博客园  :: 首页  :: 管理

关于使用tcpdump命令抓包时网络接口的查询与指定

Posted on 2023-04-26 10:59  520_1351  阅读(166)  评论(0编辑  收藏  举报

第一步:首先可以通过tcpdump命令的--list-interfaces选项,列出系统中的所有网络接口(这个与ip addr列出的还有略有点点差异)

-D
--list-interfaces
       Print  the  list  of  the network interfaces available on the system and on which tcpdump can capture packets.
       For each network interface, a number and an interface name, possibly followed by a  text  description  of  the
       interface,  is  printed.  The interface name or the number can be supplied to the -i flag to specify an inter‐
       face on which to capture.

       This can be useful on systems that don't have a command to list them (e.g., Windows systems, or  UNIX  systems
       lacking  ifconfig -a); the number can be useful on Windows 2000 and later systems, where the interface name is
       a somewhat complex string.

       The -D flag will not be supported if tcpdump was built with  an  older  version  of  libpcap  that  lacks  the
       pcap_findalldevs() function.

因为建议还是直接使用 tcpdump --list-interfaces 进行查询,查询使用普通用户都是可以的,结果类似下图所示

第二步,就是抓包时,需要指定网络接口了,此操作默认只有root特权账号才可以使用tcpdump进行抓包,说明如下

-i interface
--interface=interface
       Listen on interface.  If unspecified, tcpdump searches the system interface list for the lowest numbered, con‐
       figured up interface (excluding loopback), which may turn out to be, for example, ``eth0''.

       On  Linux  systems  with 2.2 or later kernels, an interface argument of ``any'' can be used to capture packets
       from all interfaces.  Note that captures on the ``any'' device will not be done in promiscuous mode.

       If the -D flag is supported, an interface number as printed by that flag can be used as  the  interface  argu‐
       ment, if no interface on the system has that number as a name.

可以看出可以指定any,但是有个说明(没有完全理解到),Note that captures on the ``any'' device will not be done in promiscuous mode.

因此笔者推荐抓包时还是指定具体的网络接口,此操作默认情况只有root用户才有权限执行,如需要抓取所有与eth0网络接口相关的的数据包

tcpdump -i eth0  

当然命令的输出会非常多,也可以继续指定条件,笔者将在后续的文章中单独说明,更加详细的使用方法

其他说明:tcpdump 如果需要指定网卡,笔者没有发现指定多张网卡的方法,尝试过使用 使用如下命令进行抓包

tcpdump -i eth0 -i eth1 icmp

也能抓取到icmp相关的数据包,但是实际生效的也只是最后-i选项指定的eth1

 

 

 

 

尊重别人的劳动成果 转载请务必注明出处: https://www.cnblogs.com/5201351/p/17355035.html