Linux has too many commands, and tcpdump is a very powerful packet capture command. Sometimes I want to look at some of the problems happening online:
Is there a client connected to nginx... Is the data posted by the client correct when the client connects... Which businesses are using my Redis instance...
tcpdump comes in handy as a network analysis tool! It has a lot of commands and parameters, so I simply recorded some commonly used operations. There is actually a lot of information on the Internet, but the ones that really come in handy may be the ones I list below :v
Grab port 80 of the eth0 network card:
tcpdump -nnA 'port 80' -i eth0
-A: Print out all packets in ASCII format and minimize the link layer header -nn: Display IP address and port number
Capture packets sent to 10.48.31.56:
tcpdump -i eth0 dst host 10.48.31.56
Specify network filtering:
tcpdump -i eth0 src net 10.48
Specify protocol filtering:
tcpdump -i eth0 tcp
Expression filtering:
tcpdump -i eth0 '((tcp) and (port 80) and ((dst host 10.48.31.56) or (dst host 10.48.31.58)))'
Follow the public account ↑↑↑: IT Operation and Maintenance Base Camp and get 60 G of "Internet Worker Gift Pack"