tcpdump抓包
有一台ubuntu机器,想看到这台机器和外界通信的情况,使用如下命令:
sudo tcpdump -i em1 -nn port 80
zhangchao3@ubuntu:~$ sudo tcpdump -i em1 -nn port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
15:28:26.131966 IP 112.124.6.10.80 > 172.18.147.69.46220: Flags [.], ack 3208952843, win 457, options [nop,nop,TS val 3698353779 ecr 2121693070], length 0
15:28:26.131991 IP 112.124.6.10.80 > 172.18.147.69.46220: Flags [P.], seq 0:392, ack 1, win 457, options [nop,nop,TS val 3698353783 ecr 2121693070], length 392
15:28:26.132676 IP 172.18.147.69.46220 > 112.124.6.10.80: Flags [P.], seq 1:262, ack 392, win 1444, options [nop,nop,TS val 2121693363 ecr 3698353783], length 261
15:28:26.859612 IP 112.124.6.10.80 > 172.18.147.69.46220: Flags [P.], seq 392:824, ack 262, win 465, options [nop,nop,TS val 3698354971 ecr 2121693363], length 432
15:28:26.871757 IP 172.18.147.69.46220 > 112.124.6.10.80: Flags [P.], seq 262:500, ack 824, win 1444, options [nop,nop,TS val 2121693548 ecr 3698354971], length 238
15:28:27.911357 IP 112.124.6.10.80 > 172.18.147.69.46220: Flags [P.], seq 824:1282, ack 500, win 474, options [nop,nop,TS val 3698355684 ecr 2121693548], length 458
15:28:27.913352 IP 172.18.147.69.46220 > 112.124.6.10.80: Flags [P.], seq 500:737, ack 1282, win 1444, options [nop,nop,TS val 2121693809 ecr 3698355684], length 237