1. tcpdump 抓包
两台主机直接通讯
tcpdump -n -i eth6 host 192.168.50.24 and 124.74.244.174
需要写入到文件
tcpdump -i eth6 host 192.168.50.24 and 124.74.244.174 -w bp.out
tcpdump -i eth6 host 192.168.50.24 and 117.185.125.17 -w src.out
tcpdump -i eth6 host 192.168.50.24 and 192.168.112.83 -w des.out
tcpdump -i eth3 -w test.out
tcpdump -i eth3 -s 0 -w test.out
tcpdump -i any -s 0 -w test.out //抓所有网卡包
tcpdump -i eth6 host 192.168.50.24 and (117.185.125.17 or 192.168.112.83 ) -w aaaa.out
tcpdump host 10.200.200.89
2. Wireshark 过滤分析
数据包内容包涵字符串过滤
data.data contains "IF"
data.data contains 31-36-30-35
协议和端口过滤
tcp.srcport==53202
ip.src==172.27.16.43 or udp.dstport==9000
ip.src==172.27.16.42 or udp.dstport==10930
ip.src==192.168.1.186 || ip.dst==192.168.1.186
(tcp.srcport==3202 or udp.dstport==10930) and (data.data contains "IO1603-P-2800" or data.data contains "IO1603-P-2900" or data.data contains "IO1603-P-3000" or data.data contains "IO1603-P-3100")
(tcp.srcport==53202 or udp.dstport==9000)
网友评论