Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • TCP Dump

    Загружено:

    João Paulo da Silva
    63 просмотров5 страниц
    Tcp Dump Theory for network analysis

    Оригинальное название

    Tcp Dump

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Tcp Dump Theory for network analysis

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    63 просмотров5 страниц

    TCP Dump

    Загружено:

    João Paulo da Silva
    Tcp Dump Theory for network analysis

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 5

    TCPDump

    Prof. Nelson Fonseca


    TCPDump

    • Sniffer – analisador de host schematic

    tráfego application

    • Baseado na API libpcap


    transport
    network cpu memory
    link

    • Disponível para Unix-like,


    WinDump versão para
    host
    bus
    controller (e.g., PCI)
    Windows link
    physical
    physical

    • Outro sniffer: Wireshark


    transmission

    network adapter
    card
    Filtros
    • Filtering on a host address
     To view all packets that are traveling to or from a specific IP address, type the following command:tcpdump host <IP address>
    For example: tcpdump host 10.90.100.1
     To view all packets that are traveling from a specific IP address, type the following command:tcpdump src host <IP address>
    For example: tcpdump src host 10.90.100.1
     To view all packets that are traveling to a particular IP address, type the following command:tcpdump dst host <IP address>
    For example: tcpdump dst host 10.90.100.1

    • Filtering on a port
     To view all packets that are traveling through the BIG-IP system and are either sourced from or destined to a specific port, type the following command:tcpdump
    port <port number>
    For example: tcpdump port 80
     To view all packets that are traveling through the BIG-IP system and sourced from a specific port, type the following command:tcpdump src port<port number>
    For example: tcpdump src port 80
     To view all packets that are traveling through the BIG-IP system and destined to a specific port, type the following command:tcpdump dst port <port number>
    For example: tcpdump dst port 80

    • Filtering on a tcp flag


    To view all packets that are traveling through the BIG-IP system that contain the SYN flag, type the following command:tcpdump 'tcp[tcpflags] & (tcp-syn) != 0'
    To view all packets that are traveling through the BIG-IP system that contain the RST flag, type the following command:tcpdump 'tcp[tcpflags] & (tcp-rst) != 0'
    Combinando Expressões

    • Combining filters with the 'and' operator


    • You can use the and operator to filter for a mixture of
    output.
    tcpdump host 10.90.100.1 and port 80
    tcpdump src host 172.16.101.20 and dst port 80
    tcpdump src host 172.16.101.20 and dst host 10.90.100.1

    Вам также может понравиться