Linux网络封包分析软件-Tcpdump
2013-01-24 16:03:50 
Tcpdump,简言之:dump the traffic on a network,根据使用者的定义对网络上的数据包进行截获的包分析工具。 tcpdump可以将网络中传送的数据包的“头”完全截获下来提供分析。它支持针对网络层、协议、主机、网络或端口的过滤,并提供and、or、not等逻辑语句来帮助你去掉无用的信息。和 wireshark 类似,都是抓包工具,windows 用户多用 wireshark,linux 用户多用 tcpdump。tcpdump 允许用户拦截和显示发送或收到过网络连接到该计算机的TCP/IP和其他数据包,从数据链路层、网络层、传输层乃至应用层,覆盖了多种常用协议,并提供了丰富的过滤功能。
Tcpdump is a network utility that listens to and records traffic on a network segment. This can be highly useful in troubleshooting and monitoring network activity. When preliminary troubleshooting does not solve a network problem, sometimes it is only at the packet or frame level that you will find your answer. That's where tcpdump comes into play.
When working with tcpdump, you can specify a large number of variables to help pinpoint the problem you're trying to diagnose. This article will show you how to best use tcpdump on Linux for network troubleshooting.
Using tcpdump to inspect packets can be a powerful technique for any network administrator. This program allows you to get detailed information on exactly what is happening at the packet level of your network. Tcpdump can also aid in monitoring and troubleshooting network services on Linux servers. This is important not only for everyday issues but also for serious ones like DoS and DDoS attacks.
过滤网卡:
tcpdump -i ethN
过滤 IP:
tcpdump net 10.10.10.1
tcpdump src net 10.10.10.1
tcpdump dst net 10.10.10.2
过滤 port:
tcpdump port 80
tcpdump src port 80
tcpdump dst port 80
过滤 protocol:
tcpdump arp
tcpdump icmp
tcpdump ip
tcpdump udp
tcpdump tcp
常用表达试:
& or 'and'
|| or 'or'
! or 'not'
最新版本:4.6
修复了 libsmi,libcap 和构建过程中发现的 bug。
官方主页:http://www.tcpdump.org/
详细使用方法请参考:tcpdump详细使用手册
Tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.
Tcpdump is a network utility that listens to and records traffic on a network segment. This can be highly useful in troubleshooting and monitoring network activity. When preliminary troubleshooting does not solve a network problem, sometimes it is only at the packet or frame level that you will find your answer. That's where tcpdump comes into play.
When working with tcpdump, you can specify a large number of variables to help pinpoint the problem you're trying to diagnose. This article will show you how to best use tcpdump on Linux for network troubleshooting.
Using tcpdump to inspect packets can be a powerful technique for any network administrator. This program allows you to get detailed information on exactly what is happening at the packet level of your network. Tcpdump can also aid in monitoring and troubleshooting network services on Linux servers. This is important not only for everyday issues but also for serious ones like DoS and DDoS attacks.
过滤网卡:
tcpdump -i ethN
过滤 IP:
tcpdump net 10.10.10.1
tcpdump src net 10.10.10.1
tcpdump dst net 10.10.10.2
过滤 port:
tcpdump port 80
tcpdump src port 80
tcpdump dst port 80
过滤 protocol:
tcpdump arp
tcpdump icmp
tcpdump ip
tcpdump udp
tcpdump tcp
常用表达试:
& or 'and'
|| or 'or'
! or 'not'
最新版本:4.6
修复了 libsmi,libcap 和构建过程中发现的 bug。
官方主页:http://www.tcpdump.org/
该文章最后由 阿炯 于 2019-08-11 11:30:07 更新,目前是第 2 版。