1. 全栈程序员必看首页

linux抓包命令详解_linux抓包命令指定ip和端口

全栈程序员-用户IM 未分类

linux抓包命令详解_linux抓包命令指定ip和端口linux抓包命令tcpflow-cieth0dstport6060tcpdump-ieth0dstport6060案例:参考文档:https://blog.csdn.net/weixin_34124651/article/details/88267519

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全系列IDE稳定放心使用

一、介绍

linux抓包命令

二、被请求端口监听:dst port

tcpflow -ci eth0 dst port 6060

tcpdump -i eth0 dst port 6060

案例:

hubble-transfer服务端口为9511,所以下面截图的案例其实就是监听服务开启的端口,有哪些请求来源数据。

linux抓包命令详解_linux抓包命令指定ip和端口

三、请求端口监听:src

tcpflow -ci eth0 src port 9092:监听来源端口为9092的网络包数据。说白了,是请求端口为9092的服务的数据。

案例:

以下案例是Kafka消费者,Kafka的端口为9092,hubble-biz-log从9092端口消费数据(其实本质就是请求9092端口服务)

代码:

/**
     * 监听流水日志
     * @param message
     */
    @KafkaListener(topics = "hubble-log-ms")
    public void consumer(String message,Acknowledgment ack){
    	try {
        	Map<String,Object> dataMap = JSON.parseObject(message, new TypeReference<Map<String,Object>>(){}.getType());
        	HubbleSyslogMsVO hubbleSyslogMsVO = handleToVO(dataMap);
        	if(!hubbleSyslogMsVO.getRequesturi().contains("query")){
        		logList.add(hubbleSyslogMsVO);
    			if (logList.size() >= batchSize) {
    				int num = hubbleSyslogMsVOMapper.insertBatch(logList);
    				log.info("log batch num={}",num);
    				logList.clear();
    			}
        	}
		} catch (Exception e) {
			logList.clear();
			log.error("consumer has error,error info is ",e);
		}finally {
			ack.acknowledge();
		}
    }

抓包日志:

[root@hubble-biz-log-pod-64b7b45596-q2dz2 DockerHubblebizhost]# tcpflow -ci eth0 src port 9092
tcpflow: listening on eth0
010.034.004.182.09092-010.068.202.022.58066:  
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: D{eyF.{"requestUri":"/api/host/hostSync","haoshi":0}
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.188.09092-010.068.202.022.56576: 6'
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: JkatyF4{"requestUri":"/api/group/queryGrpInfo","haoshi":59}
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.168.09092-010.068.202.022.50760: +,stat_syslog_access_line
010.034.004.168.09092-010.068.202.022.50760: +.stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: M+
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: QODyF;{"requestUri":"/api/template/findStrategyById","haoshi":18}
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.168.09092-010.068.202.022.50760: +0stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: /
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: x
010.034.004.182.09092-010.068.202.022.58066: J=xyG4{"requestUri":"/api/open/notice/v2/send","haoshi":1}
010.034.004.182.09092-010.068.202.022.58066: =
010.034.004.168.09092-010.068.202.022.50760: +2stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 6-
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: JOyG@4{"requestUri":"/api/group/queryGrpInfo","haoshi":38}
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.168.09092-010.068.202.022.50760: +4stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 3
010.034.004.188.09092-010.068.202.022.56572: 
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56572: 
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
hubble-log-ms88.09092-010.068.202.022.56572: 
010.034.004.188.09092-010.068.202.022.56572: N
010.034.004.188.09092-010.068.202.022.56576: x
010.034.004.188.09092-010.068.202.022.56576: J~PyGZ4{"requestUri":"/api/open/notice/v2/send","haoshi":0}
010.034.004.188.09092-010.068.202.022.56572: NyGZ{"responsecode":200,"enddate":1656556701530,"clientIp":"10.19.0.227","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5728\\u8fc7\\u53bb60\\u5206\\u949f\\u5931\\u8d25\\u4e8634\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701530,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"}
010.034.004.188.09092-010.068.202.022.56576: =
010.034.004.168.09092-010.068.202.022.50836: 4IY
010.034.004.168.09092-010.068.202.022.50836: 
010.034.004.168.09092-010.068.202.022.50836: hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: B7
010.034.004.188.09092-010.068.202.022.56572: =
010.034.004.168.09092-010.068.202.022.50760: +6stat_syslog_access_line
hubble-log-ms68.09092-010.068.202.022.50758: !
010.034.004.168.09092-010.068.202.022.50756: $I\hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: I]
010.034.004.168.09092-010.068.202.022.50836: 
010.034.004.168.09092-010.068.202.022.50836: hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: B8
010.034.004.168.09092-010.068.202.022.50836: B7}&yG]{"responsecode":404,"enddate":1656556701533,"clientIp":"10.128.220.10","paramData":"{}","methodName":"HEAD","startdate":1656556701532,"total_time":1,"uri":"/error"}=
010.034.004.188.09092-010.068.202.022.56576: M5
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.188.09092-010.068.202.022.56576: QBoVyGg;{"requestUri":"/api/template/findStrategyById","haoshi":22}
010.034.004.188.09092-010.068.202.022.56576: 
010.034.004.182.09092-010.068.202.022.58066: 61
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.182.09092-010.068.202.022.58066: JqyGr4{"requestUri":"/api/group/queryGrpInfo","haoshi":37}
010.034.004.182.09092-010.068.202.022.58066: 
010.034.004.168.09092-010.068.202.022.50760: +8stat_syslog_access_line
010.034.004.168.09092-010.068.202.022.50760: +:stat_syslog_access_line
010.034.004.198.09092-010.068.202.022.55068: )
010.034.004.198.09092-010.068.202.022.55068: 
010.034.004.198.09092-010.068.202.022.55068: stat_syslog_access_line
010.034.004.198.09092-010.068.202.022.55068: x
010.034.004.198.09092-010.068.202.022.55068: JwVyG4{"requestUri":"/api/open/notice/v2/send","haoshi":0}
010.034.004.198.09092-010.068.202.022.55068: =
010.034.004.168.09092-010.068.202.022.50760: +<stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56572: M
010.034.004.188.09092-010.068.202.022.56572: 
hubble-log-ms88.09092-010.068.202.022.56572: 
010.034.004.188.09092-010.068.202.022.56572: N
010.034.004.188.09092-010.068.202.022.56572: NRyG{"responsecode":200,"enddate":1656556701596,"clientIp":"10.19.0.228","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5bb9\\u5668\\u5b9e\\u4f8b\\u4e0d\\u7a33\\u5b9a\\uff0c\\u5728\\u8fc7\\u53bb6\\u5c0f\\u65f6\\u5185\\u81f3\\u5c11\\u53d8\\u66f4\\u4e8635\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701596,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"}

四、其它使用示例

  • 1. 针对特定网口抓包 ( -i 选项 )
            不加任何选项执行 tcpdump 时,tcpdump 将抓取通过所有网口的包;使用 -i 在指定的网口抓包:
            示例:tcpdump 抓取所有通过 eth0 的包。命令:root@kali:~# tcpdump -i eth0
  • 2. 抓取指定数目的包( -c 选项 )。
            默认情况下 tcpdump 将一直抓包,直到按下 Ctrl + c 中止,使用 -c 选项我们可以指定抓包的数量:
            示例:只针对 eth0 网口抓 10 个包。命令:root@kali:~# tcpdump -i eth0 -c 10
  • 3. 将抓到包写入文件中( -w 选项 )使用 -w 选项,将抓包记录到一个指定文件中,保存为.pcap后缀的文件,可以使用 wireshark 等工具读取分析。
            命令:root@kali:~# tcpdump -i eth0 -c 10 -w 2017.pcap      
  • 4. 读取 tcpdump 保存文件( -r 选项 )。对于保存的抓包文件,我们可以使用 -r 选项进行读取。命令:root@kali:~# tcpdump -r 2017.pcap
  • 5. 抓包时不进行域名解析( -n选项 )。默认情况下,tcpdump 抓包结果中将进行域名解析,显示的是域名地址而非 ip 地址,使用 -n 选项,可指定显示 ip 地址。
  • 6. 增加抓包时间戳(-tttt选项)。使用-tttt选项,抓包结果中将包含抓包日期:
  • 7. 指定抓包的协议类型。我们可以只抓某种协议的包,tcpdump 支持指定以下协议:ip、ip6、arp、tcp、udp、wlan 等。
            示例:只抓取 arp 协议的包:root@kali:~# tcpdump -i eth0 -tttt arp
  • 8. 指定抓包端口。如果想要对某个特定的端口抓包,可以通过以下命令:root@kali:~# tcpdump -i eth0 port 22
  • 9. 抓取特定目标 ip和端口 的包。网络包的内容中,包含了源ip地址、端口和目标ip、端口,我们可以根据目标ip和端口过滤tcpdump抓包结果,以下命令说明了此用法:
            示例:root@kali:~# tcpdump -i eth0 dst 10.70.121.92 and port 22
            示例:root@kali:~# tcpdump -i eth0 -c 10 ip -tttt -X

参考文档:

https://blog.csdn.net/weixin_34124651/article/details/88267519

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/183539.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(2)
全栈程序员-用户IM全栈程序员-用户IM
0 0
blank

相关推荐

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号