1. 程式人生 > >linux伺服器tcpdump抓http包

linux伺服器tcpdump抓http包

tcpdump安裝略過。

1.監聽eth0網絡卡HTTP 80埠的request和response
tcpdump -i eth0 -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'


2.監聽eth0網絡卡HTTP 80埠的request(不包括response),指定來源域名"example.com",也可以指定IP"192.168.1.107"
tcpdump -i eth0 -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'


3.監聽本機發送至本機的HTTP 80埠的request和response
tcpdump -i lo -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'


4.監聽eth0網絡卡HTTP 80埠的request和response,結果另存為cap檔案
tcpdump -i eth0 -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -w ./dump.cap

注1:如果報錯"tcpdump: Bluetooth link-layer type filtering not implemented",是因為預設網絡卡不是ech0,需要用-i引數指定

注2:通過ifconfig命令檢視網絡卡

End;

原文出自:http://blog.csdn.net/daiyudong2020/article/details/71375256