1 개요[ | ]
- tcpdump
- /usr/sbin/tcpdump
- TCP덤프, tcpdump 사용법, tcpdump 뜨기
2 실행예시[ | ]
- eth1 패킷덤프를 파일로 저장
Console
Copy
[root@zetawiki ~]# tcpdump -i eth1 -w tcpdump1.pcap
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
^C75 packets captured
75 packets received by filter
0 packets dropped by kernel
- → Ctrl+C를 눌러 중단하는 시점까지 저장됨
- 패킷 100개의 덤프
Console
Copy
[root@zetawiki ~]# tcpdump -i eth1 -w tcpdump2.pcap -c 100
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
100 packets captured
100 packets received by filter
0 packets dropped by kernel
- pcap 파일 내용 보기
Console
Copy
[root@zetawiki ~]# tcpdump -qns 0 -X -r tcpdump1.pcap
reading from file tcpdump1.pcap, link-type EN10MB (Ethernet)
07:23:18.977783 IP 135.145.142.139 > 192.168.0.46: ICMP time exceeded in-transit, length 36
0x0000: 4500 0038 0000 0000 fb01 72c4 7d91 0ec1 E..8......r.}...
0x0010: c0a8 0006 0b00 f4ff 0000 0000 4500 001c ............E...
0x0020: 385e 0000 0101 a702 c0a8 0006 72c8 a70a 8^..........r...
0x0030: 0800 90fd 0001 6701 ......g.
07:23:18.992044 IP 192.168.0.168.ssh > 192.168.0.46.7929: tcp 132
0x0000: 4510 00ac dcb3 4000 4006 dc29 c0a8 0008 E.....@.@..)....
0x0010: c0a8 0006 0016 1ef9 e662 5e6a d13a 94eb .........b^j.:..
... (생략)