Ubuntu下tcpdump命令(三)实例
实例
显示所有发往/来自sundown的包:
tcpdump host sundown
显示在helios和(hot或者ace)之间往来的包:
tcpdump host helios and \( hot or ace \)
显示在ace和除helios之外任何主机之间往来的IP包:
tcpdump ip host ace and not helios
显示所以本地主机和Berkeley主机间的包:
tcpdump net ucb-ether
显示所有通过网管snup的ftp包:
tcpdump 'gateway snup and (port ftp or ftp-data)'
显示源和目的都不是本地主机的包:
tcpdump ip and not net localnet
显示源和目的都不是本地主机的每个TCP会话的开始和结束(SYN和FIN)包:
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet'
显示所有包含数据(除去SYN,FIN和ACK包)的IPv4的http包:
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
显示经过网关snup的大小超过576字节的包:
tcpdump 'gateway snup and ip[2:2] > 576'
显示不是通过以太网广播或多播的IP广播或多播包:
tcpdump 'ether[0] & 1 = 0 and ip[16] >= 224'
显示不是echo请求/回复的ICMP包:
tcpdump 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply'
阅读(1568) | 评论(0) | 转发(0) |
