Linux的shell編程前奏之常見網絡管理命令實戰七
前言:tcpdump命令是一個截獲網絡數據包的包分析工具。Tcpdump可以將網絡中傳送的數據包的“頭”完全截獲下來以提供分析。它支持針對網絡層,協議,主機,端口等的過濾,並支持與,或,非邏輯語句協助過濾有效信息。
一>監聽指定網卡收到的數據包
[root@lll /]# tcpdump -i ens33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 65535 bytes
17:52:07.058332 IP 192.168.0.104.50775 > 192.168.1.1.domain: 63991+ PTR? 1.1.168.192.in-addr.arpa. (42)
17:52:07.058699 IP 192.168.0.104.ssh > 192.168.0.101.52418: Flags [P.], seq 196:472, ack 1, win 254, length 276
17:52:07.065062 IP 192.168.1.1.domain > 192.168.0.104.50775: 63991* 1/0/0 PTR 192.168.1.1. (67)
17:52:07.065916 IP 192.168.0.104.ssh > 192.168.0.101.52418: Flags [P.], seq 472:1244, ack 1, win 254, length 772
17:52:07.066373 IP 192.168.0.101.52418 > 192.168.0.104.ssh: Flags [.], ack 1244, win 3834, length 0
17:52:07.066956 IP 192.168.0.104.ssh > 192.168.0.101.52418: Flags [P.], seq 1244:1504, ack 1, win 254, length 260
17:52:07.067455 IP 192.168.0.104.ssh > 192.168.0.101.52418: Flags [P.], seq 1504:1668, ack 1, win 254, length 164
17:52:07.067783 IP 192.168.0.101.52418 > 192.168.0.104.ssh: Flags [.], ack 1668, win 4096, length 0
17:52:07.068028 IP 192.168.0.104.ssh > 192.168.0.101.52418: Flags [P.], seq 1668:1928, ack 1, win 254, length 260
17:52:07.068409 IP 192.168.0.104.ssh > 192.168.0.101.52418: Flags [P.], seq 1928:2092, ack 1, win 254, length 164
17:52:07.068987 IP 192.168.0.101.52418 > 192.168.0.104.ssh: Flags [.], ack 2092, win 3990, length 0
17:52:07.069425 IP 192.168.0.104.ssh > 192.168.0.101.52418: Flags [P.], seq 2092:2352, ack 1, win 254, length 260
17:52:07.069797 IP 192.168.0.104.ssh > 192.168.0.101.52418: Flags [P.], seq 2352:2516, ack 1, win 254, length 164
17:52:07.070056 IP 192.168.0.101.52418 > 192.168.0.104.ssh: Flags [.], ack 2516, win 3884, length 0
17:52:07.070504 IP 192.168.0.104.ssh > 192.168.0.101.52418: Flags [P.], seq 2516:2776, ack 1, win 254, length 260
總結: -i,指定網絡接口網卡。
17:52:07.070504:當前時間,精確到微妙。
IP 192.168.0.104.ssh > 192.168.0.101.52418:從主機192.168.0.104的SSH端口發送數據到192.168.0.101的52418端口,“>”代表數據流向。
Flags [P.]:TCP包中的標誌信息,S是SYN標誌的縮寫,F(FIN),P(PUSH),R(RST),”.”(沒有標記)
Seq:數據包中的數據的順序號。
ack: 下次期望的順序號。
win:接收緩存的窗口大小。
length:數據包長度。
二>監聽指定主機的數據包
[root@lll /]# tcpdump -n host 192.168.0.104 ----監聽所有192.168.0.104的主機收到的和發出的數據包
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
[root@lll /]# tcpdump -n src host 192.168.0.104 ---只監聽從192.168.0.104發出的數據包,即源地址爲192.168.0.104,關鍵字爲src
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
[root@lll /]# tcpdump -n dst host 192.168.0.104 ----只監聽192.168.0.104收到的數據包,即目標地址從192.168.0.104
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
三>監聽指定端口的數據包
[root@lll /]# tcpdump -nn port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
四>多個過濾條件混合使用
[root@lll /]# tcpdump -n ip host 192.168.0.101 and 192.168.104
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
總結:tcpdump命令支持邏輯運算符and(與),or(或),!(非),即獲取主機192.168.0.101與主機192.168.0.104通信的ip數據包。
五>使用tcpdump對tcp數據進行抓包
[root@lll /]# tcpdump tcp dst port 80 or src 192.168.10.104 -i ens33 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 65535 bytes
總結:tcpdump主要用來抓取網絡包(網絡層),獲取網絡流量,通訊傳輸底層走的都是網絡。
Liunx網絡管理命令 | 應用場景 | 重要參數及典型案例 |
ping | 測試主機之間網絡的連通性 | [root@lll /]# ping -c 3 -i 3 -s 1024 -t 255 www.baidu.com |
telnet | 判斷遠程服務器的端口是否開放 |
[root@lll /]# telnet 192.168.101 80 |
ssh | 安全的遠程登錄主機 | [root@lll /]# ssh 192.168.0.101 "free -m" |
ifconfig | 配置或顯示網絡接口信息 | [root@lll /]# ifconfig ens33 |
route | 顯示或管理路由表 | [root@lll /]# route add -net 192.168.0.104/24 gw 10.0.0.254 |
nmap | 網絡探測工具和安全/端口掃描器 | [root@lll /]# nmap 192.168.0.104 |
tcpdump | 抓包,監聽網絡流量 | [root@lll /]# tcpdump -nn port 22 |
traceroute | 追蹤數據傳輸路由情況 | [root@lll /]# traceroute -I www.baidu.com |
ifup | 激活網絡接口 | [root@lll /]# ifup eth0 |
ifdown | 禁用網絡接口 | [root@lll /]# ifdown eth1 |