978 用tcpdump抓取tcp,udp某个端口的报文
1.用 tcpdump 抓取 UDP 报文
sudo tcpdump -vvv -X udp port 端口号
2.用 tcpdump 抓取 TCP 报文段
sudo tcpdump -vvv -X tcp port 端口号
例子:
用 tcpdump 抓取 DNS 报文 【DNS(Domain Name Service)协议基于UDP,端口53】
sudo tcpdump -vvv -X udp port 53
用 tcpdump 抓取 HTTP 报文 【HTTP协议基于TCP,端口80】
sudo tcpdump -vvv -X tcp port 80
摘录自网络
Use TCPDUMP to Monitor HTTP Traffic
1. To monitor HTTP traffic including request and response headers and message body:
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
2. To monitor HTTP traffic including request and response headers and message body from a particular source:
tcpdump -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
3. To monitor HTTP traffic including request and response headers and message body from local host to local host:
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo
4. To only include HTTP requests, modify “tcp port 80” to “tcp dst port 80” in above commands
5. Capture TCP packets from local host to local host
tcpdump -i lo
