linux抓包命令详解_linux抓包命令指定ip和端口

linux抓包命令详解_linux抓包命令指定ip和端口linux抓包命令tcpflow-cieth0dstport6060tcpdump-ieth0dstport6060案例:参考文档:https://blog.csdn.net/weixin_34124651/article/details/88267519

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全系列IDE稳定放心使用

一、介绍

linux抓包命令

二、被请求端口监听:dst port

tcpflow -ci eth0 dst port 6060

tcpdump -i eth0 dst port 6060

案例:

hubble-transfer服务端口为9511,所以下面截图的案例其实就是监听服务开启的端口,有哪些请求来源数据。

linux抓包命令详解_linux抓包命令指定ip和端口

三、请求端口监听:src

tcpflow -ci eth0 src port 9092:监听来源端口为9092的网络包数据。说白了,是请求端口为9092的服务的数据。

案例:

以下案例是Kafka消费者,Kafka的端口为9092,hubble-biz-log从9092端口消费数据(其实本质就是请求9092端口服务)

代码:

/**
     * 监听流水日志
     * @param message
     */
    @KafkaListener(topics = "hubble-log-ms")
    public void consumer(String message,Acknowledgment ack){
    	try {
        	Map<String,Object> dataMap = JSON.parseObject(message, new TypeReference<Map<String,Object>>(){}.getType());
        	HubbleSyslogMsVO hubbleSyslogMsVO = handleToVO(dataMap);
        	if(!hubbleSyslogMsVO.getRequesturi().contains("query")){
        		logList.add(hubbleSyslogMsVO);
    			if (logList.size() >= batchSize) {
    				int num = hubbleSyslogMsVOMapper.insertBatch(logList);
    				log.info("log batch num={}",num);
    				logList.clear();
    			}
        	}
		} catch (Exception e) {
			logList.clear();
			log.error("consumer has error,error info is ",e);
		}finally {
			ack.acknowledge();
		}
    }

抓包日志:

[root@hubble-biz-log-pod-64b7b45596-q2dz2 DockerHubblebizhost]# tcpflow -ci eth0 src port 9092
tcpflow: listening on eth0
010.034.004.182.09092-010.068.202.022.58066:  
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: D{eyF.{"requestUri":"/api/host/hostSync","haoshi":0}
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.188.09092-010.068.202.022.56576: 6'
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: JkatyF4{"requestUri":"/api/group/queryGrpInfo","haoshi":59}
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.168.09092-010.068.202.022.50760: +,stat_syslog_access_line
010.034.004.168.09092-010.068.202.022.50760: +.stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: M+
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: QODyF;{"requestUri":"/api/template/findStrategyById","haoshi":18}
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.168.09092-010.068.202.022.50760: +0stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: /
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: x
010.034.004.182.09092-010.068.202.022.58066: J=xyG4{"requestUri":"/api/open/notice/v2/send","haoshi":1}
010.034.004.182.09092-010.068.202.022.58066: =
010.034.004.168.09092-010.068.202.022.50760: +2stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 6-
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: JOyG@4{"requestUri":"/api/group/queryGrpInfo","haoshi":38}
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.168.09092-010.068.202.022.50760: +4stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 3
010.034.004.188.09092-010.068.202.022.56572: 
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56572: 
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
hubble-log-ms88.09092-010.068.202.022.56572: 
010.034.004.188.09092-010.068.202.022.56572: N
010.034.004.188.09092-010.068.202.022.56576: x
010.034.004.188.09092-010.068.202.022.56576: J~PyGZ4{"requestUri":"/api/open/notice/v2/send","haoshi":0}
010.034.004.188.09092-010.068.202.022.56572: NyGZ{"responsecode":200,"enddate":1656556701530,"clientIp":"10.19.0.227","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5728\\u8fc7\\u53bb60\\u5206\\u949f\\u5931\\u8d25\\u4e8634\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701530,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"}
010.034.004.188.09092-010.068.202.022.56576: =
010.034.004.168.09092-010.068.202.022.50836: 4IY
010.034.004.168.09092-010.068.202.022.50836: 
010.034.004.168.09092-010.068.202.022.50836: hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: B7
010.034.004.188.09092-010.068.202.022.56572: =
010.034.004.168.09092-010.068.202.022.50760: +6stat_syslog_access_line
hubble-log-ms68.09092-010.068.202.022.50758: !
010.034.004.168.09092-010.068.202.022.50756: $I\hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: I]
010.034.004.168.09092-010.068.202.022.50836: 
010.034.004.168.09092-010.068.202.022.50836: hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: B8
010.034.004.168.09092-010.068.202.022.50836: B7}&yG]{"responsecode":404,"enddate":1656556701533,"clientIp":"10.128.220.10","paramData":"{}","methodName":"HEAD","startdate":1656556701532,"total_time":1,"uri":"/error"}=
010.034.004.188.09092-010.068.202.022.56576: M5
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: QBoVyGg;{"requestUri":"/api/template/findStrategyById","haoshi":22}
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.182.09092-010.068.202.022.58066: 61
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: JqyGr4{"requestUri":"/api/group/queryGrpInfo","haoshi":37}
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.168.09092-010.068.202.022.50760: +8stat_syslog_access_line
010.034.004.168.09092-010.068.202.022.50760: +:stat_syslog_access_line
010.034.004.198.09092-010.068.202.022.55068: )
010.034.004.198.09092-010.068.202.022.55068: 
010.034.004.198.09092-010.068.202.022.55068: stat_syslog_access_line
010.034.004.198.09092-010.068.202.022.55068: x
010.034.004.198.09092-010.068.202.022.55068: JwVyG4{"requestUri":"/api/open/notice/v2/send","haoshi":0}
010.034.004.198.09092-010.068.202.022.55068: =
010.034.004.168.09092-010.068.202.022.50760: +<stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56572: M
010.034.004.188.09092-010.068.202.022.56572: 
hubble-log-ms88.09092-010.068.202.022.56572: 
010.034.004.188.09092-010.068.202.022.56572: N
010.034.004.188.09092-010.068.202.022.56572: NRyG{"responsecode":200,"enddate":1656556701596,"clientIp":"10.19.0.228","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5bb9\\u5668\\u5b9e\\u4f8b\\u4e0d\\u7a33\\u5b9a\\uff0c\\u5728\\u8fc7\\u53bb6\\u5c0f\\u65f6\\u5185\\u81f3\\u5c11\\u53d8\\u66f4\\u4e8635\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701596,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"}

四、其它使用示例

  • 1. 针对特定网口抓包 ( -i 选项 )
            不加任何选项执行 tcpdump 时,tcpdump 将抓取通过所有网口的包;使用 -i 在指定的网口抓包:
            示例:tcpdump 抓取所有通过 eth0 的包。命令:root@kali:~# tcpdump -i eth0
  • 2. 抓取指定数目的包( -c 选项 )。
            默认情况下 tcpdump 将一直抓包,直到按下 Ctrl + c 中止,使用 -c 选项我们可以指定抓包的数量:
            示例:只针对 eth0 网口抓 10 个包。命令:root@kali:~# tcpdump -i eth0 -c 10
  • 3. 将抓到包写入文件中( -w 选项 )使用 -w 选项,将抓包记录到一个指定文件中,保存为.pcap后缀的文件,可以使用 wireshark 等工具读取分析。
            命令:root@kali:~# tcpdump -i eth0 -c 10 -w 2017.pcap      
  • 4. 读取 tcpdump 保存文件( -r 选项 )。对于保存的抓包文件,我们可以使用 -r 选项进行读取。命令:root@kali:~# tcpdump -r 2017.pcap
  • 5. 抓包时不进行域名解析( -n选项 )。默认情况下,tcpdump 抓包结果中将进行域名解析,显示的是域名地址而非 ip 地址,使用 -n 选项,可指定显示 ip 地址。
  • 6. 增加抓包时间戳(-tttt选项)。使用-tttt选项,抓包结果中将包含抓包日期:
  • 7. 指定抓包的协议类型。我们可以只抓某种协议的包,tcpdump 支持指定以下协议:ip、ip6、arp、tcp、udp、wlan 等。
            示例:只抓取 arp 协议的包:root@kali:~# tcpdump -i eth0 -tttt arp
  • 8. 指定抓包端口。如果想要对某个特定的端口抓包,可以通过以下命令:root@kali:~# tcpdump -i eth0 port 22
  • 9. 抓取特定目标 ip和端口 的包。网络包的内容中,包含了源ip地址、端口和目标ip、端口,我们可以根据目标ip和端口过滤tcpdump抓包结果,以下命令说明了此用法:
            示例:root@kali:~# tcpdump -i eth0 dst 10.70.121.92 and port 22
            示例:root@kali:~# tcpdump -i eth0 -c 10 ip -tttt -X

参考文档:

https://blog.csdn.net/weixin_34124651/article/details/88267519

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/183539.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(2)


相关推荐

  • OpenSSL生成证书及pfx文件「建议收藏」

    OpenSSL生成证书及pfx文件「建议收藏」首选去网关下载openssl下载地址:https://slproweb.com/products/Win32OpenSSL.html安全教程就不讲解直接下一步下一步就行了安装完了找到安装目录如果没有选择安装目录默认安装在C:\ProgramFiles\OpenSSL-Win64找到这个目录并且配置环境变量2.创建一个存放SSL文件夹的路径依次输入如下命令进入ssl创建3.创建私钥和证书文件…

  • python 元类编程_python抽象基类

    python 元类编程_python抽象基类前言通常我们创建类都是使用class类名,但是小伙伴们有没有想过,类是由谁来创建的呢,python中常说的万物皆对象,对象是由类创建的,那类本身也可以看做是对象,类可以由元类type创建type

  • 史上最详细的虚拟机VMware12安装Windows7教程「建议收藏」

    摘要:VMware是一个强大的虚拟机,可以在一台电脑上模拟真实的环境,创建出一个虚拟机系统,并且可以在这个系统进行测试和其他的操作,当然你也可以直接网上下载现成的虚拟机镜像或者,网络上有很多的Ghost等文件,这类系统可能经过别人一些优化,但是优化的过程可能阉割了某些系统的文件,或者被植入一些广告等,文本一步步详细说明如何利用VMware12安装一个Win7系统,虚拟机win7镜像文件iso…

  • Batch Normalization批量归一化[通俗易懂]

    Batch Normalization批量归一化[通俗易懂]深度学习捷报连连、声名鹊起,随机梯度下降成了训练深度网络的主流方法。尽管随机梯度下降法对于训练深度网络简单高效,但是它有个毛病,就是需要我们人为的去选择参数,比如学习率、参数初始化、权重衰减系数、Dropout比例等。这些参数的选择对训练结果至关重要,以至于我们很多时间都浪费在这些的调参上。那么学完这篇文献之后,你可以不需要那么刻意的慢慢调整参数。批量标准化一般用在非线性…

  • linux top 指定进程_linux top 排序

    linux top 指定进程_linux top 排序top命令是Linux下常用的性能分析工具,能够实时显示系统中各个进程的资源占用状况,类似于Windows的任务管理器第一行,任务队列信息,同uptime命令的执行结果第二行,Tasks—任务(进程)第三行,cpu状态信息第四行,内存状态第五行,swap交换分区信息第六行,空行第七行以下:各进程(任务)的状态监控详解top使用方法:使用格式:top[-][d][p][q][c]…

  • sstream相关用法

    sstream相关用法 ①将数字转换为字符串       ②字符串转换为数字输入1234,输出1234输入123456分别输出12,34,56③把一行字符串放入流中,单词以空格隔开。之后把一个个单词从流中依次读取到字符串…

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号