« 脚本作战 shell联合python从500G数据中匹配数据 | Main | CNNIC发布第17次互联网报告 中国网络国际出口带宽达到136106M »
January 16, 2006
用 tcpdump 进行网络听包分析解决网络问题
|
版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。 https://windtear.net/archives/2006/01/16/000888.html http://windtear.net/archives/2006/01/16/000888.html 用 tcpdump 进行网络听包分析解决网络问题 2004年4月5号写WinDump时提了一下 tcpdump WinDump vs tcpdump - 挑战毒王 http://windtear.net/archives/2004/04/05/000244.html 发现我在blog里面还没写过tcpdump 另外就是这些天用tcpdump非常频繁 就写一篇 tcpdump 官方主页: http://www.tcpdump.org/ 目前最新稳定版本是 tcpdump 3.9.4 TCPDUMP 3.9.4 TCPDUMP version 3.9.4 is released as of October 2, 2005. LIBPCAP 0.9.4 LIBPCAP version 0.9.4 is released as of October 2, 2005. No current binaries are available. No official 3.9.2/0.9.2 release was made. * tcpdump-3.9.4.tar.gz (changelog) (PGP signature) * libpcap-0.9.4.tar.gz (changelog) (PGP signature) * tcpdump-workers.asc (tcpdump.org signing key) tcpdump 就是linux下面常用的网络抓包/听包工具 是排查错误解决问题的有效手段之一 tcpdump - dump traffic on a network tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -m module ] [ -r file ] [ -s snaplen ] [ -T type ] [ -U user ] [ -w file ] [ -E algo:secret ] [ expression ] Redhat RPM 设置的提示是: Summary : A network traffic monitoring tool. Description : Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. 具体使用方法可以man看帮助 man tcpdump 容易犯的错误一般表达式就是少写 and/&& or/|| 根据需求可以很灵活的写各种各样的命令 比如: tcpdump -p -nnn -vvv -xX udp port 6789 and host 10.6.33.55 -i eth1 如果临时来不及看 或者数据量很大 可以 -w 写到文件里面 比如 tcpdump.data 之后可以取出来看 tcpdump -r tcpdump.data -nnn -vvv -xX udp port 6789 and host 10.6.33.55 (tcpslice 可以分拆tcpdump存盘的文件时间信息等) tcpslice - extract pieces of and/or glue together tcpdump files tcpslice [ -dRrt ] [ -w file ] [ start-time [ end-time ] ] file ... |
Posted by windtear at January 16, 2006 11:52 PM
