linux抓包命令详解_linux抓包命令指定ip和端口
2023-06-13 09:14:44 时间
一、介绍
linux抓包命令
二、被请求端口监听:dst port
tcpflow -ci eth0 dst port 6060
tcpdump -i eth0 dst port 6060
案例:
hubble-transfer服务端口为9511,所以下面截图的案例其实就是监听服务开启的端口,有哪些请求来源数据。
三、请求端口监听:src
tcpflow -ci eth0 src port 9092:监听来源端口为9092的网络包数据。说白了,是请求端口为9092的服务的数据。
案例:
以下案例是Kafka消费者,Kafka的端口为9092,hubble-biz-log从9092端口消费数据(其实本质就是请求9092端口服务)
代码:
/**
* 监听流水日志
* @param message
*/
@KafkaListener(topics = "hubble-log-ms")
public void consumer(String message,Acknowledgment ack){
try {
Map<String,Object> dataMap = JSON.parseObject(message, new TypeReference<Map<String,Object>>(){}.getType());
HubbleSyslogMsVO hubbleSyslogMsVO = handleToVO(dataMap);
if(!hubbleSyslogMsVO.getRequesturi().contains("query")){
logList.add(hubbleSyslogMsVO);
if (logList.size() >= batchSize) {
int num = hubbleSyslogMsVOMapper.insertBatch(logList);
log.info("log batch num={}",num);
logList.clear();
}
}
} catch (Exception e) {
logList.clear();
log.error("consumer has error,error info is ",e);
}finally {
ack.acknowledge();
}
}
抓包日志:
[root@hubble-biz-log-pod-64b7b45596-q2dz2 DockerHubblebizhost]# tcpflow -ci eth0 src port 9092
tcpflow: listening on eth0
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: D{eyF.{"requestUri":"/api/host/hostSync","haoshi":0}
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.188.09092-010.068.202.022.56576: 6'
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: JkatyF4{"requestUri":"/api/group/queryGrpInfo","haoshi":59}
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.168.09092-010.068.202.022.50760: +,stat_syslog_access_line
010.034.004.168.09092-010.068.202.022.50760: +.stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: M+
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: QODyF;{"requestUri":"/api/template/findStrategyById","haoshi":18}
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.168.09092-010.068.202.022.50760: +0stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: /
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066: x
010.034.004.182.09092-010.068.202.022.58066: J=xyG4{"requestUri":"/api/open/notice/v2/send","haoshi":1}
010.034.004.182.09092-010.068.202.022.58066: =
010.034.004.168.09092-010.068.202.022.50760: +2stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 6-
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: JOyG@4{"requestUri":"/api/group/queryGrpInfo","haoshi":38}
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.168.09092-010.068.202.022.50760: +4stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576: 3
010.034.004.188.09092-010.068.202.022.56572:
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56572:
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
hubble-log-ms88.09092-010.068.202.022.56572:
010.034.004.188.09092-010.068.202.022.56572: N
010.034.004.188.09092-010.068.202.022.56576: x
010.034.004.188.09092-010.068.202.022.56576: J~PyGZ4{"requestUri":"/api/open/notice/v2/send","haoshi":0}
010.034.004.188.09092-010.068.202.022.56572: NyGZ{"responsecode":200,"enddate":1656556701530,"clientIp":"10.19.0.227","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5728\\u8fc7\\u53bb60\\u5206\\u949f\\u5931\\u8d25\\u4e8634\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701530,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"}
010.034.004.188.09092-010.068.202.022.56576: =
010.034.004.168.09092-010.068.202.022.50836: 4IY
010.034.004.168.09092-010.068.202.022.50836:
010.034.004.168.09092-010.068.202.022.50836: hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: B7
010.034.004.188.09092-010.068.202.022.56572: =
010.034.004.168.09092-010.068.202.022.50760: +6stat_syslog_access_line
hubble-log-ms68.09092-010.068.202.022.50758: !
010.034.004.168.09092-010.068.202.022.50756: $I\hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: I]
010.034.004.168.09092-010.068.202.022.50836:
010.034.004.168.09092-010.068.202.022.50836: hubble-log-event
010.034.004.168.09092-010.068.202.022.50836: B8
010.034.004.168.09092-010.068.202.022.50836: B7}&yG]{"responsecode":404,"enddate":1656556701533,"clientIp":"10.128.220.10","paramData":"{}","methodName":"HEAD","startdate":1656556701532,"total_time":1,"uri":"/error"}=
010.034.004.188.09092-010.068.202.022.56576: M5
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.188.09092-010.068.202.022.56576: QBoVyGg;{"requestUri":"/api/template/findStrategyById","haoshi":22}
010.034.004.188.09092-010.068.202.022.56576:
010.034.004.182.09092-010.068.202.022.58066: 61
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.182.09092-010.068.202.022.58066: JqyGr4{"requestUri":"/api/group/queryGrpInfo","haoshi":37}
010.034.004.182.09092-010.068.202.022.58066:
010.034.004.168.09092-010.068.202.022.50760: +8stat_syslog_access_line
010.034.004.168.09092-010.068.202.022.50760: +:stat_syslog_access_line
010.034.004.198.09092-010.068.202.022.55068: )
010.034.004.198.09092-010.068.202.022.55068:
010.034.004.198.09092-010.068.202.022.55068: stat_syslog_access_line
010.034.004.198.09092-010.068.202.022.55068: x
010.034.004.198.09092-010.068.202.022.55068: JwVyG4{"requestUri":"/api/open/notice/v2/send","haoshi":0}
010.034.004.198.09092-010.068.202.022.55068: =
010.034.004.168.09092-010.068.202.022.50760: +<stat_syslog_access_line
010.034.004.188.09092-010.068.202.022.56572: M
010.034.004.188.09092-010.068.202.022.56572:
hubble-log-ms88.09092-010.068.202.022.56572:
010.034.004.188.09092-010.068.202.022.56572: N
010.034.004.188.09092-010.068.202.022.56572: NRyG{"responsecode":200,"enddate":1656556701596,"clientIp":"10.19.0.228","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5bb9\\u5668\\u5b9e\\u4f8b\\u4e0d\\u7a33\\u5b9a\\uff0c\\u5728\\u8fc7\\u53bb6\\u5c0f\\u65f6\\u5185\\u81f3\\u5c11\\u53d8\\u66f4\\u4e8635\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701596,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"}
四、其它使用示例
- 1. 针对特定网口抓包 ( -i 选项 )。 不加任何选项执行 tcpdump 时,tcpdump 将抓取通过所有网口的包;使用 -i 在指定的网口抓包: 示例:tcpdump 抓取所有通过 eth0 的包。命令:root@kali:~# tcpdump -i eth0
- 2. 抓取指定数目的包( -c 选项 )。 默认情况下 tcpdump 将一直抓包,直到按下 Ctrl + c 中止,使用 -c 选项我们可以指定抓包的数量: 示例:只针对 eth0 网口抓 10 个包。命令:root@kali:~# tcpdump -i eth0 -c 10
- 3. 将抓到包写入文件中( -w 选项 )。使用 -w 选项,将抓包记录到一个指定文件中,保存为.pcap后缀的文件,可以使用 wireshark 等工具读取分析。 命令:root@kali:~# tcpdump -i eth0 -c 10 -w 2017.pcap
- 4. 读取 tcpdump 保存文件( -r 选项 )。对于保存的抓包文件,我们可以使用 -r 选项进行读取。命令:root@kali:~# tcpdump -r 2017.pcap
- 5. 抓包时不进行域名解析( -n选项 )。默认情况下,tcpdump 抓包结果中将进行域名解析,显示的是域名地址而非 ip 地址,使用 -n 选项,可指定显示 ip 地址。
- 6. 增加抓包时间戳(-tttt选项)。使用-tttt选项,抓包结果中将包含抓包日期:
- 7. 指定抓包的协议类型。我们可以只抓某种协议的包,tcpdump 支持指定以下协议:ip、ip6、arp、tcp、udp、wlan 等。 示例:只抓取 arp 协议的包:root@kali:~# tcpdump -i eth0 -tttt arp
- 8. 指定抓包端口。如果想要对某个特定的端口抓包,可以通过以下命令:root@kali:~# tcpdump -i eth0 port 22
- 9. 抓取特定目标 ip和端口 的包。网络包的内容中,包含了源ip地址、端口和目标ip、端口,我们可以根据目标ip和端口过滤tcpdump抓包结果,以下命令说明了此用法: 示例:root@kali:~# tcpdump -i eth0 dst 10.70.121.92 and port 22 示例:root@kali:~# tcpdump -i eth0 -c 10 ip -tttt -X
参考文档:
https://blog.csdn.net/weixin_34124651/article/details/88267519
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn/183539.html原文链接:https://javaforall.cn
相关文章
- 使用SH命令管理Linux系统(sh命令linux)
- 文件掌握Linux命令:查看目录文件(linux命令查看目录)
- 命令Linux中的MV命令:管理文件的快捷方式(linux中的mv)
- 行Linux 调用命令行:展开机遇之路(linux调用命令)
- 掌握Linux系统时间修改技巧:date命令实战(linux修改时间命令)
- 深入了解Linux:掌握ISO使用技巧(linux使用iso)
- 使用Linux命令at管理任务(linux命令at)
- 深入Linux:使用命令修改文件权限(linux命令修改文件权限)
- Linux下使用注释命令管理程序(linux注释命令)
- 在 ARM 上安装 Linux 操作系统(arm安装linux)
- 每日掌握Linux命令,快速学习Linux机器人(每天学一个linux命令)
- Linux命令究竟为何无效?(linux命令无效)
- Linux的发展史:从分支到成长(linux的分支)
- Linux系统下NS2的安装与运行(linux安装ns2)
- 「解密 Linux 映射命令:快速查找文件路径」(linux映射命令)
- Linux命令:如何实现换行?(linux命令换行)
- 学会远程登录Linux的命令(远程登录linux命令)
- 手把手教你:Linux 系统下编写自己的 ls 命令(linux编写ls命令)
- 轻松学会Linux命令:如何复制文件与目录(linux命令复制)
- Linux安全防护:让你简单安全(linux安全组)
- 深入初探Linux系统读写命令(linux读写命令)
- Installing QQ on Linux: A Guide to Getting Started(linux下安装qq)
- Linux 上文件快捷合并的终极命令(linux 文件合并命令)
- Linux下的开网页命令:快速访问网页的方法(linux开网页命令)
- 利用Linux命令查看挂载目录(linux查看挂载目录)
- Linux 与 ANSI C: 共 同 前行 (linux ansi c)
- 安卓与Linux:共同承载开源的梦(安卓和linux的关系)
- linux中关于screen的命令详解