个包</span><span class="pln">
tcpdump</span><span class="pun">:</span><span class="pln"> verbose output suppressed</span><span class="pun">,</span> <span class="kwd">use</span> <span class="pun">-</span><span class="pln">v </span><span class="kwd">or</span> <span class="pun">-</span><span class="pln">vv </span><span class="kwd">for</span><span class="pln"> full protocol decode
listening on eth0</span><span class="pun">,</span><span class="pln"> link</span><span class="pun">-</span><span class="pln">type EN10MB </span><span class="pun">(</span><span class="typ">Ethernet</span><span class="pun">),</span><span class="pln"> capture size </span><span class="lit">96</span><span class="pln"> bytes
</span><span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.792280</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> tcp </span><span class="lit">36</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.842115</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh</span><span class="pun">:</span><span class="pln"> tcp </span><span class="lit">0</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.845074</span><span class="pln"> IP </span><span class="lit">115.238</span><span class="pun">.</span><span class="lit">1.45</span><span class="pun">.</span><span class="lit">3724</span> <span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.65</span><span class="pun">.</span><span class="lit">2057</span><span class="pun">:</span><span class="pln"> tcp </span><span class="lit">0</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.907155</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="pln">ssh </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">.</span><span class="lit">2101</span><span class="pun">:</span><span class="pln"> tcp </span><span class="lit">36</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.793880</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">42</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.794076</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64219</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">42</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.811127</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64219</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">42</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.814764</span><span class="pln"> IP dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain </span><span class="pun">></span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">42</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.816404</span><span class="pln"> IP </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.3</span><span class="pun">.</span><span class="lit">32804</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">42</span>
<span class="lit">23</span><span class="pun">:</span><span class="lit">43</span><span class="pun">:</span><span class="lit">05.816545</span> <span class="typ">PPPoE</span> <span class="pun">[</span><span class="pln">ses </span><span class="lit">0x1cb0</span><span class="pun">]</span><span class="pln"> IP </span><span class="lit">118.250</span><span class="pun">.</span><span class="lit">6.85</span><span class="pun">.</span><span class="lit">64219</span> <span class="pun">></span><span class="pln"> dns2</span><span class="pun">.</span><span class="pln">cs</span><span class="pun">.</span><span class="pln">hn</span><span class="pun">.</span><span class="pln">cn</span><span class="pun">.</span><span class="pln">domain</span><span class="pun">:</span><span class="pln"> UDP</span><span class="pun">,</span><span class="pln"> length </span><span class="lit">42</span>
<span class="lit">10</span><span class="pln"> packets captured
</span><span class="lit">39</span><span class="pln"> packets received </span><span class="kwd">by</span><span class="pln"> filter
</span><span class="lit">0</span><span class="pln"> packets dropped </span><span class="kwd">by</span><span class="pln"> kernel</span>

转换克阅读格式

<span class="com"># tcpdump -d    </span>
<span class="pun">(</span><span class="lit">000</span><span class="pun">)</span><span class="pln"> ret   </span><span class="com">#96</span>

转换成十进制格式

<span class="com"># tcpdump -ddd</span>
<span class="lit">1</span>
<span class="lit">6</span> <span class="lit">0</span> <span class="lit">0</span> <span class="lit">96</span>

欢迎转载本文:网络通讯-Linux tcpdump命令
喜欢 (0)
[ld]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址