通过tcpdump捕获tcp数据包

发布于 2024-12-20 20:53:20 字数 370 浏览 6 评论 0原文

我正在尝试从配置到我的服务器 eth1 接口的 11050 端口的 GPS 设备（客户端）捕获 tcp 数据包。我想将这些数据包捕获到文件中。结果不是人类可读的格式。以下是我尝试过的命令列表，但没有结果。请帮助...

tcpdump -w test.pcap -i eth1 tcp port 11050

tcpdump -i eth1 -X -s 11050 -w test1

test1, test.pcap 都读取下面的！！！

  ��ق���ق���ʣ�N�%��S�U$��E�MO@5�&߶y?vf��6++�qe��>ۀ

原文

I'm trying to capture tcp packets from a GPS device(client) configured to my server's 11050 port of eth1 interface. I wanna capture these packets to a file. The result is not in a human readable format. Below are list of the commands i tried with, but no results. please help...

tcpdump -w test.pcap -i eth1 tcp port 11050

tcpdump -i eth1 -X -s 11050 -w test1

test1, test.pcap both read the below!!!

  ��ق���ق���ʣ�N�%��S�U$��E�MO@5�&߶y?vf��6++�qe��>ۀ

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

最单纯的乌龟 2024-12-27 20:53:20

tcpdump 将以适合稍后使用 tcpdump、wireshark、Tshark 重新解析的格式写入捕获的数据，等等。

使用 tcpdump -r test.pcap 重新读取文件，您将获得人类可读的输出：

$ tcpdump -r ./test.pcap 
reading from file ./test.pcap, link-type EN10MB (Ethernet)
23:25:32.646075 ARP, Request who-has moxi-00067F274580 tell haig, length 28
23:25:32.646322 ARP, Reply moxi-00067F274580 is-at 00:06:7f:27:45:80 (oui Unknown), length 46
23:25:34.567932 IP haig.36941 > 192.168.0.1.domain: 36648+ A? www.google.com. (32)
...

tcpdump will write the captured data in a format suitable for re-parsing later with tcpdump, wireshark, Tshark, etc.

Re-read the file with tcpdump -r test.pcap and you'll get human-readable output:

$ tcpdump -r ./test.pcap 
reading from file ./test.pcap, link-type EN10MB (Ethernet)
23:25:32.646075 ARP, Request who-has moxi-00067F274580 tell haig, length 28
23:25:32.646322 ARP, Reply moxi-00067F274580 is-at 00:06:7f:27:45:80 (oui Unknown), length 46
23:25:34.567932 IP haig.36941 > 192.168.0.1.domain: 36648+ A? www.google.com. (32)
...

回复收藏 0 原文

~没有更多了~