×ðÁú¿­Ê±

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

Ò»¡¢tcpdump

1¡¢×÷ÓÃ

tcpdump Ö¸Áî¿ÉÁгö¾­ÓÉÖ¸¶¨ÍøÂç½çÃæµÄÊý¾Ý°üÎļþÍ·£¬¿ÉÒÔ½«ÍøÂçÖд«Ë͵ÄÊý¾Ý°üµÄ ¡°Í·¡± ÍêÈ«½Ø»ñÏÂÀ´ÌṩÆÊÎö ¡£ËüÖ§³ÖÕë¶ÔÍøÂç²ã¡¢Ð­Òé¡¢Ö÷»ú¡¢ÍøÂç»ò¶Ë¿ÚµÄ¹ýÂË£¬²¢Ìṩ and¡¢or¡¢not µÈÂß¼­Óï¾äÀ´×ÊÖúÄãժȡÓÐÓÃÐÅÏ¢ ¡£

ÓÉÓÚËüÐèÒª½«ÍøÂç½Ó¿ÚÉèÖÃΪ»ìÔÓģʽ£¬Í¨Ë×Óû§²»¿ÉÕý³£Ö´ÐУ¬µ«¾ß±¸ root ȨÏÞµÄÓû§¿ÉÒÔÖ±½ÓÖ´ÐÐËüÀ´»ñÈ¡ÍøÂçÉϵÄÐÅÏ¢

ÆäËû×¥°ü¹¤¾ß

wireshark¾ßÓÐͼÐλ¯ºÍÏÂÁîÐÐÁ½ÖÖ°æ±¾£¬¿ÉÒÔ¶Ô tcpdump ×¥µÄ°ü¾ÙÐÐÆÊÎö£¬ÆäÖ÷Òª¹¦Ð§¾ÍÊÇÆÊÎöÊý¾Ý°ü ¡£

ngrepËü½«×¥µ½µÄ°üÊý¾ÝÒÔÎı¾ÐÎʽֱ½ÓÏÔʾ³öÀ´£¬ÊÊÓÃÓÚ°üÊý¾Ý°üÀ¨Îı¾µÄ[×¥°ü]ÆÊÎö (Èç HTTP¡¢MySQL)

2¡¢ÏÂÁîÑ¡Ïî

tcpdump [Ñ¡Ïî] [ЭÒé] [Êý¾ÝÁ÷Æ«Ïò] [¹æÄ£]

-a ½«ÍøÂçµØµãºÍ¹ã²¥µØµãתÄð³ÉÃû×Ö

-A ÒÔ ASCII ÃûÌôòÓ¡³öËùÓзÖ×飬²¢½«Á´Â·²ãµÄÍ·×îС»¯

-b Êý¾ÝÁ´Â·²ãÉÏÑ¡ÔñЭÒ飬°üÀ¨ ip/arp/rarp/ipx ¶¼ÔÚÕâÒ»²ã

-c Ö¸¶¨ÊÕÈ¡Êý¾Ý°üµÄ´ÎÊý£¬¼´ÔÚÊÕµ½Ö¸¶¨ÃüÄ¿µÄÊý¾Ý°üÍËÈ´³ö tcpdump

-d ½«Æ¥ÅäÐÅÏ¢°üµÄ´úÂëÒÔÈËÃÇÄܹ»Ã÷È·µÄ»ã±àÃûÌÃÊä³ö

-dd  ½«Æ¥ÅäÐÅÏ¢°üµÄ´úÂëÒÔ c ÓïÑÔ³ÌÐò¶ÎµÄÃûÌÃÊä³ö

-ddd ½«Æ¥ÅäÐÅÏ¢°üµÄ´úÂëÒÔÊ®½øÖƵÄÐÎʽÊä³ö

-D ´òӡϵͳÖÐËùÓпÉÒÔ¼à¿ØµÄÍøÂç½Ó¿Ú

-e ÔÚÊä³öÐдòÓ¡³öÊý¾ÝÁ´Â·²ãµÄÍ·²¿ÐÅÏ¢

-f ½«ÍⲿµÄ Internet µØµãÒÔÊý×ÖµÄÐÎʽ´òÓ¡³öÀ´£¬¼´²»ÏÔʾÖ÷»úÃû

-F ´ÓÖ¸¶¨µÄÎļþÖжÁÈ¡±í´ïʽ£¬ºöÂÔÆäËûµÄ±í´ïʽ

-i Ö¸¶¨¼àÌýÍøÂç½Ó¿Ú

-l ʹ±ê×¼Êä³ö±äΪ»º³åÐÎʽ£¬¿ÉÒÔÊý¾Ýµ¼³öµ½Îļþ

-L ÁгöÍøÂç½Ó¿ÚÒÑÖªµÄÊý¾ÝÁ´Â·

-n ²»°ÑÍøÂçµØµãת»»ÎªÃû×Ö

-N ²»Êä³öÖ÷»úÃûÖеÄÓòÃû²¿·Ö£¬ÀýÈç www.m.blockadm.com Ö»Êä³ö www

-nn ²»¾ÙÐж˿ÚÃû³ÆµÄת»»

-P ²»½«ÍøÂç½Ó¿ÚÉèÖÃΪ»ìÔÓģʽ

-q ¿ìËÙÊä³ö£¬¼´Ö»Êä³ö½ÏÉÙµÄЭÒéÐÅÏ¢

-r ´ÓÖ¸¶¨µÄÎļþÖжÁÈ¡Êý¾Ý£¬Ò»Ñùƽ³£ÊÇ – w ÉúÑĵÄÎļþ

-w ½«²¶»ñµ½µÄÐÅÏ¢ÉúÑĵ½ÎļþÖУ¬ÇÒ²»ÆÊÎöºÍ´òÓ¡ÔÚÆÁÄ»

-s ´Óÿ¸ö×éÖжÁÈ¡ÔÚ×îÏ鵀 snaplen ¸ö×Ö½Ú£¬¶ø²»ÊÇĬÈ쵀 68 ¸ö×Ö½Ú

-S ½« tcp µÄÐòÁкÅÒÔ¾ø¶ÔÖµÐÎʽÊä³ö£¬¶ø²»ÊÇÏà¶ÔÖµ

-T ½«¼àÌýµ½µÄ°üÖ±½ÓÆÊÎöΪָ¶¨µÄÀàÐ͵ı¨ÎÄ£¬³£¼ûµÄÀàÐÍÓÐ rpc£¨Ô¶³ÌÀú³ÌŲÓã©ºÍ snmp£¨¼òÆÓÍøÂçÖÎÀíЭÒ飩

-t ÔÚÊä³öµÄÿһÐв»´òӡʱ¼ä´Á

-tt ÔÚÿһÐÐÖÐÊä³ö·ÇÃûÌû¯µÄʱ¼ä´Á

-ttt Êä³ö±¾ÐкÍÇ°ÃæÒÔºóÖ®¼äµÄʱ¼ä²î

-tttt ÔÚÿһÐÐÖÐÊä³ö data ´¦Öóͷ£µÄĬÈÏÃûÌõÄʱ¼ä´Á

-u Êä³öδ½âÂëµÄ NFS ¾ä±ú

-v Êä³öÉÔ΢ÏêϸµÄÐÅÏ¢£¬ÀýÈçÔÚ ip °üÖпÉÒÔ°üÀ¨ ttl ºÍЧÀÍÀàÐ͵ÄÐÅÏ¢

-vv  Êä³öÐÅÍеı£±¨ÎÄÐÅÏ¢

3¡¢tcpdump ±í´ïʽ

¹ØÓÚÊý¾ÝÀàÐ͵ÄÒªº¦×Ö

°üÀ¨ host¡¢port¡¢net£º

host 192.168.100.1 ÌåÏÖһ̨Ö÷»ú£¬net 192.168.100.0 ÌåÏÖÒ»¸öÍøÂçÍø¶Î£¬port 80 Ö¸Ã÷¶Ë¿ÚºÅΪ 80£¬ÔÚÕâÀïÈôÊÇûÓÐÖ¸Ã÷Êý¾ÝÀàÐÍ£¬ÄÇôĬÈϾÍÊÇ host

Å£±Æ°¡£¡½Ó˽»î±Ø±¸µÄ N ¸ö¿ªÔ´ÏîÄ¿£¡¸ÏæÕä²Ø

µÇ¼ºó¸´ÖÆ

Êý¾Ý´«ÊäÆ«ÏòµÄÒªº¦×Ö

°üÀ¨ src¡¢dst¡¢dst or src¡¢dst and src£¬ÕâЩҪº¦×ÖÖ¸Ã÷Îú´«ÊäµÄÆ«Ïò£¬ºÃ±È src 192.168.100.1 ˵Ã÷Êý¾Ý°üÔ´µØµãÊÇ 192.168.100.1 ¡£dst net 192.168.100.0 Ö¸Ã÷Ä¿µÄÍøÂçµØµãÊÇ 192.168.100.0£¬Ä¬ÈÏÊǼà¿ØÖ÷»ú¶ÔÖ÷»úµÄ src ºÍ dst£¬¼´Ä¬ÈϼàÌý±¾»úºÍÄ¿µÄÖ÷»úµÄËùÓÐÊý¾Ý

ЭÒéÒªº¦×Ö

°üÀ¨ ip¡¢arp¡¢rarp¡¢udp

ÆäËûÒªº¦×Ö

ÔËËãÀàÐÍ£ºor¡¢and¡¢not¡¢£¡

¸¨Öú¹¦Ð§ÐÍ£ºgateway¡¢less¡¢broadcast¡¢greater

4¡¢tcpdump ²¶»ñ·½·¨

tcpdump [ЭÒéÀàÐÍ] [Ô´»òÄ¿µÄ] [Ö÷»úÃû³Æ»ò IP] [or/and/not/! Ìõ¼þ×éºÏ] [Ô´»òÄ¿µÄ] [Ö÷»úÃû»ò IP] [or/and/not/! Ìõ¼þ×éºÏ] [¶Ë¿Ú] [¶Ë¿ÚºÅ] ¡­¡­ [or/and/not/! Ìõ¼þ×éºÏ] [Ìõ¼þ]

> tcpdump  ip dst 192.168.10.1 and src 192.168.10.10 and port 80 and host  !www.m.blockadm.com

µÇ¼ºó¸´ÖÆ

tcpdump

ĬÈϼàÌýÔÚµÚÒ»¿éÍø¿¨£¬¼àÌýËùÓо­ÓÉ´ËÍø¿¨µÄÊý¾Ý°ü

> tcpdump  -i  ens33

µÇ¼ºó¸´ÖÆ

¼àÌýÖ¸¶¨Íø¿¨ ens33 µÄËùÓд«ÊäÊý¾Ý°ü

> tcpdump -i ens33 host 192.168.100.10

µÇ¼ºó¸´ÖÆ

²¶»ñÖ÷»ú 192.168.100.10 ¾­ÓÉÍø¿¨ ens33 µÄËùÓÐÊý¾Ý°ü£¨Ò²¿ÉÒÔÊÇÖ÷»úÃû£¬µ«ÒªÇó¿ÉÒÔÆÊÎö³ö IP µØµã£©

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

µÚÒ»ÁУº±¨ÎĵÄʱ¼ä

µÚ¶þÁУºÍøÂçЭÒé IP

µÚÈýÁУº·¢ËÍ·½µÄ ip µØµã¡¢¶Ë¿ÚºÅ¡¢ÓòÃû£¬ÉÏͼÏÔʾµÄÊDZ¾»úµÄÓòÃû£¬¿Éͨ¹ý / etc/hosts Éó²é±¾»úÓòÃû

µÚËÄÁУº¼ýÍ· >£¬ ÌåÏÖÊý¾ÝÁ÷Ïò

µÚÎåÁУºÎüÊÕ·½µÄ ip µØµã¡¢¶Ë¿ÚºÅ¡¢ÓòÃû£¬

µÚÁùÁУºÃ°ºÅ

µÚÆßÁУºÊý¾Ý°üÄÚÈÝ£¬±¨ÎÄÍ·µÄÕªÒªÐÅÏ¢£¬ÓÐ ttl¡¢±¨ÎÄÀàÐÍ¡¢±êʶֵ¡¢ÐòÁС¢°üµÄ¾ÞϸµÈÐÅÏ¢

> tcpdump host 192.168.130.151 and  192.168.130.152or192.168.130.153192.168.130.152or192.168.130.153

µÇ¼ºó¸´ÖÆ

²¶»ñÖ÷»ú 192.168.56.209 ºÍÖ÷»ú 192.168.56.210 »ò 192.168.56.211 µÄËùÓÐͨѶÊý¾Ý°ü

> tcpdump ip host node9 and not www.m.blockadm.com

µÇ¼ºó¸´ÖÆ

²¶»ñÖ÷»ú node9 ÓëÆäËûÖ÷»úÖ®¼ä£¨²»°üÀ¨ www.m.blockadm.com£©Í¨Ñ¶µÄ ip Êý¾Ý°ü

> tcpdump ip host node9 and ! www.m.blockadm.com

µÇ¼ºó¸´ÖÆ

²¶»ñ node9 ÓëÆäËûËùÓÐÖ÷»úµÄͨѶÊý¾Ý°ü£¨²»°üÀ¨ www.m.blockadm.com£©

> tcpdump -i ens33 src node10

µÇ¼ºó¸´ÖÆ

²¶»ñÔ´Ö÷»ú node10 ·¢Ë͵ÄËùÓеľ­ÓÉ ens33 Íø¿¨µÄËùÓÐÊý¾Ý°ü

> tcpdump -i ens33 dst host www.m.blockadm.com

µÇ¼ºó¸´ÖÆ

²¶»ñËùÓз¢Ë͵½Ö÷»ú www.m.blockadm.com µÄÊý¾Ý°ü

¼àÌýÖ÷»ú 192.168.56.1 ºÍ 192.168.56.210 Ö®¼ä ip ЭÒéµÄ 80 ¶Ë¿ÚµÄÇÒɨ³ý www.m.blockadm.com ͨѶµÄËùÓÐÊý¾Ý°ü£º

> tcpdump ip dst 192.168.56.1 and src 192.168.56.210 and port 80 and host ! m.blockadm.com

µÇ¼ºó¸´ÖÆ

Ò²¿ÉÒÔд³É tcpdump ip dst 192.168.56.1 and src 192.168.56.210 and port 80 and host not www.m.blockadm.com£¬¼´ not ºÍ£¡¶¼ÊÇÏàͬµÄÈ¡·´µÄÒâ˼

> tcpdump arp

µÇ¼ºó¸´ÖÆ

¼à¿ØÖ¸¶¨Ö÷»úµÄͨѶÊý¾Ý°üÓë 1.9.1 ·½·¨Ïàͬ

> tcpdump tcp port 22 and host 192.168.56.210

µÇ¼ºó¸´ÖÆ

²¶»ñÖ÷»ú 192.168.56.210 ÎüÊպͷ¢³öµÄ tcp ЭÒéµÄ ssh µÄÊý¾Ý°ü

tcpdump udp port 53

¼àÌý±¾»ú udp µÄ 53 ¶Ë¿ÚµÄÊý¾Ý°ü£¬udp ÊÇ dns ЭÒéµÄ¶Ë¿Ú£¬ÕâÒ²ÊÇÒ»¸ö dns ÓòÃûÆÊÎöµÄÍêÕûÀú³Ì

5¡¢³£ÓõĹýÂËÌõ¼þ

tcpdump ¿ÉÒÔÖ§³ÖÂß¼­ÔËËã·û

and: ÓëÔËË㣬ËùÓеÄÌõ¼þ¶¼ÐèÒªÖª×㣬¿ÉÓà ¡°and¡±ºÍ ¡°&&¡± ÌåÏÖ

or£º»òÔËÐУ¬Ö»ÒªÓÐÒ»¸öÌõ¼þÖª×ã¾Í¿ÉÒÔ£¬¿ÉÓà ¡°or¡± ºÍ¡°|¡±ÌåÏÖ

not£ºÈ¡·´£¬¼´È¡·´Ìõ¼þ£¬¿ÉÒÔÓà ¡°not¡± ºÍ¡°£¡¡±ÌåÏÖ

> tcpdump icmp and src 192.168.100.10 -i ens33 -n

µÇ¼ºó¸´ÖÆ

¹ýÂË icmp ±¨ÎIJ¢ÇÒÔ´ IP ÊÇ 192.168.100.10

¶àÌõ¼þÃûÌÃ

ÔÚʹÓöà¸ö¹ýÂËÌõ¼þ¾ÙÐÐ×éÊÊʱ£¬ÓпÉÄÜÐèÒªÓõ½À¨ºÅ£¬¶øÀ¨ºÅÔÚ shell ÖÐÊÇÌØÊâ·ûºÅ£¬ÓÖÐèҪʹÓÃÒýºÅ½«Æä°üÀ¨ ¡£ÓÃÀ¨ºÅµÄÖ÷Òª×÷ÓÃÊÇÂß¼­ÔËËã·ûÖ®¼ä±£´æÓÅÏȼ¶£¬!>and > or, ΪÀýÌõ¼þÄܹ»×¼È·ÒÔÊÇÐèÒª¶ÔһЩÐëÒªµÄ×éºÏÀ¨ºÅÀ¨ÆðÀ´£¬¶øÀ¨ºÅµÄÒâ˼Ï൱ÓÚ¼Ó¼õÔËËãÒ»Ñù£¬À¨ÆðÀ´µÄÄÚÈÝ×÷Ϊһ¸öÕûÌå¾ÙÐÐÂß¼­ÔËËã ¡£

¹ýÂËÔ´µØµãÊÇ 192.168.100.1 ²¢ÇÒÄ¿µÄµØµãÊÇ 192.168.20.20 µÄÊý¾Ý°ü»òÕß ARP ЭÒéµÄ°ü ¡£ÁíÍ⣬ËÑË÷¹«ÖÚºÅLinux¾Í¸ÃÕâÑùѧºǫ́»Ø¸´¡°Linux¡±£¬»ñÈ¡Ò»·Ý¾ªÏ²Àñ°ü ¡£

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

> tcpdump **src** host 192.168.10.10 -i ens33 -n -c 5

µÇ¼ºó¸´ÖÆ

¹ýÂËÔ´ IP µØµãÊÇ 192.168.10.10 µÄ°ü

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

> tcpdump **dst** host 192.168.10.10 -i ens33 -n -c 5

µÇ¼ºó¸´ÖÆ

¹ýÂËÄ¿µÄ IP µØµãÊÇ 192.168.10.10 µÄ°ü

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

»ùÓڶ˿ھÙÐйýÂË

> tcpdump port 22 -i ens33 -n -c 5  
> ¹ýÂ˶˿ںÅΪ 22 ¼´ ssh ЭÒéµÄ

µÇ¼ºó¸´ÖÆ
Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

>  tcpdump portrange 22-433 -i ens33 -n -c 8

µÇ¼ºó¸´ÖÆ

¹ýÂ˶˿ںŠ22-433 ÄÚµÄÊý¾Ý°ü

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

¶þ¡¢wireshark

1¡¢Ê²Ã´ÊÇ wireshark

Wireshark ÊÇÒ»¸öÍøÂç·â°üÆÊÎöÈí¼þ ¡£ÍøÂç·â°üÆÊÎöÈí¼þµÄ¹¦Ð§ÊDz¶»ñÍøÂçÊý¾Ý°ü£¬²¢¾¡¿ÉÄÜÏÔʾ³ö×îΪÏêϸµÄÍøÂç·â°ü×ÊÁÏ ¡£Wireshark ʹÓà WinPCAP ×÷Ϊ½Ó¿Ú£¬Ö±½ÓÓëÍø¿¨¾ÙÐÐÊý¾Ý±¨ÎĽ»Á÷

2¡¢×°ÖÃ wireshark

Linux ÖÐÓÐÁ½¸ö°æ±¾µÄ wireshark£¬Ò»¸öÊÇ wireshark£¬Õâ¸ö°æ±¾ÊÇÎÞͼÐλ¯½çÃ棬»ù±¾ÏÂÁîÊÇ¡±tshark¡° ¡£

Ò»¸öÊÇ wireshark-gnome£¨½çÃæ°æ±¾£©£¬Õâ¸ö°æ±¾Ö»ÄÜ×°ÖÃÔÚÖ§³Ö GUI ¹¦Ð§µÄ Linux µÄ°æ±¾ÖÐ ¡£

> yum -y install wireshark // ×°ÖÃÎÞͼÐλ¯°æ±¾  
> yum -y install wireshark-gnome // ×°ÖÃͼÐλ¯°æ±¾

µÇ¼ºó¸´ÖÆ
Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß
Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß
Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

×¢:ÕâÀïµÄͨ¹ý yum ¾ÙÐÐ×°Öã¬ÐèÒªÌáÇ°×öºÃ epel Ô´£¨¼´ºìñ²Ù×÷ϵͳÌØÊâÍØÕ¹°ü£©£¬×°ÉÏÁË EPEL Ö®ºó£¬¾ÍÏ൱ÓÚÌí¼ÓÁËÒ»¸öµÚÈý·½Ô´ ¡£¹Ù·½µÄ rpm repository ÌṩµÄ rpm °üÒ²²»·ó¸»ºñ£¬Ðí¶àʱ¼äÐèÒª×Ô¼º±àÒëÄÇÌ«ÐÁÇÚÁË£¬¶ø EPEL ¿ÉÒÔ½â¾ö¹Ù·½ yum Ô´Êý¾Ý°ü²»·ó¸»ºñµÄÇéÐÎ ¡£

×°ÖÃepelÔ´

>  yum -y install epel-release

µÇ¼ºó¸´ÖÆ
Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

3¡¢tshark ÏÂÁî

tshark ÊÇ wireshark µÄÏÂÁîÐй¤¾ß  
     tshark Ñ¡Ïî ²ÎÊý  
    -i£ºÖ¸¶¨²¶»ñµÄÍø¿¨½Ó¿Ú£¬²»ÉèÖÃĬÈϵÚÒ»¸ö·Ç»·»Ø¿Ú½Ó¿Ú  
    -D£ºÏÔʾËùÓпÉÓõÄÍøÂç½Ó¿ÚÁÐ±í  
    -f£ºÖ¸¶¨Ìõ¼þ±í´ïʽ£¬Óë tcpdump Ïàͬ  
    -s£ºÉèÖÃÿ¸ö×¥°üµÄ¾Þϸ£¬Ä¬ÈÏ 65535£¬¶àÓÚÕâ¸ö¾ÞϸµÄÊý¾Ý½«²»»á²»»á±»½ØÈ¡¡£  
    -c£º²¶»ñÖ¸¶¨ÃüÄ¿µÄÊý¾Ý°üÍËÈ´³ö  
    -w£ººó½ÓÎļþÃû£¬½«×¥°üµÄЧ¹ûÊä³öµ½. pcap ÎļþÖУ¬¿ÉÒÔ½èÖúÆäËûÍøÂçÆÊÎö¹¤¾ß¾ÙÐÐ·Ö              Îö£¬Ò²¿ÉÒÔʹÓÃÖض¨Ïò > °Ñ½âÂëºóµÄÊä³öЧ¹ûÒÔ txt µÄÃûÌÃÊä³ö¡£  
    -p£ºÉèÖÃÍøÂç½Ó¿ÚÒÔ·Ç»ìÏýģʽÊÂÇ飬¼´Ö»ÌåÌùºÍ±¾»úÓйصÄÁ÷Á¿  
    -r£ººó½ÓÎļþ·¾¶£¬ÓÃÓÚÆÊÎö¼á³ÖºÃµÄÍøÂç°üÎļþ£¬ºÃ±È tcpdump µÄÊä³öÎļþ  
    -n£ºÕ¥È¡ËùÓеصãÃû×ÖÆÊÎö£¬¼´Õ¥È¡ÓòÃûÆÊÎö, ĬÈÏÊÇÔÊÐíËùÓÐ  
   -N£ºÖ¸¶¨¶Ôijһ²ãµÄµØµãÃû×ÖÆÊÎö£¬ÈôÊÇ - n ºÍ - N ͬʱ±£´æ£¬Ôò - n ½«±»ºöÂÔ£¬ÈôÊÇÁ½Õ߶¼²»Ð´£¬Ôò»áĬÈÏ·­¿ªËùÓеصãÃû×ÖÆÊÎö  
         m£º´ú±íÊý¾ÝÁ´Â·²ã  
         n£º´ú±íÍøÂç²ã  
         t£º´ú±í´«Êä²ã  
    -V£ºÉèÖý«½âÂëЧ¹ûµÄϸ½ÚÊä³ö£¬²»È»½âÂëЧ¹û½öÏÔʾһ¸ö packet Ò»ÐÐµÄ summary  
    -t£ºÉèÖÃЧ¹ûµÄʱ¼äÃûÌà  
         ad£ºÌåÏÖ´øÈÕÆڵľø¶Ôʱ¼ä  
         a£ºÌåÏÖ²»´øÈÕÆڵľø¶Ôʱ¼ä  
         r£ºÌåÏÖ´ÓµÚÒ»¸ö°üµ½ÏÖÔÚµÄÏà¶Ôʱ¼ä  
         d£ºÌåÏÖÁ½¸öÏàÁÚ°üÖ®¼äµÄÔöÁ¿Ê±¼ä

µÇ¼ºó¸´ÖÆ

tshark -f "icmp" -i ens33 -V -c 1

µÇ¼ºó¸´ÖÆ

¹ýÂË icmp ±¨ÎÄ£¬²¢Õö¿ªÏêϸÐÅÏ¢ ¡£ÁíÍ⣬ËÑË÷¹«Öںűà³ÌÊÖÒÕȦºǫ́»Ø¸´¡°1024¡±£¬»ñÈ¡Ò»·Ý¾ªÏ²Àñ°ü ¡£

tshark -f "arp" -i ens33

µÇ¼ºó¸´ÖÆ

¹ýÂË arp ±¨ÎÄ

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß
Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

4¡¢Í¼Ðλ¯½çÃæ

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß
Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

 

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

Èý¡¢Tcpdump ºÍ wireshark ÊÊÓÃ

Tcpdump ÆÊÎö±¨ÎÄÐÅϢûÓÐ wireshark Ïêϸ£¬ÒÔÊÇ¿ÉÒÔͨ¹ý Tcpdump ²¶»ñÊý¾Ý²¢Êä³ö£¬ÔÙͨ¹ý wireshark ¾ÙÐÐÆÊÎö£¬Êä³öÎļþÃûÌÃΪ. pcap  »òÕßÆäËû

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

ÔÚÐéÄâ»úÉÏͨ¹ý wireshark ¶ÁÈ¡

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

ʹÓà ip.addr == [ip µØµãºÅ] ¿ÉÒÔ¹ýÂ˵ôÎÞ¹Ø ip

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

  Í¼ÐζÁÈ¡

Linux ÍøÂç×¥°üÆÊÎö¹¤¾ß

Óà wireshark Ö±½Ó·­¿ªÉó²é

×ܽá

tcpdump ºÍ wireshark Á½ÖÖµ¥ÒÔ×¥°üµÄ¹¦Ð§À´¿´£¬ÊÇÏàËƵÄ£¬Á½ÕßµÄÏÂÁîÐеÄÑ¡ÏîÒ²ÊÇÓÐÏàͬ£¬¿ÉÊÇ tcpdump ¶ÔÊý¾Ý°üÆÊÎöµÄÄÜÁ¦²»ÊǺܺã¬Í¬Ê±ÏÖÔÚÐí¶à Linux ÄÚÖÃ×°ÖÃÁË tcpdump Õâ¸ö¹¤¾ß£¬ÒÔÊÇÎÒÃÇ¿ÉÒÔͨ¹ý tcpdump °ÑÊý¾Ý°ü×¥³ö²¢´æ·Åµ½ÎÒÃÇ×Ô½ç˵µÄÎļþ(.pcap)ÖУ¬ÔÙͨ¹ý°ÑÎļþÈ¡³öÓà wireshark ¾ÙÐÐÆÊÎöÅÅÕÏ

ÒÔÉϾÍÊÇLinux ÍøÂç×¥°üÆÊÎö¹¤¾ßµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼ ¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±ÊµÊ±ÐÞÕý»òɾ³ý ¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
¡¾ÍøÕ¾µØͼ¡¿¡¾sitemap¡¿