tcpdump 抓包

admin

sudo tcpdump -i bond1.104 -v -vv -t   

  C0 S- n7 w0 S3 v# x9 P  l
sudo tcpdump -i ens1f0 -vv -w /tmp/ens1f0.cap     抓包写如文件中
" z( M8 F' q! b" a* X* E* f) F$ [$ ^

admin

sudo tcpdump -i bond1.104 -vvv -t
7 Q. h( m7 G& w% a; etcpdump: WARNING: bond1.104: no IPv4 address assigned
, h5 @( A% c! \: I6 i& etcpdump: listening on bond1.104, link-type EN10MB (Ethernet), capture size 65535 bytes
IP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 437, length 64
$ ]% y! |# Z/ u4 dIP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
- Z. g; |- s( ]3 z# D2 O( p, e    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 437, length 64
IP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
+ @% c6 {* m# k' f/ i% q    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 438, length 64
IP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 438, length 64
IP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 439, length 64
IP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
6 D# ^6 D/ S$ N1 N9 k    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 439, length 64
IP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 440, length 64
& `7 e1 y% n" K, ?2 eIP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
6 ?- m" Y; r+ ^7 S( x6 B2 Q    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 440, length 64

admin01

sudo tcpdump -i bond1 -vv -e icmp  抓取ICMP包。

1320503165

sudo  tcpdump -i vnet7 -vv -e icmp   抓取vnet7子接口地址

admin

sudo tcpdump -i bond1 -vv icmp  
; p9 C, G* v3 V* R) ]tcpdump: WARNING: bond1: no IPv4 address assigned
tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
16:16:57.141135 IP (tos 0x0, ttl 62, id 52282, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1157, length 64
16:16:58.141200 IP (tos 0x0, ttl 62, id 52414, offset 0, flags [DF], proto ICMP (1), length 84)
- R$ Q* U# }1 _! z( @    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1158, length 64
( U0 ~+ [/ v9 Z6 x8 Z3 V1 \16:16:59.141214 IP (tos 0x0, ttl 62, id 53243, offset 0, flags [DF], proto ICMP (1), length 84)
/ i* J* Q  n) t2 O    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1159, length 64
- G* T; G  j* |' x6 i( u- I. ~16:17:00.141085 IP (tos 0x0, ttl 62, id 53622, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1160, length 64

admin

sudo tcpdump -i bond1 -vv -e icmp  
& u/ I* \! r9 B: rtcpdump: WARNING: bond1: no IPv4 address assigned
9 j3 I7 |1 b. }9 \$ I- @1 }  y5 Ctcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
6 x3 i& j0 U: a! a: ~7 ]16:21:23.140673 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47732, offset 0, flags [DF], proto ICMP (1), length 84)



4 h% V& r: s5 v5 i7 q7 Y. O    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1423, length 64
16:21:24.140663 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47779, offset 0, flags [DF], proto ICMP (1), length 84)
9 x- Y! C, x+ b5 t2 C+ @    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1424, length 64
16:21:25.140651 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48122, offset 0, flags [DF], proto ICMP (1), length 84)
" c: P! f, l  V' ]7 j" ]1 w    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1425, length 64
16:21:26.140629 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48938, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1426, length 64
16:21:27.140613 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 49679, offset 0, flags [DF], proto ICMP (1), length 84)
# D8 ?! w$ x0 V% Q3 ?" }6 c6 T0 j    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1427, length 64
. _. o# V4 ~* [9 S16:21:28.140616 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50377, offset 0, flags [DF], proto ICMP (1), length 84)
! L0 T( x! F# J+ y' X    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1428, length 64
2 P! Z  n6 B8 _5 o  h5 V16:21:29.140633 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50603, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1429, length 64
16:21:30.140614 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 51285, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump -i bond1 -vvv -e icmp  
4 G/ a% h7 j' R; a8 Ztcpdump: WARNING: bond1: no IPv4 address assigned
: A( ~5 G# {8 utcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
8 H/ x- m( _4 i16:22:01.140593 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1576, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1461, length 64
16:22:02.140601 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1841, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1462, length 64
16:22:03.140606 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 2688, offset 0, flags [DF], proto ICMP (1), length 84)
2 c6 H$ I2 {+ G8 l* |% u6 `8 Q    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1463, length 64
16:22:04.140584 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3273, offset 0, flags [DF], proto ICMP (1), length 84)
7 t2 L, v; P; H: r3 P- ~" l+ ]    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1464, length 64
16:22:05.140544 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3297, offset 0, flags [DF], proto ICMP (1), length 84)
9 j, S* P; X' X    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1465, length 64
16:22:06.140605 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3547, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump  -i  tapa72cc152-ce -w 43.240.248.70.cap