用tcpdump抓取tcp,udp某个端口的报文

1.用 tcpdump 抓取 UDP 报文

sudo tcpdump -vvv -X udp port 端口号

2.用 tcpdump 抓取 TCP 报文段

sudo tcpdump -vvv -X tcp port 端口号

例子:

用 tcpdump 抓取 DNS 报文 【DNS(Domain Name Service)协议基于UDP,端口53】

sudo tcpdump -vvv -X udp port 53

用 tcpdump 抓取 HTTP 报文 【HTTP协议基于TCP,端口80】

sudo tcpdump -vvv -X tcp port 80

摘录自网络

Use TCPDUMP to Monitor HTTP Traffic

1. To monitor HTTP traffic including request and response headers and message body:

tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

2. To monitor HTTP traffic including request and response headers and message body from a particular source:

tcpdump -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

3. To monitor HTTP traffic including request and response headers and message body from local host to local host:

tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo

4. To only include HTTP requests, modify “tcp port 80” to “tcp dst port 80” in above commands

5. Capture TCP packets from local host to local host

tcpdump -i lo