linux IPIP封装 抓包方式

单项抓包

tcpdump -nn -e -i eth0 "ip proto 4 and (ip[20+16:1]=10 and ip[20+17:1]=244 and ip[20+18:1]=72 and ip[20+19:1]=10)"

双向抓包

tcpdump -nn -e -i eth1 "ip proto 4 and ((ip[20+12:1]=10 and ip[20+13:1]=244 and ip[20+14:1]=72 and ip[20+15:1]=10) or (ip[20+16:1]=10 and ip[20+17:1]=244 and ip[20+18:1]=72 and ip[20+19:1]=10))"

注意修改IP地址

posted @ 2024-05-17 18:00  salami_china  阅读(12)  评论(0编辑  收藏  举报