1.netstat命令
查看监听的端口
[root@test_01 ~]# netstat -lnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1406/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2050/master tcp6 0 0 :::22 :::* LISTEN 1406/sshd tcp6 0 0 ::1:25 :::* LISTEN 2050/master udp 0 0 127.0.0.1:323 0.0.0.0:* 536/chronyd udp6 0 0 ::1:323 :::* 536/chronyd raw6 0 0 :::58 :::* 7 599/NetworkManager Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] SEQPACKET LISTENING 9985 1/systemd /run/udev/control
查看tcp/udp状态
[root@test_01 ~]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 64 192.168.231.128:22 192.168.231.1:59742 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN udp 0 0 127.0.0.1:323 0.0.0.0:* udp6 0 0 ::1:323 :::* raw6 0 0 :::58 :::* 7
2.tcpdump抓包
-i制定转包网卡
[root@test_01 ~]# tcpdump -nn -i ens33 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 23:26:30.216160 IP 192.168.231.128.22 > 192.168.231.1.59742: Flags [P.], seq 2804416979:2804417187, ack 3958897426, win 823, length 208 23:26:30.216405 IP 192.168.231.128.22 > 192.168.231.1.59742: Flags [P.], seq 208:400, ack 1, win 823, length 192
收集100条数据包,并写入一个文件。抓到的包使用tcpdump -r可以查看
[root@test_01 ~]# tcpdump -nn -i ens33 -c 100 -w /tmp/tcpdump.txt tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
