tcpdump 抓包

admin

sudo tcpdump -i bond1.104 -v -vv -t   
3 M' z; z. T9 k: d

sudo tcpdump -i ens1f0 -vv -w /tmp/ens1f0.cap     抓包写如文件中
# d$ a* o3 ?' r4 o# v0 ]$ g2 X* c

admin

sudo tcpdump -i bond1.104 -vvv -t
tcpdump: WARNING: bond1.104: no IPv4 address assigned
* F; }: ]" w9 l6 R) ~tcpdump: listening on bond1.104, link-type EN10MB (Ethernet), capture size 65535 bytes
IP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 437, length 64
, q+ s% q9 w  DIP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 437, length 64
IP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
9 ]+ W! F9 w, U: J+ [' h0 |    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 438, length 64
5 l( u. l/ x' W0 @. NIP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 438, length 64
/ C. C1 ^$ w+ p1 S8 C, b) {IP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
6 ^, I+ J: I+ J- r3 D    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 439, length 64
, j! V9 d) H5 S3 g* Z- |& _& f6 m8 hIP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 439, length 64
IP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
9 |6 n  o( ]  g1 G9 @    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 440, length 64
IP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 440, length 64

admin01

sudo tcpdump -i bond1 -vv -e icmp  抓取ICMP包。

1320503165

sudo  tcpdump -i vnet7 -vv -e icmp   抓取vnet7子接口地址

admin

sudo tcpdump -i bond1 -vv icmp  
tcpdump: WARNING: bond1: no IPv4 address assigned
4 |( I; d& ]9 s4 O' X5 _tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
16:16:57.141135 IP (tos 0x0, ttl 62, id 52282, offset 0, flags [DF], proto ICMP (1), length 84)
1 ?& C0 b; L; Z9 D2 r  P    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1157, length 64
16:16:58.141200 IP (tos 0x0, ttl 62, id 52414, offset 0, flags [DF], proto ICMP (1), length 84)
4 z9 [2 {$ Q; x8 Y0 V+ d& ?% m9 O    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1158, length 64
7 v" J7 `  L. F6 [16:16:59.141214 IP (tos 0x0, ttl 62, id 53243, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1159, length 64
' T. X0 F/ z" i6 ~2 U) X6 b* ^" j16:17:00.141085 IP (tos 0x0, ttl 62, id 53622, offset 0, flags [DF], proto ICMP (1), length 84)
& ~* M" G! D. s* B3 B    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1160, length 64

admin

sudo tcpdump -i bond1 -vv -e icmp  
4 X: g, m3 N" n% D. h9 {* Z# l+ Gtcpdump: WARNING: bond1: no IPv4 address assigned
tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
( S! o4 f/ `  i. I3 K- O/ y4 D: U16:21:23.140673 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47732, offset 0, flags [DF], proto ICMP (1), length 84)



    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1423, length 64
16:21:24.140663 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47779, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1424, length 64
16:21:25.140651 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48122, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1425, length 64
( @* C. t8 A1 b! r" l% S16:21:26.140629 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48938, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1426, length 64
- A0 n; e# j) g4 z/ a/ z16:21:27.140613 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 49679, offset 0, flags [DF], proto ICMP (1), length 84)
) R) z/ C4 D8 p: U- ^- V3 U- ^    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1427, length 64
/ B) r+ q- o. k% m16:21:28.140616 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50377, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1428, length 64
; @/ n: u- n( A; q16:21:29.140633 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50603, offset 0, flags [DF], proto ICMP (1), length 84)
) ?( O% ~% W& f1 G- M    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1429, length 64
16:21:30.140614 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 51285, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump -i bond1 -vvv -e icmp  
tcpdump: WARNING: bond1: no IPv4 address assigned
tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
5 F7 E( l* n& v1 N- k- A16:22:01.140593 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1576, offset 0, flags [DF], proto ICMP (1), length 84)
7 Q3 g+ g" s- y! ]+ a! r8 R    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1461, length 64
, K; z( H$ v6 y  ^8 i! w2 Y) M  r16:22:02.140601 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1841, offset 0, flags [DF], proto ICMP (1), length 84)
+ y5 @+ o  A( ]* z: ?4 D% q) U! P    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1462, length 64
3 ^' A" e) ?' h/ b4 P: J+ r16:22:03.140606 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 2688, offset 0, flags [DF], proto ICMP (1), length 84)
/ N0 W( e7 i3 D7 x2 Z) X5 B+ _, ~    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1463, length 64
16:22:04.140584 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3273, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1464, length 64
& ^) q5 D' |5 J0 o16:22:05.140544 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3297, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1465, length 64
16:22:06.140605 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3547, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump  -i  tapa72cc152-ce -w 43.240.248.70.cap