[Network]记一次简单的抓包
![[Network]记一次简单的抓包](/content/images/size/w1200/2020/02/1024px-Tcpdump_4.9.3_screenshot.png)
背景
工作需要,抓包查看一下来自某ip的Request
思路
在服务器端抓包后,导入到本地用wireshark查看
具体步骤
- 服务器安装tcpdump
yum -y install tcpdump ifconfig查看本地网卡- 执行一下命令抓包eth0的包,并保存到/tmp/zhuabao.cap
tcpdump -tttt tcp -i eth0 -w /tmp/zhuabao.cap
-tttt 是为了
Print a timestamp, as hours, minutes, seconds, and fractions of a second since midnight, preceded by the date, on each dump line.
- 反向下载到本地
scp zhuabao.cap user1@XXX.XX.XXX.XX:/Users/user1/Downloads/zhuabao.cap - 通过wireshark查看,在View-->Time Display Format里选择Date and Time of Day,方便查看absolute time。
References:
https://blog.csdn.net/boling_cavalry/article/details/86771775
https://blog.csdn.net/LoveXudada/article/details/81503164
https://serverfault.com/questions/772736/how-do-i-see-absolute-time-stamps-in-wireshark