安装tcpdump组件
[root@localhost ~]# yum install -y tcpdump
抓包
抓10个包,网卡为eth0,协议是tcp,端口是22,源IP是192.168.10.18,结果写入1.txt
[root@localhost ~]# tcpdump -nn -c10 -i eth0 tcp and port 22 and host 192.168.10.18 -w 1.txt
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10 packets captured
29 packets received by filter
0 packets dropped by kernel
读取1.txt的内容,只能查看到数据流
抓10个包,网卡为eth0,协议是tcp,端口是22,源IP是192.168.10.18
> 重定向数据包
[root@localhost ~]# tcpdump -nn -c10 -i eth0 tcp and port 22 and host 192.168.10.18 > 2.txt
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10 packets captured
10 packets received by filter
0 packets dropped by kernel
cat 查看结果,只可以查看到数据流,-w参数可以保存完整数据包
抓包工具tshark常用命令
[root@localhost ~]# tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"
