tcpdump抓包取证

date
May 30, 2022
slug
tip-tcpdump-catch-culprit
status
Published
summary
小技巧
tags
tip
type
Post
URL

Problem & Summary


tcpdump -i eth0 port smtp

tcpdump -i eth0 port 443

# any interfaces
tcpdump -i any port '(25 or 110 or 143 or 465 or 587 or 993 or 995 or 2525)' -w - | tee ~/tcpdump.log | ssh ${remote_host} "cat >> $(hostname).pcap"

tcpdump -i any 'udp port 1812 or tcp port 1813'

tcpdump -an portrange 1-25

# 抓取到本机22端口包
tcpdump -c 10 -nn -i ens33 tcp dst port 22
notion image

查看日志

notion image
notion image

Solution

    Screenshots

     

    © Ying Bun 2021 - 2024