Introduction
Network packet interception analysis tool. Support filtering for network layers, protocols, hosts, networks, or ports. And provide logic statements such as and, or, not to help remove useless information.
Tcpdump - dump traffic on a network
example
Do not specify any parameters
Listen for packets passing through the first NIC. There may be more than one network card on the host, so it is often necessary to specify a network card.
Tcpdump
Listen to a specific network card
Tcpdump -i en0
Listen to a specific host
Example: Listen to the communication packet between the host and the host 182.254.38.55.
Note: Both outgoing and incoming packets will be monitored.
Tcpdump host 182.254.38.55
Communication from a specific source and destination address
Specific source
Tcpdump src host hostname
Specific destination address
Tcpdump dst host hostname
If you do not specify src and dst, then the source or the communication whose destination is hostname will be monitored.
Tcpdump host hostname
Specific port
Tcpdump port 3000
Listening for TCP/UDP
Different services on the server use TCP and UDP as the transport layer, if you only want to listen to TCP packets.
Tcpdump tcp
Source host + port + TCP
Listen for TCP packets from port 123.207.116.169 on port 22.
Tcpdump tcp port 22 and src host 123.207.116.169
Listen for communication between specific hosts
Tcpdump ip host 210.27.48.1 and 210.27.48.2
210.27.48.1 Communication between hosts other than 210.27.48.2
Tcpdump ip host 210.27.48.1 and ! 210.27.48.2
A little more detailed example
Tcpdump tcp -i eth1 -t -s 0 -c 100 and dst port ! 22 and src net 192.168.1.0/24 -w ./target.cap
(1) tcp: ip icmp arp rarp and tcp, udp, icmp and other options must be placed in the first parameter location, used to filter the type of datagram
(2)-i eth1 : Only capture packets that pass through interface eth1
(3)-t : no timestamp is displayed
(4)-s 0 : The default grab length is 68 bytes when fetching packets. With -S 0, you can capture the complete packet
(5)-c 100 : only capture 100 packets
(6) dst port ! 22 : Do not grab the packet whose destination port is 22
(7) src net 192.168.1.0/24 : The source network address of the packet is 192.168.1.0/24
(8)-w ./target.cap : Save as a cap file for easy analysis with ethereal (wireshark)
Grab the http package
TODO
Limit the number of captured packets
As follows, after grabbing 1000 packages, automatically exit
Tcpdump -c 1000
Save to local
Note: tcpdump will write the output to the buffer by default. Only when the buffer content reaches a certain size, or when tcpdump exits, the output will be written to the local disk.
Tcpdump -n -vvv -c 1000 -w /tmp/tcpdump_save.cap
It can also be forced to write to the local disk immediately by adding -U (generally not recommended, the performance is relatively poor)
Practical example
First look at one of the more common deployment methods, deploy the nodejs server on the server, and listen on port 3000. The nginx reverse proxy listens on port 80 and forwards the request to the nodejs server (127.0.0.1:3000).
Browser -> nginx reverse proxy -> nodejs server
Question: Suppose the user (183.14.132.117) accesses the browser and finds that the request has not been returned. How to troubleshoot it?
Step 1: Check if the request reaches nodejs server -> can be viewed through the log.
Step 2: Check if nginx forwards the request to the nodejs server.
Tcpdump port 8383
At this point you will find that there is no output, even if the nodejs server has received the request. Because the address forwarded by nginx is 127.0.0.1, the default interface is not used. In this case, the specified interface needs to be displayed.
Tcpdump port 8383 -i lo
Remarks: Configure nginx, let nginx bring the host on the request side, otherwise nodejs server can't get src host, that is, the following listener is invalid, because for nodejs server, src host is 127.0.0.1
Tcpdump port 8383 -i lo and src host 183.14.132.117
Step 3: Check if the request reaches the server
Tcpdump -n tcp port 8383 -i lo and src host 183.14.132.117
APM DC Source System is a single output programmable smps power supply which provides with high power density and stable DC output. The dc switching power supply offers continuously variable output voltage and current for a broad range of applications.
Some features as below:
- With accurate voltage and current measurement capability.
- Coded Knob, multifunctional keyboard.
- Standard RS232/RS485/USB/LAN communication interfaces, GPIB is optional.
- Remote sensing line voltage drop compensation.
- Equips with LIST waveform editing function.
- Use the Standard Commands for Programmable Instrumentation(SCPI) communication protocol.
- Have obtained CE certification.
200V DC Source System,High Power Power Supply,Current Dc Power Source,Dc Led Power Source
APM Technologies Ltd , https://www.apmpowersupply.com