总结:抓包命令之linux抓包命令
生活随笔
收集整理的這篇文章主要介紹了
总结:抓包命令之linux抓包命令
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
一、介紹
linux抓包命令
二、被請求端口監聽:dst port
tcpflow -ci eth0 dst port 6060
tcpdump -i eth0 dst port 6060
案例:
hubble-transfer服務端口為9511,所以下面截圖的案例其實就是監聽服務開啟的端口,有哪些請求來源數據。
三、請求端口監聽:src
tcpflow -ci eth0 src port 9092:監聽來源端口為9092的網絡包數據。說白了,是請求端口為9092的服務的數據。
案例:
以下案例是Kafka消費者,Kafka的端口為9092,hubble-biz-log從9092端口消費數據(其實本質就是請求9092端口服務)
代碼:
/*** 監聽流水日志* @param message*/@KafkaListener(topics = "hubble-log-ms")public void consumer(String message,Acknowledgment ack){try {Map<String,Object> dataMap = JSON.parseObject(message, new TypeReference<Map<String,Object>>(){}.getType());HubbleSyslogMsVO hubbleSyslogMsVO = handleToVO(dataMap);if(!hubbleSyslogMsVO.getRequesturi().contains("query")){logList.add(hubbleSyslogMsVO);if (logList.size() >= batchSize) {int num = hubbleSyslogMsVOMapper.insertBatch(logList);log.info("log batch num={}",num);logList.clear();}}} catch (Exception e) {logList.clear();log.error("consumer has error,error info is ",e);}finally {ack.acknowledge();}}抓包日志:
[root@hubble-biz-log-pod-64b7b45596-q2dz2 DockerHubblebizhost]# tcpflow -ci eth0 src port 9092 tcpflow: listening on eth0 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.182.09092-010.068.202.022.58066: D{eyF.{"requestUri":"/api/host/hostSync","haoshi":0} 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.188.09092-010.068.202.022.56576: 6' 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.188.09092-010.068.202.022.56576: JkatyF4{"requestUri":"/api/group/queryGrpInfo","haoshi":59} 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.168.09092-010.068.202.022.50760: +,stat_syslog_access_line 010.034.004.168.09092-010.068.202.022.50760: +.stat_syslog_access_line 010.034.004.182.09092-010.068.202.022.58066: M+ 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.182.09092-010.068.202.022.58066: QODyF;{"requestUri":"/api/template/findStrategyById","haoshi":18} 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.168.09092-010.068.202.022.50760: +0stat_syslog_access_line 010.034.004.182.09092-010.068.202.022.58066: / 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line 010.034.004.182.09092-010.068.202.022.58066: x 010.034.004.182.09092-010.068.202.022.58066: J=xyG4{"requestUri":"/api/open/notice/v2/send","haoshi":1} 010.034.004.182.09092-010.068.202.022.58066: = 010.034.004.168.09092-010.068.202.022.50760: +2stat_syslog_access_line 010.034.004.188.09092-010.068.202.022.56576: 6- 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.188.09092-010.068.202.022.56576: JOyG@4{"requestUri":"/api/group/queryGrpInfo","haoshi":38} 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.168.09092-010.068.202.022.50760: +4stat_syslog_access_line 010.034.004.188.09092-010.068.202.022.56576: 3 010.034.004.188.09092-010.068.202.022.56572: 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.188.09092-010.068.202.022.56572: 010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line hubble-log-ms88.09092-010.068.202.022.56572: 010.034.004.188.09092-010.068.202.022.56572: N 010.034.004.188.09092-010.068.202.022.56576: x 010.034.004.188.09092-010.068.202.022.56576: J~PyGZ4{"requestUri":"/api/open/notice/v2/send","haoshi":0} 010.034.004.188.09092-010.068.202.022.56572: NyGZ{"responsecode":200,"enddate":1656556701530,"clientIp":"10.19.0.227","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5728\\u8fc7\\u53bb60\\u5206\\u949f\\u5931\\u8d25\\u4e8634\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701530,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"} 010.034.004.188.09092-010.068.202.022.56576: = 010.034.004.168.09092-010.068.202.022.50836: 4IY 010.034.004.168.09092-010.068.202.022.50836: 010.034.004.168.09092-010.068.202.022.50836: hubble-log-event 010.034.004.168.09092-010.068.202.022.50836: B7 010.034.004.188.09092-010.068.202.022.56572: = 010.034.004.168.09092-010.068.202.022.50760: +6stat_syslog_access_line hubble-log-ms68.09092-010.068.202.022.50758: ! 010.034.004.168.09092-010.068.202.022.50756: $I\hubble-log-event 010.034.004.168.09092-010.068.202.022.50836: I] 010.034.004.168.09092-010.068.202.022.50836: 010.034.004.168.09092-010.068.202.022.50836: hubble-log-event 010.034.004.168.09092-010.068.202.022.50836: B8 010.034.004.168.09092-010.068.202.022.50836: B7}&yG]{"responsecode":404,"enddate":1656556701533,"clientIp":"10.128.220.10","paramData":"{}","methodName":"HEAD","startdate":1656556701532,"total_time":1,"uri":"/error"}= 010.034.004.188.09092-010.068.202.022.56576: M5 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.188.09092-010.068.202.022.56576: stat_syslog_access_line 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.188.09092-010.068.202.022.56576: QBoVyGg;{"requestUri":"/api/template/findStrategyById","haoshi":22} 010.034.004.188.09092-010.068.202.022.56576: 010.034.004.182.09092-010.068.202.022.58066: 61 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.182.09092-010.068.202.022.58066: stat_syslog_access_line 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.182.09092-010.068.202.022.58066: JqyGr4{"requestUri":"/api/group/queryGrpInfo","haoshi":37} 010.034.004.182.09092-010.068.202.022.58066: 010.034.004.168.09092-010.068.202.022.50760: +8stat_syslog_access_line 010.034.004.168.09092-010.068.202.022.50760: +:stat_syslog_access_line 010.034.004.198.09092-010.068.202.022.55068: ) 010.034.004.198.09092-010.068.202.022.55068: 010.034.004.198.09092-010.068.202.022.55068: stat_syslog_access_line 010.034.004.198.09092-010.068.202.022.55068: x 010.034.004.198.09092-010.068.202.022.55068: JwVyG4{"requestUri":"/api/open/notice/v2/send","haoshi":0} 010.034.004.198.09092-010.068.202.022.55068: = 010.034.004.168.09092-010.068.202.022.50760: +<stat_syslog_access_line 010.034.004.188.09092-010.068.202.022.56572: M 010.034.004.188.09092-010.068.202.022.56572: hubble-log-ms88.09092-010.068.202.022.56572: 010.034.004.188.09092-010.068.202.022.56572: N 010.034.004.188.09092-010.068.202.022.56572: NRyG{"responsecode":200,"enddate":1656556701596,"clientIp":"10.19.0.228","paramData":"{\"noticeWay\": \"\", \"content\": \"QAE \\u62a5\\u8b66\\uff1a\\u5e94\\u7528wangcan.itv-tab-drama-ulike-deep-scorer-v1-prod-wh.bdwh-online01 (docker-registry.qiyi.virtual/mba-rec/mba-deep-rank-service:prod-gl_scorer-2112171043)\\u5bb9\\u5668\\u5b9e\\u4f8b\\u4e0d\\u7a33\\u5b9a\\uff0c\\u5728\\u8fc7\\u53bb6\\u5c0f\\u65f6\\u5185\\u81f3\\u5c11\\u53d8\\u66f4\\u4e8635\\u6b21\\uff0c\\u8bf7\\u53ca\\u65f6\\u5173\\u6ce8\\u5904\\u7406\\u3002\", \"toUsers\": \"wangcan\", \"emailSubject\": \"QAE \\u62a5\\u8b66\"}","methodName":"POST","usertoken":"5fa50","startdate":1656556701596,"total_time":0,"uri":"/api/open/notice/v2/send","username":"guoguanglu"}四、其它使用示例
- 1. 針對特定網口抓包 ( -i 選項?)。
? ? ? ? 不加任何選項執行 tcpdump 時,tcpdump 將抓取通過所有網口的包;使用 -i 在指定的網口抓包:
? ? ? ? 示例:tcpdump 抓取所有通過 eth0 的包。命令:root@kali:~# tcpdump -i eth0 - 2. 抓取指定數目的包( -c 選項 )。
? ? ? ??默認情況下 tcpdump 將一直抓包,直到按下 Ctrl + c?中止,使用 -c 選項我們可以指定抓包的數量:
? ? ? ??示例:只針對 eth0 網口抓 10?個包。命令:root@kali:~# tcpdump -i eth0 -c 10 - 3. 將抓到包寫入文件中( -w 選項 )。使用 -w 選項,將抓包記錄到一個指定文件中,保存為.pcap后綴的文件,可以使用 wireshark 等工具讀取分析。
? ? ? ??命令:root@kali:~# tcpdump -i eth0 -c 10 -w 2017.pcap? ? ?? - 4. 讀取 tcpdump 保存文件( -r 選項 )。對于保存的抓包文件,我們可以使用 -r 選項進行讀取。命令:root@kali:~# tcpdump -r 2017.pcap
- 5. 抓包時不進行域名解析( -n選項 )。默認情況下,tcpdump 抓包結果中將進行域名解析,顯示的是域名地址而非 ip 地址,使用 -n 選項,可指定顯示 ip 地址。
- 6. 增加抓包時間戳(-tttt選項)。使用-tttt選項,抓包結果中將包含抓包日期:
- 7. 指定抓包的協議類型。我們可以只抓某種協議的包,tcpdump 支持指定以下協議:ip、ip6、arp、tcp、udp、wlan 等。
? ? ? ? 示例:只抓取 arp 協議的包:root@kali:~# tcpdump -i eth0 -tttt arp - 8. 指定抓包端口。如果想要對某個特定的端口抓包,可以通過以下命令:root@kali:~# tcpdump -i eth0 port 22
- 9. 抓取特定目標 ip和端口 的包。網絡包的內容中,包含了源ip地址、端口和目標ip、端口,我們可以根據目標ip和端口過濾tcpdump抓包結果,以下命令說明了此用法:
????????示例:root@kali:~# tcpdump -i eth0 dst 10.70.121.92 and port 22
????????示例:root@kali:~# tcpdump -i eth0 -c 10 ip -tttt -X
參考文檔:
https://blog.csdn.net/weixin_34124651/article/details/88267519
總結
以上是生活随笔為你收集整理的总结:抓包命令之linux抓包命令的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: SQL——连接字符串常用函数
- 下一篇: Linux下tomcat 8安装与配置