netstat -t4
плюс (с вариантами портов итд)
netstat -nalp | grep -E ':80 | :443' | awk '{print $6}' | sort | uniq -c
tcpdump -tttt -r serverfault_request.pcap host 192.168.11.20 and port 443
а для знатоков и гурманов есть варианты красивее:
tcpdump -qns 0 -A -r serverfault_request.pcap
14:29:33.256929 IP 10.2.4.243.41997 > 69.59.196.212.80: tcp 1097
E..}..@.@.c.
...E;...^M.P..^w.G.......t.....
.%.}..l.GET /questions HTTP/1.1
Host: serverfault.comtcpdump -qns 0 -X -r serverfault_request.pcap
14:28:33.800865 IP 10.2.4.243.41997 > 69.59.196.212.80: tcp 1097
0x0000: 4500 047d b9c4 4000 4006 63b2 0a02 04f3 E..}..@.@.c.....
0x0010: 453b c4d4 a40d 0050 f0d4 4747 f847 3ad5 E;.....P..GG.G:.
0x0020: 8018 f8e0 1d74 0000 0101 080a 0425 4e6d .....t.......%Nm
0x0030: 0382 68a1 4745 5420 2f71 7565 7374 696f ..h.GET./questio
0x0040: 6e73 2048 5454 502f 312e 310d 0a48 6f73 ns.HTTP/1.1..Hos
0x0050: 743a 2073 6572 7665 7266 6175 6c74 2e63 t:.serverfault.c
0x0060: 6f6d 0d0a 5573 6572 2d41 6765 6e74 3a20 om..User-Agent:.
0x0070: 4d6f 7a69 6c6c 612f 352e 3020 2858 3131 Mozilla/5.0.(X11
0x0080: 3b20 553b 204c 696e 7578 2069 3638 363b ;.U;.Linux.i686;
tcpdump -c 2 -i eth0
Display Captured Packets in ASCII
tcpdump -A -i eth0
Display Captured Packets in HEX and ASCII using tcpdump -XX
tcpdump -XX -i eth0
Capture the packets and write into a file using tcpdump -w
tcpdump -w 08232010.pcap -i eth0
Read packets longer than N bytes
tcpdump -w g_1024.pcap greater 1024
Receive packets flows on a particular port using tcpdump port
tcpdump -i eth0 port 22
Capture packets for particular destination IP and Port
tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22
Capture TCP communication packets between two hosts
tcpdump -w comm.pcap -i eth0 dst 16.181.170.246 and port 22
Filter Packets – Capture all the packets other than arp and rarp
tcpdump -i eth0 not arp and not rarp
took this set of commands from https://www.thegeekstuff.com/2010/08/tcpdump-command-examples/
Комментариев нет:
Отправить комментарий