切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
32 中间人攻击 tcpdump 截获数据[复制链接]
发表于 2012-8-8 23:37:08 | 显示全部楼层 |!read_mode!
一般LINUX主机都默认安装了他 So,直接说如何使用
截获5.5.5.130的全部数据 ,5.5.5.130访问百度
  1. root@Dis9Team:~# tcpdump host 5.5.5.130
  2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  3. listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
  4. 03:52:57.856813 IP 5.5.5.130.1036 > 5.5.5.2.domain: 14850+ A? www.baidu.com. (31)
  5. 03:52:57.910576 IP 5.5.5.2.domain > 5.5.5.130.1036: 14850 3/4/4 CNAME www.a.shifen.com., A 119.75.218.77, A 119.75.217.56 (226)
  6. 03:52:57.918162 IP 5.5.5.130 > 119.75.218.77: ICMP echo request, id 512, seq 512, length 40
  7. 03:52:58.034185 IP 119.75.218.77 > 5.5.5.130: ICMP echo reply, id 512, seq 512, length 40
  8. 03:52:58.926915 IP 5.5.5.130 > 119.75.218.77: ICMP echo request, id 512, seq 768, length 40
  9. 03:52:59.037231 IP 119.75.218.77 > 5.5.5.130: ICMP echo reply, id 512, seq 768, length 40
  10. 03:52:59.926358 IP 5.5.5.130 > 119.75.218.77: ICMP echo request, id 512, seq 1024, length 40
  11. 03:53:00.085366 IP 119.75.218.77 > 5.5.5.130: ICMP echo reply, id 512, seq 1024, length 40
  12. 03:53:00.941413 IP 5.5.5.130 > 119.75.218.77: ICMP echo request, id 512, seq 1280, length 40
  13. 03:53:01.067932 IP 119.75.218.77 > 5.5.5.130: ICMP echo reply, id 512, seq 1280, length 40
  14. 03:53:09.742902 IP 5.5.5.130.1036 > 5.5.5.2.domain: 22530+ A? www.baidu.com. (31)
  15. 03:53:09.963011 IP 5.5.5.2.domain > 5.5.5.130.1036: 22530 3/4/4 CNAME www.a.shifen.com., A 119.75.217.56, A 119.75.218.77 (226)
  16. 03:53:09.975948 IP 5.5.5.130.1038 > 119.75.217.56.www: Flags [S], seq 4275851151, win 64240, options [mss 1460,nop,nop,sackOK], length 0
  17. 03:53:10.282426 IP 119.75.217.56.www > 5.5.5.130.1038: Flags [S.], seq 2108184867, ack 4275851152, win 64240, options [mss 1460], length 0
  18. 03:53:10.286073 IP 5.5.5.130.1038 > 119.75.217.56.www: Flags [.], ack 1, win 64240, length 0
  19. 03:53:10.291636 IP 5.5.5.130.1038 > 119.75.217.56.www: Flags [P.], seq 1:361, ack 1, win 64240, length 360
  20. 03:53:10.316896 IP 119.75.217.56.www > 5.5.5.130.1038: Flags [.], ack 361, win 64240, length 0
  21. 03:53:10.411594 IP 119.75.217.56.www > 5.5.5.130.1038: Flags [.], seq 1:1461, ack 361, win 64240, length 1460
  22. 03:53:10.411604 IP 119.75.217.56.www > 5.5.5.130.1038: Flags [.], seq 1461:2921, ack 361, win 64240, length 1460
  23. 03:53:10.411620 IP 119.75.217.56.www > 5.5.5.130.1038: Flags [P.], seq 2921:3673, ack 361, win 64240, length 752
  24. 03:53:10.440003 IP 5.5.5.130.1038 > 119.75.217.56.www: Flags [.], ack 3673, win 64240, length 0
复制代码
含有多个网卡用-I 指定
  1. root@Dis9Team:~# tcpdump host 5.5.5.130 -i eth0
复制代码
2.指定截获协议: 例子: 截获5.5.5.130的21端口数据
  1. root@Dis9Team:~# tcpdump -nnvvS tcp and src 5.5.5.130 and dst port 21
  2. tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
  3. 03:59:25.539454 IP (tos 0x0, ttl 128, id 120, offset 0, flags [DF], proto TCP (6), length 48)
  4.     5.5.5.130.1040 > 199.71.212.202.21: Flags [S], cksum 0xf059 (correct), seq 14543929, win 64240, options [mss 1460,nop,nop,sackOK], length 0
  5. 03:59:25.989048 IP (tos 0x0, ttl 128, id 121, offset 0, flags [DF], proto TCP (6), length 40)
  6.     5.5.5.130.1040 > 199.71.212.202.21: Flags [.], cksum 0xed11 (correct), seq 14543930, ack 106899869, win 64240, length 0
  7. 03:59:26.548759 IP (tos 0x0, ttl 128, id 122, offset 0, flags [DF], proto TCP (6), length 40)
  8.     5.5.5.130.1040 > 199.71.212.202.21: Flags [.], cksum 0xed11 (correct), seq 14543930, ack 106900117, win 63992, length 0
  9. 03:59:35.396256 IP (tos 0x0, ttl 128, id 123, offset 0, flags [DF], proto TCP (6), length 51)
  10.     5.5.5.130.1040 > 199.71.212.202.21: Flags [P.], cksum 0x8574 (correct), seq 14543930:14543941, ack 106900117, win 63992, length 11
  11. 03:59:36.045755 IP (tos 0x0, ttl 128, id 124, offset 0, flags [DF], proto TCP (6), length 40)
  12.     5.5.5.130.1040 > 199.71.212.202.21: Flags [.], cksum 0xed06 (correct), seq 14543941, ack 106900148, win 63961, length 0
  13. 03:59:37.829124 IP (tos 0x0, ttl 128, id 125, offset 0, flags [DF], proto TCP (6), length 53)
  14.     5.5.5.130.1040 > 199.71.212.202.21: Flags [P.], cksum 0x82b6 (correct), seq 14543941:14543954, ack 106900148, win 63961, length 13
  15. 03:59:41.804223 IP (tos 0x0, ttl 128, id 127, offset 0, flags [DF], proto TCP (6), length 40)
  16.     5.5.5.130.1040 > 199.71.212.202.21: Flags [.], cksum 0xecf9 (correct), seq 14543954, ack 106900168, win 63941, length 0
复制代码
3.多个端口监听:
  1. root@Dis9Team:~# tcpdump "src 5.5.5.130 and (dst port 3389 or 21)"
  2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  3. listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
复制代码
4.截获指定两主机数据
tcpdump host 网关 and 目标1 or 目标2
  1. root@Dis9Team:~# tcpdump host 5.5.5.2 and 5.5.5.130 or 5.5.5.128
  2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  3. listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
  4. 04:03:27.162330 ARP, Request who-has 5.5.5.130 tell Dis9Team.local, length 28
  5. 04:03:27.164062 ARP, Reply 5.5.5.130 is-at 00:0c:29:80:f2:02 (oui Unknown), length 46
  6. 04:03:27.164112 IP Dis9Team.local > 5.5.5.130: ICMP echo request, id 2314, seq 1, length 64
  7. 04:03:27.165740 IP 5.5.5.130 > Dis9Team.local: ICMP echo reply, id 2314, seq 1, length 64
复制代码
5.本地端口监听:
tcpdump port 端口
这个很简单 不演示了



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-12-3 02:03

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部