看了蛮久的tcpdump,也一直很想尝试抓包这类的技能。
tcpdump
-i 指定监听网卡 lo eth0
-c 数量
-w xxx.cap(直接是wireshark的2进制文件)
-A ACSII显示内容
-X 16进制+ASCII[-A与-X监听封包内容]
1.监听网卡eth0,并导入xxx.cap文件
tcpdump -i eth0 -w xxx.cap
2.监听
tcpdump -i eth0 host 192.168.137.1
tcpdump -i eth0 host 192.168.137.1 and port 80
tcpdump -i eth0 host 192.168.137.1 and !port 80
tcpdump -i eth0 host 192.168.137.1 and icmp
3.监听主机
tcpdump -i eth0 host 192.168.137.1
tcpdump -i eth0 src host 192.168.137.1
tcpdump -i eth0 dst host 192.168.137.1
4.监听端口
tcpdump -i eth0 port 25
tcpdump -i eth0 src port 25
tcpdump -i eth0 dst port 25
5.监听网段
tcpdump -i eth0 net 192.168
tcpdump -i eth0 src net 192.168
tcpdump -i eth0 dst net 192.168
6.监听协议
tcpdump -i eth0 icmp
tcpdump -i eth0 udp
tcpdump -i eth0 tcp
tcpdump -i eth0 arp
tcpdump -i eth0 ip
1.89 与本机直接测试抓包内容分析
2.局域网抓包分析用户名密码
1.Sniffer 2.Wireshark 3.获取用户名密码
1.SSH协议加密,很安全,无法直接拿到明文