Wareshark基本使用
前言
Life is tough, but Wireshark makes it easy.
Wireshark 3.6.6是开源软件抓包分析器
一、下载
下载链接:https://www.wireshark.org/download.html
二、内容
2.1. 路由查看
root@ubuntu:~$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default _gateway 0.0.0.0 UG 100 0 0 ens33 link-local 0.0.0.0 255.255.0.0 U 1000 0 0 ens33 172.29.2.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 root@ubuntu:~$ route | grep default default _gateway 0.0.0.0 UG 100 0 0 ens33 root@ubuntu:~$ heat@ubuntu:~$ route | egrep "Dest|29.2" Destination Gateway Genmask Flags Metric Ref Use Iface 172.29.2.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 root@ubuntu:~$ root@ubuntu:~$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 172.29.2.1 0.0.0.0 UG 0 0 0 ens33 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens33 172.29.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33 heat@ubuntu:~$
2.2 tcpdump -s
使用tcpdump抓包,抓每个包的前80字节。
root@ubuntu:~# tcpdump -i ens33 -s 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 80 bytes 10:53:10.923851 IP 172.29.2.34.53267 > 110.88.208.90.6672: Flags [P.], seq 3104480101:3104480290, ack 450823188, win 1026, length 189 10:53:10.924092 IP 172.29.2.34.53267 > 110.88.208.90.6672: Flags [P.], seq 189:209, ack 1, win 1026, length 20
2.2 tcpdump host x.x.x.x
使用tcpdump抓包,抓与IP地址是x.x.x.x相关的包。
root@ubuntu:~# tcpdump -i ens33 host 172.29.2.34 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 10:56:18.302908 IP 110.88.208.65.7070 > 172.29.2.34.54070: Flags [.], ack 1582627552, win 509, length 0 10:56:18.415437 IP dl1.wireshark.net.https > 172.29.2.34.54305: Flags [.], seq 3533998645:3534001565, ack 24425167, win 501, length 2920
2.2 wireshark过滤器
2.2.1 ip.addr == 172.29.2.34 && tcp.port == 50116
