tcpdump 抓包

admin

sudo tcpdump -i bond1.104 -v -vv -t   


sudo tcpdump -i ens1f0 -vv -w /tmp/ens1f0.cap     抓包写如文件中

admin

sudo tcpdump -i bond1.104 -vvv -t
& K, |6 X2 }* E4 ttcpdump: WARNING: bond1.104: no IPv4 address assigned
! |2 [! c1 c' [5 J+ H0 jtcpdump: listening on bond1.104, link-type EN10MB (Ethernet), capture size 65535 bytes
IP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
% {$ G2 z8 |4 @3 U# i    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 437, length 64
  ]2 F" U; q  c. Y4 Z4 _IP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
5 V( S' j- [" k' n    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 437, length 64
IP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
3 `0 M' d6 b, c$ d9 {    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 438, length 64
0 a  Z# W* o' v! L9 QIP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
) Y9 U1 ^+ o6 D' P9 ]( C2 q: Z    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 438, length 64
$ E1 ~; Q- z% q. ~' OIP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
- k) ~0 \( \2 U; W1 }6 O4 ^4 _" L% d; O    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 439, length 64
IP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
+ v3 ]" p* c% P% `- B& j    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 439, length 64
# j# q% H+ ^; t7 I: i1 ]IP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 440, length 64
IP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 440, length 64

1320503165

sudo  tcpdump -i vnet7 -vv -e icmp   抓取vnet7子接口地址

admin

sudo tcpdump -i bond1 -vv icmp  
tcpdump: WARNING: bond1: no IPv4 address assigned
tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
16:16:57.141135 IP (tos 0x0, ttl 62, id 52282, offset 0, flags [DF], proto ICMP (1), length 84)
( m. P8 q8 v8 D6 \: a2 `' c9 u    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1157, length 64
5 a$ @; ]3 O1 d  `9 C! t16:16:58.141200 IP (tos 0x0, ttl 62, id 52414, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1158, length 64
, K- P" L! c3 M- I0 z16:16:59.141214 IP (tos 0x0, ttl 62, id 53243, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1159, length 64
0 n5 |7 I* m! y4 {. b16:17:00.141085 IP (tos 0x0, ttl 62, id 53622, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1160, length 64

admin

sudo tcpdump -i bond1 -vv -e icmp  
tcpdump: WARNING: bond1: no IPv4 address assigned
$ x( L) \  t" btcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
! d0 J+ x9 {7 a5 r+ ~4 c# V! k16:21:23.140673 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47732, offset 0, flags [DF], proto ICMP (1), length 84)

! a/ N5 P, o: g8 ^, W$ C  V
, D0 j; ^2 }; v
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1423, length 64
16:21:24.140663 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47779, offset 0, flags [DF], proto ICMP (1), length 84)
% d6 O3 v9 j& B( h    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1424, length 64
' ]4 F) V% L7 y: f( O& ?. N: c16:21:25.140651 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48122, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1425, length 64
% g" @7 P, i$ G* {, r* P16:21:26.140629 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48938, offset 0, flags [DF], proto ICMP (1), length 84)
. t; `9 E7 F! ?7 X6 k4 A    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1426, length 64
16:21:27.140613 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 49679, offset 0, flags [DF], proto ICMP (1), length 84)
! G( Y4 d" P8 m& T    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1427, length 64
16:21:28.140616 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50377, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1428, length 64
) v6 N" M% }: Z% [; f' ?+ p16:21:29.140633 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50603, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1429, length 64
- l' e* d% k6 m16:21:30.140614 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 51285, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump -i bond1 -vvv -e icmp  
1 |; X: W- g/ B$ Vtcpdump: WARNING: bond1: no IPv4 address assigned
tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
! T1 L' l+ D0 B8 O; C9 `2 k( b8 |16:22:01.140593 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1576, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1461, length 64
16:22:02.140601 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1841, offset 0, flags [DF], proto ICMP (1), length 84)
' B4 J4 a( N/ e  D    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1462, length 64
16:22:03.140606 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 2688, offset 0, flags [DF], proto ICMP (1), length 84)
. z, r8 H- I5 q/ m! x' L, z    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1463, length 64
16:22:04.140584 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3273, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1464, length 64
16:22:05.140544 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3297, offset 0, flags [DF], proto ICMP (1), length 84)
5 `/ x. m: j/ }4 Y    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1465, length 64
( e9 [1 ~$ T* v! G6 Z6 C3 \16:22:06.140605 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3547, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump  -i  tapa72cc152-ce -w 43.240.248.70.cap