抓包工具tcpdump ngrep

tcpdump -lnA dst port 11700 -c 10 http抓包

tcpdump -lnX dst port 11700 -c 10

查看get
sudo tcpdump -s 0 -A 'tcp dst port 11700 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'

查看post
sudo tcpdump -s 0 -A 'tcp dst port 11700 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'

查看HTTP请求响应头以及数据
sudo tcpdump -A -s 0 'tcp port 11700 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
sudo tcpdump -X -s 0 'tcp port 11700 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

sudo tcpdump -lnX dst host 10.0.1.57

肉眼可读的 tcpdump -A -s 10240 'tcp port 11700 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^........(GET |HTTP/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |HTTP/|POST |HEAD )/\n\1/g'

stdbuf -oL -eL /usr/sbin/tcpdump -A -s 10240 "tcp port 11700 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)" | egrep -a --line-buffered ".+(GET |HTTP/|POST )|^[A-Za-z0-9-]+: " | perl -nle 'BEGIN{1/g; print }'

ngrep -q -d eth0 -W byline host 10.135.x.x and (117.136.x.x or 202.104.x.x) and port 80 or port 8089 or port 11211 or port 3478

ngrep -W byline service/java-rns port 8500 -d any -c 1000 -q

你可能感兴趣的:(抓包工具tcpdump ngrep)