Wireshark??TcpDump??????????
???????????? ???????[ 2013/1/16 11:05:39 ] ????????
1. Wireshark??tcpdump????
Wireshark?????????Э??????????Windows????Unix????????????Windows???????Wireshark???????Linux????????????tcpdump????????????????е?Linux????????????棬????????Linux???????tcpdump????????tcpdump????????Wireshark????????
??Windows???£?Wireshark???WinPcap????????????????????????????????????????????????????????????????????????????????Wireshark???????????????google??????????????????????
tcpdump?????Unix?????????????????????????????????tcpdump??????????MAC????????????????????????????????ν?????????ü??????????????????κξ????????????????????????????????????????????????????????http://en.wikipedia.org/wiki/Promiscuous_mode??????????й????????????????????Unix???????????????????????????????????????????????????telnet????????????????????????Щ?????????????????root???????????????????????????????????ifconfig eth0 promisc?? eth0????????????????????????????????????windows????????????????windows?????????????????????????????????ó???????????Wireshark??????????????????????????????????????????????ARP????????????????????tcpdump?????????????????????????????????????????????Berkeley??????????BPF?????
2. ????????
???????????www.google.com.hk????????????????????
2.1 tcpdump
??????????????Linux???????tcpdump???????????????С????????????????tcpdump??????????http://www.tcpdump.org????????????????
???root????????????tcpdump???????????????????????£???????SSH????????Linux????????????tcpdump????????????????????????????????????????????tcpdump??????????????????????????????????????????????????????????????????????????????κ????壬????????????????????
?????д?????????????????????????????κν?????????磬?????????????????????????£???wget http://www.google.com.hk??????????????GUI???????firefox?????????http://www.google.com.hk??
???????£?tcpdump??????????????????eth0????????????????????????????????磺
0.003183 192.168.21.137 72.14.203.147 TCP 38039 > http [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=36941509 TSER=0 WS=6
0.011707 72.14.203.147 192.168.21.137 TCP http > 38039 [SYN?? ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460
0.011770 192.168.21.137 72.14.203.147 TCP 38039 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0
????????????????TCP????????????????????38039???????TCP????http?????????80?????tcpdump??/etc/services?з???????????????????????????????????????????????http???????????38039????????????http??????TCP?????????
?????tcpdump?????????????????????????????????-i?????????????????????????磨#??????????????Linux??root????????????#????
# tcpdump –i eth1
????
#tcpdump –i any
???????????????????????????????????????-D???????磺
# tcpdump –D
1.eth0
2.any
3.lo
?????????????????????????????eth0??????ж?????????????????eth1??eth2?????????any??????????????????????????????lo??????????????TCP?????????????????????????ο???TCP/IPЭ?????????
???????£?tcpdump???????????????????????????????????????????????????????????????????????????????????????????С????????-w?????????????????У??磺
#tcpdump –w google.cap
??????????????????google.cap????У?????????????Wireshark????????£?tcpdump??????????????????-r??????????????????????????????????????????磺
#tcpdump –r google.cap http
???????????????tcpdump???google.cap???????????httpЭ????????????????????????????????????????????
2.2 Wireshark
????windows???????Wireshark???????????????棬?1?????Wireshark??google.cap???????棬
?1 Wireshark????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com