大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。
Jetbrains全系列IDE稳定放心使用
一、介绍
linux抓包命令
二、被请求端口监听:dst port
tcpflow -ci eth0 dst port 6060
tcpdump -i eth0 dst port 6060
案例:
hubble-transfer服务端口为9511,所以下面截图的案例其实就是监听服务开启的端口,有哪些请求来源数据。
三、请求端口监听:src
tcpflow -ci eth0 src port 9092:监听来源端口为9092的网络包数据。说白了,是请求端口为9092的服务的数据。
案例:
以下案例是Kafka消费者,Kafka的端口为9092,hubble-biz-log从9092端口消费数据(其实本质就是请求9092端口服务)
代码:
/**
* 监听流水日志
* @param message
*/
@KafkaListener(topics = "hubble-log-ms")
public void consumer(String message,Acknowledgment ack){
try {
Map<String,Object> dataMap = JSON.parseObject(message, new TypeReference<Map<String,Object>>(){}.getType());
HubbleSyslogMsVO hubbleSyslogMsVO = handleToVO(dataMap);
if(!hubbleSyslogMsVO.getRequesturi().contains("query")){
logList.add(hubbleSyslogMsVO);
if (logList.size() >= batchSize) {
int num = hubbleSyslogMsVOMapper.insertBatch(logList);
log.info("log batch num={}",num);
logList.clear();
}
}
} catch (Exception e) {
logList.clear();
log.error("consumer has error,error info is ",e);
}finally {
ack.acknowledge();
}
}
抓包日志:
[root@hubble-biz-log-pod-64b7b45596-q2dz2 DockerHubblebizhost]# tcpflow -ci eth0 src port 9092
tcpflow: listening on eth0
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: D{eyF.{"requestUri":"/api/host/hostSync","haoshi":0}
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.188.09092-010.068.202.022.56576: 6'
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: JkatyF4{"requestUri":"/api/group/queryGrpInfo","haoshi":59}
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.168.09092-010.068.202.022.50760: +,stat_syslog_access_line
010.034.004.168.09092-010.068.202.022.50760: +.stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: M+
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: QODyF;{"requestUri":"/api/template/findStrategyById","haoshi":18}
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.168.09092-010.068.202.022.50760: +0stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: /
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: x
010.034.004.182.09092-010.068.202.022.58066: J=xyG4{"requestUri":"/api/open/notice/v2/send","haoshi":1}
010.034.004.182.09092-010.068.202.022.58066: =
010.034.004.168.09092-010.068.202.022.50760: +2stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 6-
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: JOyG@4{"requestUri":"/api/group/queryGrpInfo","haoshi":38}
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.168.09092-010.068.202.022.50760: +4stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 3
010.034.004.188.09092-010.068.202.022.56572:
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56572:
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
hubble-log-ms88.09092-010.068.202.022.56572:
010.034.004.188.09092-010.068.202.022.56572: N
010.034.004.188.09092-010.068.202.022.56576: x
010.034.004.188.09092-010.068.202.022.56576: J~PyGZ4{"requestUri":"/api/open/notice/v2/send","haoshi":0}
010.034.004.188.09092-010.068.202.022.56572: NyGZ{"responsecode":200,"enddate":1656556701530,"clientIp":"10.19.0.227","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5728\\u8fc7\\u53bb60\\u5206\\u949f\\u5931\\u8d25\\u4e8634\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701530,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"}
010.034.004.188.09092-010.068.202.022.56576: =
010.034.004.168.09092-010.068.202.022.50836: 4IY
010.034.004.168.09092-010.068.202.022.50836:
010.034.004.168.09092-010.068.202.022.50836: hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: B7
010.034.004.188.09092-010.068.202.022.56572: =
010.034.004.168.09092-010.068.202.022.50760: +6stat_syslog_access_line
hubble-log-ms68.09092-010.068.202.022.50758: !
010.034.004.168.09092-010.068.202.022.50756: $I\hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: I]
010.034.004.168.09092-010.068.202.022.50836:
010.034.004.168.09092-010.068.202.022.50836: hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: B8
010.034.004.168.09092-010.068.202.022.50836: B7}&yG]{"responsecode":404,"enddate":1656556701533,"clientIp":"10.128.220.10","paramData":"{}","methodName":"HEAD","startdate":1656556701532,"total_time":1,"uri":"/error"}=
010.034.004.188.09092-010.068.202.022.56576: M5
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: QBoVyGg;{"requestUri":"/api/template/findStrategyById","haoshi":22}
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.182.09092-010.068.202.022.58066: 61
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: JqyGr4{"requestUri":"/api/group/queryGrpInfo","haoshi":37}
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.168.09092-010.068.202.022.50760: +8stat_syslog_access_line
010.034.004.168.09092-010.068.202.022.50760: +:stat_syslog_access_line
010.034.004.198.09092-010.068.202.022.55068: )
010.034.004.198.09092-010.068.202.022.55068:
010.034.004.198.09092-010.068.202.022.55068: stat_syslog_access_line
010.034.004.198.09092-010.068.202.022.55068: x
010.034.004.198.09092-010.068.202.022.55068: JwVyG4{"requestUri":"/api/open/notice/v2/send","haoshi":0}
010.034.004.198.09092-010.068.202.022.55068: =
010.034.004.168.09092-010.068.202.022.50760: +<stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56572: M
010.034.004.188.09092-010.068.202.022.56572:
hubble-log-ms88.09092-010.068.202.022.56572:
010.034.004.188.09092-010.068.202.022.56572: N
010.034.004.188.09092-010.068.202.022.56572: NRyG{"responsecode":200,"enddate":1656556701596,"clientIp":"10.19.0.228","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5bb9\\u5668\\u5b9e\\u4f8b\\u4e0d\\u7a33\\u5b9a\\uff0c\\u5728\\u8fc7\\u53bb6\\u5c0f\\u65f6\\u5185\\u81f3\\u5c11\\u53d8\\u66f4\\u4e8635\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701596,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"}
四、其它使用示例
- 1. 针对特定网口抓包 ( -i 选项 )。
不加任何选项执行 tcpdump 时,tcpdump 将抓取通过所有网口的包;使用 -i 在指定的网口抓包:
示例:tcpdump 抓取所有通过 eth0 的包。命令:root@kali:~# tcpdump -i eth0 - 2. 抓取指定数目的包( -c 选项 )。
默认情况下 tcpdump 将一直抓包,直到按下 Ctrl + c 中止,使用 -c 选项我们可以指定抓包的数量:
示例:只针对 eth0 网口抓 10 个包。命令:root@kali:~# tcpdump -i eth0 -c 10 - 3. 将抓到包写入文件中( -w 选项 )。使用 -w 选项,将抓包记录到一个指定文件中,保存为.pcap后缀的文件,可以使用 wireshark 等工具读取分析。
命令:root@kali:~# tcpdump -i eth0 -c 10 -w 2017.pcap - 4. 读取 tcpdump 保存文件( -r 选项 )。对于保存的抓包文件,我们可以使用 -r 选项进行读取。命令:root@kali:~# tcpdump -r 2017.pcap
- 5. 抓包时不进行域名解析( -n选项 )。默认情况下,tcpdump 抓包结果中将进行域名解析,显示的是域名地址而非 ip 地址,使用 -n 选项,可指定显示 ip 地址。
- 6. 增加抓包时间戳(-tttt选项)。使用-tttt选项,抓包结果中将包含抓包日期:
- 7. 指定抓包的协议类型。我们可以只抓某种协议的包,tcpdump 支持指定以下协议:ip、ip6、arp、tcp、udp、wlan 等。
示例:只抓取 arp 协议的包:root@kali:~# tcpdump -i eth0 -tttt arp - 8. 指定抓包端口。如果想要对某个特定的端口抓包,可以通过以下命令:root@kali:~# tcpdump -i eth0 port 22
- 9. 抓取特定目标 ip和端口 的包。网络包的内容中,包含了源ip地址、端口和目标ip、端口,我们可以根据目标ip和端口过滤tcpdump抓包结果,以下命令说明了此用法:
示例:root@kali:~# tcpdump -i eth0 dst 10.70.121.92 and port 22
示例:root@kali:~# tcpdump -i eth0 -c 10 ip -tttt -X
参考文档:
https://blog.csdn.net/weixin_34124651/article/details/88267519
发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/183539.html原文链接:https://javaforall.cn
【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛
【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...