tcpdump 状态过滤
假设我有两台主机 A 和 B。它们在端口 80 上都有一个 Web 服务器。两台服务器都通过其 Web 服务器互相下载文件。 A:some_port <--> b:80,同时A:80<--> B:某个端口。
如何运行 tcpdump 来捕获客户端为主机 A 或 B 的所有数据包?我不想有一个混合的转储文件,其中包括来自两个连接的数据包。
如果我使用:
tcpdump -i eth0 host A and port 80
我收到 A 和 B 之间的所有数据包。如果我将其更改为
tcpdump -i eth0 src host A and src port 80
,那么我只收到错误的一半数据包。
您有什么建议吗?
Consider I have two hosts A and B. They both have a webserver on port 80. Both servers download files from each other through their webservers. A:some_port <--> b:80 and at the same time A:80 <--> B:some_port.
How can I run a tcpdump to capture all packets whose client is either host A, or B? I do not want to have a mixed up dump file including packets from both connections.
if I use:
tcpdump -i eth0 host A and port 80
I receive all packets between A and B. And if I change it to
tcpdump -i eth0 src host A and src port 80
then I just received wrong half the packets.
Do you have any suggestions?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我找不到任何方法可以做到这一点。然而,我所做的是对不同的连接使用不同的源端口范围,并在我的 tcpdump 过滤器中使用它们...
我知道这不是答案,但需要进行调整才能使其工作...
I couldn't find any way to do that. Yet, what I did was to use different source port ranges for different connections and use them in my tcpdump filter...
I know it is not the answer, but it is tweak to make it work...