suziewong/tcpdump.md

## tcpdump.md

      
    Raw
  

              tcpdump.md
            
          
    Tcpdump

看了蛮久的tcpdump，也一直很想尝试抓包这类的技能。
tcpdump
-i 指定监听网卡 lo eth0
-c 数量
-w xxx.cap(直接是wireshark的2进制文件)
-A ACSII显示内容
-X 16进制+ASCII[-A与-X监听封包内容]

例子


1.监听网卡eth0，并导入xxx.cap文件

tcpdump -i eth0 -w xxx.cap


2.监听

tcpdump -i eth0 host 192.168.137.1
tcpdump -i eth0 host 192.168.137.1 and port 80
tcpdump -i eth0 host 192.168.137.1 and !port 80
tcpdump -i eth0 host 192.168.137.1 and icmp


3.监听主机

tcpdump -i eth0 host 192.168.137.1
tcpdump -i eth0 src host 192.168.137.1
tcpdump -i eth0 dst host 192.168.137.1


4.监听端口

tcpdump -i eth0 port 25
tcpdump -i eth0 src port 25
tcpdump -i eth0 dst port 25


5.监听网段

tcpdump -i eth0 net 192.168
tcpdump -i eth0 src net 192.168
tcpdump -i eth0 dst net 192.168


6.监听协议

tcpdump -i eth0 icmp
tcpdump -i eth0 udp
tcpdump -i eth0 tcp
tcpdump -i eth0 arp
tcpdump -i eth0 ip

实践

1.89 与本机直接测试抓包内容分析
2.局域网抓包分析用户名密码
拓展

1.Sniffer
2.Wireshark
3.获取用户名密码
Ps

1.SSH协议加密,很安全，无法直接拿到明文