Tom*_*chi 1 grep packet-sniffer tcpdump
一旦我知道了 IP 地址和端口号组合,我就可以运行它来查看一些数据包:
tcpdump | grep [IPADDRESS]
有人知道我现在如何也能看到原始数据包吗?
谢谢!
从tcpdump(1)手册页:
-x When parsing and printing, in addition to printing
the headers of each packet, print the data of each
packet (minus its link level header) in hex. The
smaller of the entire packet or snaplen bytes will
be printed. Note that this is the entire link-layer
packet, so for link layers that pad (e.g. Ethernet),
the padding bytes will also be printed when the
higher layer packet is shorter than the required
padding.
-xx When parsing and printing, in addition to printing
the headers of each packet, print the data of each
packet, including its link level header, in hex.
-X When parsing and printing, in addition to printing
the headers of each packet, print the data of each
packet (minus its link level header) in hex and
ASCII. This is very handy for analysing new proto?
cols.
-XX When parsing and printing, in addition to printing
the headers of each packet, print the data of each
packet, including its link level header, in hex and
ASCII.
这些选项可能因 tcpdump 的不同版本而异。请参阅系统上的手册页。
也许更容易使用的是由创建的 pcap 转储文件
-w Write the raw packets to file rather than parsing
and printing them out. They can later be printed
with the -r option. Standard output is used if file
is ``-''.
This output will be buffered if written to a file or
pipe, so a program reading from the file or pipe may
not see packets for an arbitrary amount of time
after they are received. Use the -U flag to cause
packets to be written as soon as they are received.
然后由WireShark打开。
顺便说一句,grep tcpdump 的输出不是一个好习惯(在详细模式下,每个数据包的转储是多行的)。请考虑使用类似tcpdump host 10.0.0.1或tcpdump net 10.0.0.0/24或tcpdump port 80。完整的过滤语法在pcap-filter(7) 中。
| 归档时间: |
|
| 查看次数: |
15608 次 |
| 最近记录: |