wireshark
The software is a software that can be used to capture packets. It supports direct network card capture, and can also import files saved during packet capture.
File format saved when capturing packets:.cap .ncap .pcap .pcapng
The commonly used packet capture command is tcpdump
, tcpdump
which is also a commonly used network packet capture tool for monitoring and analyzing network traffic.
Here are some examples of tcpdump commands:
Capture all traffic on the specified network interface (the network card name is eth0 ):
tcpdump -i eth0
The query method of the network card name is available on the Windows system ipconfig
, if it is available on the Linux system ifconfig
. (The name of the network card is the name in front of the IP address. Hahaha, this is the only way to describe it here.)
Capture HTTP traffic on a specified network interface:
tcpdump -i eth0 port 80
Capture the traffic of the specified source IP address:
tcpdump src 192.168.1.100
Capture the traffic of the specified target IP address:
tcpdump dst 192.168.1.100
Capture the traffic of the specified port:
tcpdump port 22
Save the captured packets to a file:
tcpdump -w capture.pcap
Save the packet capture information in capture.p