首页 > 系统相关> 文章详细

tcpdump note

2022-09-16 23:33:26 阅读：256 来源： 互联网

标签：fqguoCentos 00 10 IP note length ssh tcpdump

参数

tcpdump | grep ip找不到想要的报文

推荐加上-n, 或者-nn

-n 不做域名解析（显示ip）

-nn不做协议，端口解析

tcpdump默认做了反向域名解析，所有grep不到ip

-t参数

●没有-同参数

[root@fqguoCentos ~]# tcpdump -i ens192
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
22:22:04.350003 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2211629083:2211629323, ack 3337987731, win 306, length 240
22:22:04.350323 IP fqguoCentos.51002 > hangzhou.zjhzptt.net.cn.domain: 32317+ PTR? 135.4.201.10.in-addr.arpa. (43)
22:22:04.350622 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.51002: 32317 NXDomain* 0/1/0 (102)
22:22:04.350959 IP fqguoCentos.44141 > hangzhou.zjhzptt.net.cn.domain: 25933+ PTR? 83.106.168.192.in-addr.arpa. (45)
22:22:04.351176 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.44141: 25933 NXDomain* 0/1/0 (104)
22:22:04.351316 IP fqguoCentos.37441 > hangzhou.zjhzptt.net.cn.domain: 36041+ PTR? 35.172.101.202.in-addr.arpa. (45)
22:22:04.351324 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 240:432, ack 1, win 306, length 192
22:22:04.352765 IP 10.201.4.135.51351 > fqguoCentos.ssh: Flags [.], ack 240, win 251, length 0
22:22:04.359955 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.37441: 36041 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
22:22:04.360086 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 432:704, ack 1, win 306, length 272
22:22:04.360117 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 704:1296, ack 1, win 306, length 592
22:22:04.360202 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1296:1760, ack 1, win 306, length 464

●-t 不输出时间

[root@fqguoCentos ~]# tcpdump -i ens192 -t
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2212171515:2212171755, ack 3337990259, win 507, length 240
IP fqguoCentos.59960 > hangzhou.zjhzptt.net.cn.domain: 57658+ PTR? 135.4.201.10.in-addr.arpa. (43)
IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.59960: 57658 NXDomain* 0/1/0 (102)
IP fqguoCentos.55148 > hangzhou.zjhzptt.net.cn.domain: 65180+ PTR? 83.106.168.192.in-addr.arpa. (45)
IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.55148: 65180 NXDomain* 0/1/0 (104)
IP fqguoCentos.50360 > hangzhou.zjhzptt.net.cn.domain: 17409+ PTR? 35.172.101.202.in-addr.arpa. (45)
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 240:416, ack 1, win 507, length 176
IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.50360: 17409 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 416:1136, ack 1, win 507, length 720
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1136:1296, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1296:1456, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1456:1616, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1616:1776, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1776:1936, ack 1, win 507, length 160
IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1936:2096, ack 1, win 507, length 160
IP 192.168.106.56.netbios-ns > 192.168.106.255.netbios-ns: UDP, length 50

●-tt 输出时间戳

[root@fqguoCentos ~]# tcpdump -c 10 -i ens192 -tt
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
1663295087.511500 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2212766251:2212766491, ack 3337992691, win 580, length 240
1663295087.511834 IP fqguoCentos.52209 > hangzhou.zjhzptt.net.cn.domain: 32855+ PTR? 135.4.201.10.in-addr.arpa. (43)
1663295087.512089 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.52209: 32855 NXDomain* 0/1/0 (102)
1663295087.512463 IP fqguoCentos.59282 > hangzhou.zjhzptt.net.cn.domain: 15892+ PTR? 83.106.168.192.in-addr.arpa. (45)
1663295087.512754 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.59282: 15892 NXDomain* 0/1/0 (104)
1663295087.512868 IP fqguoCentos.42780 > hangzhou.zjhzptt.net.cn.domain: 2109+ PTR? 35.172.101.202.in-addr.arpa. (45)
1663295087.512906 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 240:432, ack 1, win 580, length 192
1663295087.513168 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.42780: 2109 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
1663295087.513264 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 432:1280, ack 1, win 580, length 848
1663295087.513304 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1280:1456, ack 1, win 580, length 176
10 packets captured
10 packets received by filter
0 packets dropped by kernel

●-ttt 两行打印的时间间隔（以毫秒为单位）

[root@fqguoCentos ~]# tcpdump -c 10 -i ens192 -ttt
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
 00:00:00.000000 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2212769179:2212769259, ack 3337993459, win 580, length 80
 00:00:00.000035 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 80:288, ack 1, win 580, length 208
 00:00:00.000546 IP fqguoCentos.35319 > hangzhou.zjhzptt.net.cn.domain: 26390+ PTR? 135.4.201.10.in-addr.arpa. (43)
 00:00:00.000348 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.35319: 26390 NXDomain* 0/1/0 (102)
 00:00:00.000317 IP fqguoCentos.34763 > hangzhou.zjhzptt.net.cn.domain: 56467+ PTR? 83.106.168.192.in-addr.arpa. (45)
 00:00:00.000338 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.34763: 56467 NXDomain* 0/1/0 (104)
 00:00:00.000109 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 288:592, ack 1, win 580, length 304
 00:00:00.000009 IP fqguoCentos.49622 > hangzhou.zjhzptt.net.cn.domain: 61571+ PTR? 35.172.101.202.in-addr.arpa. (45)
 00:00:00.000211 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.49622: 61571 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
 00:00:00.000061 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 592:768, ack 1, win 580, length 176

●-tttt 在每行打印的时间戳之前添加日期的打印

[root@fqguoCentos ~]# tcpdump -c 10 -i ens192 -tttt
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
2022-09-15 22:25:19.362468 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 2212771291:2212771531, ack 3337993651, win 580, length 240
2022-09-15 22:25:19.362736 IP fqguoCentos.52303 > hangzhou.zjhzptt.net.cn.domain: 30585+ PTR? 135.4.201.10.in-addr.arpa. (43)
2022-09-15 22:25:19.363069 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.52303: 30585 NXDomain* 0/1/0 (102)
2022-09-15 22:25:19.363404 IP fqguoCentos.47101 > hangzhou.zjhzptt.net.cn.domain: 7843+ PTR? 83.106.168.192.in-addr.arpa. (45)
2022-09-15 22:25:19.363672 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.47101: 7843 NXDomain* 0/1/0 (104)
2022-09-15 22:25:19.363779 IP fqguoCentos.49039 > hangzhou.zjhzptt.net.cn.domain: 38777+ PTR? 35.172.101.202.in-addr.arpa. (45)
2022-09-15 22:25:19.363819 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 240:448, ack 1, win 580, length 208
2022-09-15 22:25:19.363986 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.49039: 38777 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
2022-09-15 22:25:19.364067 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 448:1360, ack 1, win 580, length 912
2022-09-15 22:25:19.364110 IP fqguoCentos.ssh > 10.201.4.135.51351: Flags [P.], seq 1360:1536, ack 1, win 580, length 176
10 packets captured
10 packets received by filter
0 packets dropped by kernel

抓任意接口

tcpdump -i any

-c 指定报文个数

tcpdump -i ens192 -c 10

-C与-W

-C 指定抓包文件大小
-W 当文件到达指定的大小后，保存几个文件
循环

[root@fqguoCentos tmp]# tcpdump -i ens192 -C 2 -W 5 -w /tmp/ttt
dropped privs to tcpdump
tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
^C56947 packets captured
56951 packets received by filter
0 packets dropped by kernel
[root@fqguoCentos tmp]# ll
total 9188
-rw-rw-r--. 1 fqguo   fqguo         0 Sep 15 08:33 aa
drwx------. 3 root    root         17 Aug 23 04:29 systemd-private-45eff7d8d95840e8ac264e256de42ef7-chronyd.service-OYPQej
-rw-r--r--. 1 tcpdump tcpdump 2001230 Sep 15 22:35 ttt0
-rw-r--r--. 1 tcpdump tcpdump 2000210 Sep 15 22:35 ttt1
-rw-r--r--. 1 tcpdump tcpdump 2000976 Sep 15 22:35 ttt2
-rw-r--r--. 1 tcpdump tcpdump 1396260 Sep 15 22:35 ttt3
-rw-r--r--. 1 tcpdump tcpdump 2000220 Sep 15 22:35 ttt4
[root@fqguoCentos tmp]#

-e 显示mac信息

[root@fqguoCentos ~]# tcpdump -i ens192 -e -c 20
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
10:37:52.376494 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 294: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 40574662:40574902, ack 1424672344, win 781, length 240
10:37:52.376790 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 88: fqguoCentos.42780 > hangzhou.zjhzptt.net.cn.domain: 15429+ PTR? 235.107.168.192.in-addr.arpa. (46)
10:37:52.377081 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 147: hangzhou.zjhzptt.net.cn.domain > fqguoCentos.42780: 15429 NXDomain* 0/1/0 (105)
10:37:52.377415 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 87: fqguoCentos.60316 > hangzhou.zjhzptt.net.cn.domain: 2294+ PTR? 83.106.168.192.in-addr.arpa. (45)
10:37:52.377709 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 146: hangzhou.zjhzptt.net.cn.domain > fqguoCentos.60316: 2294 NXDomain* 0/1/0 (104)
10:37:52.377823 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 87: fqguoCentos.34374 > hangzhou.zjhzptt.net.cn.domain: 26673+ PTR? 35.172.101.202.in-addr.arpa. (45)
10:37:52.377858 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 342: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 240:528, ack 1, win 781, length 288
10:37:52.378067 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 124: hangzhou.zjhzptt.net.cn.domain > fqguoCentos.34374: 26673 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
10:37:52.378166 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 1590: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 528:2064, ack 1, win 781, length 1536
10:37:52.378220 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 2064:2336, ack 1, win 781, length 272
10:37:52.378259 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 2336:2608, ack 1, win 781, length 272
10:37:52.378321 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 2608:2880, ack 1, win 781, length 272
10:37:52.378383 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 2880:3152, ack 1, win 781, length 272
10:37:52.378436 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 3152:3424, ack 1, win 781, length 272
10:37:52.390140 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 60: 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 240, win 4196, length 0
10:37:52.390153 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 3424:3696, ack 1, win 781, length 272
10:37:52.390244 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 518: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 3696:4160, ack 1, win 781, length 464
10:37:52.390316 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 4160:4432, ack 1, win 781, length 272
10:37:52.390375 00:0c:29:2d:1d:a1 (oui Unknown) > 00:00:5e:00:01:c8 (oui IANA), ethertype IPv4 (0x0800), length 326: fqguoCentos.ssh > 192.168.107.235.51591: Flags [P.], seq 4432:4704, ack 1, win 781, length 272
10:37:52.392585 84:65:69:6f:4d:c4 (oui Unknown) > 00:0c:29:2d:1d:a1 (oui Unknown), ethertype IPv4 (0x0800), length 66: 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 528, win 4195, options [nop,nop,sack 1 {2064:2336}], length 0
20 packets captured
21 packets received by filter
0 packets dropped by kernel

-Q 指定方向：in，out， inout

tcpdump -c 10 -i ens192 -Q in

[root@fqguoCentos ~]# tcpdump -i ens192 -Q in -c 20
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
10:41:38.811420 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 40585254, win 4193, length 0
10:41:38.812133 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.46304: 45180 NXDomain* 0/1/0 (104)
10:41:38.812805 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.53212: 44282 NXDomain* 0/1/0 (105)
10:41:38.813314 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.51862: 55899 1/0/0 PTR hangzhou.zjhzptt.net.cn. (82)
10:41:38.830906 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 529, win 4196, length 0
10:41:38.899027 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 689, win 4196, length 0
10:41:38.957398 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 849, win 4195, length 0
10:41:39.020331 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1009, win 4195, length 0
10:41:39.085778 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1169, win 4194, length 0
10:41:39.147766 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1329, win 4193, length 0
10:41:39.170742 ARP, Request who-has 192.168.106.70 tell _gateway, length 46
10:41:39.171256 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.45518: 26636 NXDomain* 0/1/0 (104)
10:41:39.171767 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.44893: 5459 NXDomain* 0/1/0 (103)
10:41:39.187272 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1825, win 4191, length 0
10:41:39.244328 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 1985, win 4196, length 0
10:41:39.308391 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2145, win 4196, length 0
10:41:39.380643 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2305, win 4195, length 0
10:41:39.445398 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2465, win 4195, length 0
10:41:39.499997 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2625, win 4194, length 0
10:41:39.555488 IP 192.168.107.235.51591 > fqguoCentos.ssh: Flags [.], ack 2785, win 4193, length 0
20 packets captured
41 packets received by filter
0 packets dropped by kernel

-q 简版显示

[root@fqguoCentos ~]# tcpdump -i ens192 -q -c 20
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
10:44:16.911465 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 240
10:44:16.911836 IP fqguoCentos.33186 > hangzhou.zjhzptt.net.cn.domain: UDP, length 46
10:44:16.912063 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.33186: UDP, length 105
10:44:16.912394 IP fqguoCentos.54929 > hangzhou.zjhzptt.net.cn.domain: UDP, length 45
10:44:16.912642 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.54929: UDP, length 104
10:44:16.912744 IP fqguoCentos.52573 > hangzhou.zjhzptt.net.cn.domain: UDP, length 45
10:44:16.912785 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.912974 IP hangzhou.zjhzptt.net.cn.domain > fqguoCentos.52573: UDP, length 82
10:44:16.913067 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 656
10:44:16.913109 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913146 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913184 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913243 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913311 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.913375 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.927142 IP 192.168.107.235.51591 > fqguoCentos.ssh: tcp 0
10:44:16.927158 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.927225 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 192
10:44:16.927276 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
10:44:16.927319 IP fqguoCentos.ssh > 192.168.107.235.51591: tcp 128
20 packets captured
21 packets received by filter
0 packets dropped by kernel

-D -L

-D 显示网络接口列表
-L 显示网络链路列表

标签：fqguoCentos,00,10,IP,note,length,ssh,tcpdump
来源： https://www.cnblogs.com/fqguo24/p/16701647.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

ICode9