Wareshark基本使用
前言
Life is tough, but Wireshark makes it easy.
Wireshark 3.6.6是开源软件抓包分析器
一、下载
下载链接:
https://www.wireshark.org/download.html
二、内容
2.1. 路由查看
root@ubuntu:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 100 0 0 ens33
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 ens33
172.29.2.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
root@ubuntu:~$ route | grep default
default _gateway 0.0.0.0 UG 100 0 0 ens33
root@ubuntu:~$
heat@ubuntu:~$ route | egrep "Dest|29.2"
Destination Gateway Genmask Flags Metric Ref Use Iface
172.29.2.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
root@ubuntu:~$
root@ubuntu:~$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.29.2.1 0.0.0.0 UG 0 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens33
172.29.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
heat@ubuntu:~$
2.2 tcpdump -s
使用tcpdump抓包,抓每个包的前80字节。
root@ubuntu:~# tcpdump -i ens33 -s 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 80 bytes
10:53:10.923851 IP 172.29.2.34.53267 > 110.88.208.90.6672: Flags [P.], seq 3104480101:3104480290, ack 450823188, win 1026, length 189
10:53:10.924092 IP 172.29.2.34.53267 > 110.88.208.90.6672: Flags [P.], seq 189:209, ack 1, win 1026, length 20
2.2 tcpdump host x.x.x.x
使用tcpdump抓包,抓与IP地址是x.x.x.x相关的包。
root@ubuntu:~# tcpdump -i ens33 host 172.29.2.34
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10:56:18.302908 IP 110.88.208.65.7070 > 172.29.2.34.54070: Flags [.], ack 1582627552, win 509, length 0
10:56:18.415437 IP dl1.wireshark.net.https > 172.29.2.34.54305: Flags [.], seq 3533998645:3534001565, ack 24425167, win 501, length 2920
2.2 wireshark过滤器
2.2.1 ip.addr == 172.29.2.34 && tcp.port == 50116
感谢阅读,祝君成功!
-by aiziyou