CentOS7 tcpdump安装与使用

Posted 2022-08-01 编程圈子

yum安装

yum install tcpdump

源码安装

# flex   
yum -y install flex  

# bison  
yum -y install bison

wget http://www.tcpdump.org/release/libpcap-1.5.3.tar.gz    
wget http://www.tcpdump.org/release/tcpdump-4.5.1.tar.gz    
tar -zxvf libpcap-1.5.3.tar.gz    
cd libpcap-1.5.3    
./configure    
sudo make install    

cd ..    
tar -zxvf tcpdump-4.5.1.tar.gz    
cd tcpdump-4.5.1    
./configure    
sudo make install   

yum -y install bison

使用

抓http包

tcpdump -XvvennSs 0 -i eth0 tcp[20:2]=0x4745 or tcp[20:2]=0x4854 -w /tmp/capture.pcap

通过网卡eth1来监听端口80发出去的host包到192.168.109.8的报文

tcpdump -i eth1 port 80 and dst host "192.168.109.8"

任意网卡目标是192.168.109.*的 80端口数据

/usr/local/sbin/tcpdump -i any  port 80 and dst host "192.168.109.*" -w /tmp/capture.pcap

加上源地址IP

tcpdump -i any -p -s 0 port 80 and dst host "192.168.109.*" and src host "10.70.32.**" -w /tmp/capture.pcap