简单分析

流量监控, 例如过滤出“8.8.8.8”的IP流量

yum install epel-release iftop
iftop -i enp2s0f0 -N -P -F 8.8.8.8/32
n

tcpdump, 例如过滤出"8.8.8.8:3636"的数据包

tcpdump -i enp2s0f0 host 8.8.8.8 and dst port 3636 -nn

tcpdump -i enp2s0f0 host 8.8.8.8 and dst port 3636 -nn -w tcpdump.pag

tcpdump多个IP进行抓包

tcpdump -i enp2s0f0 host 1.1.1.1 or host 2.2.2.2 or host 3.3.3.3 and dst port 80 -nn

ngrep抓包工具

# cat /etc/yum.repos.d/irontec.repo
[irontec]

name=Irontec RPMs repository
baseurl=http://packages.irontec.com/centos/$releasever/$basearch/

# rpm --import http://packages.irontec.com/public.key

# yum install sngrep