c++
linux
算法
tcp抓包
创建:2025-04-24 22:22
更新:2025-04-24 22:22
tcpdump 是一个非常强大的网络数据包捕获工具,可以用来监视网络流量。
安装
sudo apt install tcpdump
使用
sudo tcpdump -i any port 7800 # 要捕获针对 7800 端口的所有 TCP 流量
sudo tcpdump -i any -n -v port 7800 # `-n`: 不将主机名解析为 IP 地址。 `-v`: 显示更详细的输出。
sudo tcpdump -i any -w capture_7800.pcap port 7800 # 保存到文件
sudo tcpdump -i any -c 100 port 7800 # 限制捕获的数据包数量, 只捕获前 100 个数据包
抓包示例:
$ sudo tcpdump -i any port 7281 -v
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
22:52:10.376251 lo In IP (tos 0x0, ttl 64, id 22849, offset 0, flags [DF], proto TCP (6), length 131)
localhost.7281 > localhost.56130: Flags [P.], cksum 0xfe77 (incorrect -> 0x6208), seq 1416972356:1416972435, ack 3371621798, win 36875, options [nop,nop,TS val 2468267895 ecr 2468130697], length 79
22:52:10.376544 lo In IP (tos 0x0, ttl 64, id 28521, offset 0, flags [DF], proto TCP (6), length 228)
localhost.56130 > localhost.7281: Flags [P.], cksum 0xfed8 (incorrect -> 0xf790), seq 1:177, ack 79, win 512, options [nop,nop,TS val 2468267895 ecr 2468267895], length 176
22:52:10.376579 lo In IP (tos 0x0, ttl 64, id 22850, offset 0, flags [DF], proto TCP (6), length 52)
localhost.7281 > localhost.56130: Flags [.], cksum 0xfe28 (incorrect -> 0xf778), ack 177, win 36875, options [nop,nop,TS val 2468267895 ecr 2468267895], length 0
22:52:10.376731 lo In IP (tos 0x0, ttl 64, id 57095, offset 0, flags [DF], proto TCP (6), length 228)
localhost.7281 > localhost.56128: Flags [P.], cksum 0xfed8 (incorrect -> 0xd949), seq 817044116:817044292, ack 436111036, win 36875, options [nop,nop,TS val 2468267895 ecr 2468130651], length 176
22:52:10.376891 lo In IP (tos 0x0, ttl 64, id 64283, offset 0, flags [DF], proto TCP (6), length 186)
localhost.56128 > localhost.7281: Flags [P.], cksum 0xfeae (incorrect -> 0xced9), seq 1:135, ack 176, win 512, options [nop,nop,TS val 2468267895 ecr 2468267895], length 134
22:52:10.376910 lo In IP (tos 0x0, ttl 64, id 57096, offset 0, flags [DF], proto TCP (6), length 52)
localhost.7281 > localhost.56128: Flags [.], cksum 0xfe28 (incorrect -> 0x4e99), ack 135, win 36875, options [nop,nop,TS val 2468267895 ecr 2468267895], length 0
22:52:10.376996 lo In IP (tos 0x0, ttl 64, id 22851, offset 0, flags [DF], proto TCP (6), length 186)
localhost.7281 > localhost.56130: Flags [P.], cksum 0xfeae (incorrect -> 0xe927), seq 79:213, ack 177, win 36875, options [nop,nop,TS val 2468267895 ecr 2468267895], length 134
22:52:10.377453 lo In IP (tos 0x0, ttl 64, id 28522, offset 0, flags [DF], proto TCP (6), length 148)
localhost.56130 > localhost.7281: Flags [P.], cksum 0xfe88 (incorrect -> 0xc847), seq 177:273, ack 213, win 512, options [nop,nop,TS val 2468267896 ecr 2468267895], length 96
22:52:10.378122 lo In IP (tos 0x0, ttl 64, id 22852, offset 0, flags [DF], proto TCP (6), length 100)
localhost.7281 > localhost.56130: Flags [P.], cksum 0xfe58 (incorrect -> 0x9a9b), seq 213:261, ack 273, win 36875, options [nop,nop,TS val 2468267897 ecr 2468267896], length 48
22:52:10.381607 lo In IP (tos 0x0, ttl 64, id 28523, offset 0, flags [DF], proto TCP (6), length 4148)
localhost.56130 > localhost.7281: Flags [P.], cksum 0x0e29 (incorrect -> 0x7441), seq 273:4369, ack 261, win 512, options [nop,nop,TS val 2468267900 ecr 2468267897], length 4096
22:52:10.423653 lo In IP (tos 0x0, ttl 64, id 22853, offset 0, flags [DF], proto TCP (6), length 52)
localhost.7281 > localhost.56130: Flags [.], cksum 0xfe28 (incorrect -> 0xe62e), ack 4369, win 36875, options [nop,nop,TS val 2468267942 ecr 2468267900], length 0
22:52:10.423662 lo In IP (tos 0x0, ttl 64, id 28524, offset 0, flags [DF], proto TCP (6), length 4278)
localhost.56130 > localhost.7281: Flags [P.], cksum 0x0eab (incorrect -> 0x13ba), seq 4369:8595, ack 261, win 512, options [nop,nop,TS val 2468267942 ecr 2468267942], length 4226
22:52:10.423670 lo In IP (tos 0x0, ttl 64, id 22854, offset 0, flags [DF], proto TCP (6), length 52)
localhost.7281 > localhost.56130: Flags [.], cksum 0xfe28 (incorrect -> 0xd582), ack 8595, win 36875, options [nop,nop,TS val 2468267942 ecr 2468267942], length 0