VPN 隧道的 tcpdump
我有两台机器通过 VPN 隧道连接。我需要使用 tcpdump 嗅探流量(http 请求)。我正在使用这个命令:
tcpdump -w log.pcap -s 64000 host
其中host是我的虚拟ip,但我只能看到响应,而不是请求。 如何查看http请求?
I have two machines which are conected with vpn tunnel. I need to sniff the traffic (http requests) with tcpdump. I am using this command:
tcpdump -w log.pcap -s 64000 host
where host is my virtual ip, but I can only see the responses, not requests.
How can I see http requests?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我还没有完全理解你的问题,但据我所知,vpn 在 IPSEC 上工作,而 IPSEC 又在两个协议上工作 ah/esp
要捕获
authentication header(AH)流量,你可以尝试这个 ..tcpdump -X -s0 protochain 51与捕获
封装的安全负载(ESP)类似,您可以尝试这个...tcpdump -X -s0 protochain 50注意:
我没有完全理解你的问题
I have not understood your problem completely but as per my knowledge vpn works on IPSEC which in turn work on two protocols either ah/esp
To capture
authentication header(AH)traffic you can try this ..tcpdump -X -s0 protochain 51Similarly to capture
encapsulated security payload (ESP)you can try this ...tcpdump -X -s0 protochain 50Note:
I have not understood your question exactly
如果没有更多细节,我不确定问题是什么,但我认为您误解了 tcpdump 的工作原理。您可能不想指定 IP,而是使用“-i”参数指定接口。同样,如果您只是想要捕获http请求,您可能也想指定这一点。我认为你的命令可能希望看起来更像这样:
Without more detail, I'm not sure what the issue is, but I think you're misunderstanding how tcpdump works. Likely, you don't want to be specifying the IP, but, rather, the interface, using the "-i" parameter. Likewise, if you just want to capture http requests, you probably want to specify that, too. I think your command probably wants to look an awful lot more like this: