-
超详细的网络抓包神器 tcpdump 使用指南(4)
- 作者:谢金冉 分类:电脑技术 发布时间:2021-07-10 05:52:00
ASCII 字符串匹配。例如, tcp[((tcp[12:1] pwd=notmypasswordredirect_to=http%3A%2F%2Fdev.example.com%2Fwp-admin%2F _ga=GA1.2.21343434343421934; _gid=GA1.2.927343434349426; wordpress_test_cook...
ASCII
字符串匹配。例如,tcp[((tcp[12:1] & 0xf0) >> 2):4]
首先会确定我们感兴趣的字节的位置(在 TCP header 之后),然后选择我们希望匹配的 4 个字节。提取 HTTP 请求的 URL
提取 HTTP 请求的主机名和路径:
$ tcpdump -s 0 -v -n -l | egrep -i "POST /|GET /|Host:"tcpdump: listening on enp7s0, link-type EN10MB (Ethernet), capture size 262144 bytes POST /wp-login.php HTTP/1.1 Host: dev.example.com GET /wp-login.php HTTP/1.1 Host: dev.example.com GET /favicon.ico HTTP/1.1 Host: dev.example.com GET / HTTP/1.1 Host: dev.example.com
提取 HTTP POST 请求中的密码
从 HTTP POST 请求中提取密码和主机名:
$ tcpdump -s 0 -A -n -l | egrep -i "POST /|pwd=|passwd=|password=|Host:"tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on enp7s0, link-type EN10MB (Ethernet), capture size 262144 bytes11:25:54.799014 IP 10.10.1.30.39224 > 10.10.1.125.80: Flags [P.], seq 1458768667:1458770008, ack 2440130792, win 704, options [nop,nop,TS val 461552632 ecr 208900561], length 1341: HTTP: POST /wp-login.php HTTP/1.1.....s..POST /wp-login.php HTTP/1.1Host: dev.example.com.....s..log=admin&pwd=notmypassword&wp-submit=Log+In&redirect_to=http%3A%2F%2Fdev.example.com%2Fwp-admin%2F&testcookie=1
提取 Cookies
提取 Set-Cookie
(服务端的 Cookie)和 Cookie
(客户端的 Cookie):
$ tcpdump -nn -A -s0 -l | egrep -i 'Set-Cookie|Host:|Cookie:'tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on wlp58s0, link-type EN10MB (Ethernet), capture size 262144 bytesHost: dev.example.comCookie: wordpress_86be02xxxxxxxxxxxxxxxxxxxc43=admin%7C152xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfb3e15c744fdd6; _ga=GA1.2.21343434343421934; _gid=GA1.2.927343434349426; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_86be654654645645645654645653fc43=admin%7C15275102testtesttesttestab7a61e; wp-settings-time-1=1527337439
抓取 ICMP 数据包
查看网络上的所有 ICMP 数据包:
$ tcpdump -n icmptcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on enp7s0, link-type EN10MB (Ethernet), capture size 262144 bytes11:34:21.590380 IP 10.10.1.217 > 10.10.1.30: ICMP echo request, id 27948, seq 1, length 6411:34:21.590434 IP 10.10.1.30 > 10.10.1.217: ICMP echo reply, id 27948, seq 1, length 6411:34:27.680307 IP 10.10.1.159 > 10.10.1.1: ICMP 10.10.1.189 udp port 59619 unreachable, length 115
抓取非 ECHO/REPLY 类型的 ICMP 数据包
通过排除 echo 和 reply 类型的数据包使抓取到的数据包不包括标准的 ping
包:
$ tcpdump 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply'tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on enp7s0, link-type EN10MB (Ethernet), capture size 262144 bytes11:37:04.041037 IP 10.10.1.189 > 10.10.1.20: ICMP 10.10.1.189 udp port 36078 unreachable, length 156
抓取 SMTP/POP3 协议的邮件
可以提取电子邮件的正文和其他数据。例如,只提取电子邮件的收件人:
$ tcpdump -nn -l port 25 | grep -i 'MAIL FROM\|RCPT TO'
抓取 NTP 服务的查询和响应$ tcpdump dst port 123tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes21:02:19.112502 IP test33.ntp > 199.30.140.74.ntp: NTPv4, Client, length 4821:02:19.113888 IP 216.239.35.0.ntp > test33.ntp: NTPv4, Server, length 4821:02:20.150347 IP test33.ntp > 216.239.35.0.ntp: NTPv4, Client, length 4821:02:20.150991 IP 216.239.35.0.ntp > test33.ntp: NTPv4, Server, length 48
$ tcpdump dst port 123tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes21:02:19.112502 IP test33.ntp > 199.30.140.74.ntp: NTPv4, Client, length 4821:02:19.113888 IP 216.239.35.0.ntp > test33.ntp: NTPv4, Server, length 4821:02:20.150347 IP test33.ntp > 216.239.35.0.ntp: NTPv4, Client, length 4821:02:20.150991 IP 216.239.35.0.ntp > test33.ntp: NTPv4, Server, length 48
猜您喜欢
- 如何关闭Windows Defender防火墙,解开网..2024-04-04
- 谷歌浏览器安全设置大揭秘:让你轻松..2024-03-30
- 老电脑连接WiFi大揭秘:轻松上手,让..2024-03-28
- 如何轻松开启Windows Telnet,轻松掌握网..2024-03-25
- 腾达路由器最新登录入口,轻松掌握网..2024-03-20
- 解除网络限速,轻松提升电脑上网速度..2024-03-19
相关推荐
- EXCEL行高、列宽的设置方法..2017-10-01
- Fedora怎样设置锁屏时显示通知内容? ..2021-06-30
- win10系统深色主题怎么弄 给win10设置深..2021-05-06
- Win11无法删除文件夹怎么办 win11强制删..2022-11-21
- 表格临时文件在哪里_excel的临时文件保..2021-06-16
- Mpp文件后缀用什么软件打开的方法..2017-10-01