Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Tcpdump

Tcpdump

看了蛮久的tcpdump,也一直很想尝试抓包这类的技能。

tcpdump

-i 指定监听网卡 lo eth0
-c 数量
-w xxx.cap(直接是wireshark的2进制文件)
-A ACSII显示内容
-X 16进制+ASCII[-A与-X监听封包内容]

例子

1.监听网卡eth0,并导入xxx.cap文件

tcpdump -i eth0 -w xxx.cap

2.监听

tcpdump -i eth0 host 192.168.137.1
tcpdump -i eth0 host 192.168.137.1 and port 80
tcpdump -i eth0 host 192.168.137.1 and !port 80
tcpdump -i eth0 host 192.168.137.1 and icmp

3.监听主机

tcpdump -i eth0 host 192.168.137.1
tcpdump -i eth0 src host 192.168.137.1
tcpdump -i eth0 dst host 192.168.137.1

4.监听端口

tcpdump -i eth0 port 25
tcpdump -i eth0 src port 25
tcpdump -i eth0 dst port 25

5.监听网段

tcpdump -i eth0 net 192.168
tcpdump -i eth0 src net 192.168
tcpdump -i eth0 dst net 192.168

6.监听协议

tcpdump -i eth0 icmp
tcpdump -i eth0 udp
tcpdump -i eth0 tcp
tcpdump -i eth0 arp
tcpdump -i eth0 ip

实践

1.89 与本机直接测试抓包内容分析

2.局域网抓包分析用户名密码

拓展

1.Sniffer 2.Wireshark 3.获取用户名密码

Ps

1.SSH协议加密,很安全,无法直接拿到明文

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.