怎么用tcpdump命令在Linux环境抓包?
有时候有些接口调用问题不好定位或者日志不够详细,那么我们往往会选择通过抓包来看详细的通讯过程。抓包有相关软件,这里说如何直接在环境里抓,因为往往生产环境只能用命令来搞定。假如现在我们在 Linux 下部署了 Tomcat 服务器,端口是8088,那么我通过 root 用户登录环境后执行如下命令:
tcpdump -i any -X tcp -s 0 port 8088 -w wlf1.cap
如果觉得接口跑完了那么就按下 crtl+C结束抓包,再抓到的包去掉乱码:
strings wlf1.cap > wlf1.txt
接下来只要用vi打开 wlf1.txt就能看到抓包结果了,当然抓包时间得由你自己把握,太快结束可能漏抓。
解释下tcpdump命令的参数:
-i : 监听的网络接口,这里用any代表所有
-X:以十六进制打印数据报文
-s:抓包长度,一般设置为0,即65535字节,默认68
port:指定端口,我们这里是8088端口
-w:保存成cap文件
如果想长时间抓包,可以在后台执行:
nohup tcpdump -i eth1 port 8080 -w ./tmp/xxx.cap &
最后举个抓包栗子:
[root@work]# tcpdump -i any -X tcp -s 0 port 17808 -w wlf1.cap tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes ^C10 packets captured 10 packets received by filter 0 packets dropped by kernel [root@work]# ll total 8 drwxrwxr-x 14 nexus nexus 4096 Oct 16 23:17 nexus3 -rw-r--r-- 1 tcpdump tcpdump 1734 Nov 4 15:56 wlf1.cap )x[root@VM-0-14-centos sonatype-work]# strings wlf1.cap > wlf1.txt [root@work]# cat wlf1.txt _Kb GET /wlf/helloWorld HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041 Accept-Encoding: gzip, deflate Host: 106.53.42.25:17808 Connection: Keep-Alive Cookie: __utmz=17287353.1602894948.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); jenkins-timestamper=system; __utma=17287353.193882543.1602894948.1602894948.1602894948.1; jenkins-timestamper-offset=-28800000; __utmv=17287353.|1=Treatment=PE=1; jenkins-timestamper-local=true HTTP/1.1 200 Content-Type: text/html;charset=UTF-8 Content-Length: 12 Date: Wed, 04 Nov 2020 07:56:56 GMT Keep-Alive: timeout=60 Connection: keep-alive hello world!