tcpdump 抓包

admin

sudo tcpdump -i bond1.104 -v -vv -t   
* k0 g0 j3 [' r- [! R
" N( U2 W% w* ?- M9 I) G0 N
. @" u( k5 b3 Y2 C: F1 v3 j$ Esudo tcpdump -i ens1f0 -vv -w /tmp/ens1f0.cap     抓包写如文件中

admin

sudo tcpdump -i bond1.104 -vvv -t
tcpdump: WARNING: bond1.104: no IPv4 address assigned
tcpdump: listening on bond1.104, link-type EN10MB (Ethernet), capture size 65535 bytes
  {! f# M+ u& ]/ F4 x; vIP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 437, length 64
7 z; r& X8 V" V  nIP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
" h7 v. \3 J. s. J( P    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 437, length 64
IP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
* V' R" x0 Z, x, k. x    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 438, length 64
: l9 m$ b- F3 ^) Z& F, U, r& NIP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 438, length 64
2 _8 @# W+ g, i" f3 }) l. SIP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
- w. ?9 n  b* Y    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 439, length 64
2 e* @  j' ?5 b( d, CIP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
- b- p) K$ l0 y7 Y& o    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 439, length 64
  z6 {4 r7 ?. U- c: W8 A5 F5 qIP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
2 }: G5 \0 ?0 Z: e& ?, {' M9 A* f    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 440, length 64
IP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 440, length 64

1320503165

sudo  tcpdump -i vnet7 -vv -e icmp   抓取vnet7子接口地址

admin

sudo tcpdump -i bond1 -vv icmp  
9 W& s6 d3 x! X3 Btcpdump: WARNING: bond1: no IPv4 address assigned
tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
0 P" F% M: Q" Z$ I16:16:57.141135 IP (tos 0x0, ttl 62, id 52282, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1157, length 64
16:16:58.141200 IP (tos 0x0, ttl 62, id 52414, offset 0, flags [DF], proto ICMP (1), length 84)
! S) [6 O2 h% K  S& w$ r    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1158, length 64
16:16:59.141214 IP (tos 0x0, ttl 62, id 53243, offset 0, flags [DF], proto ICMP (1), length 84)
1 B# j. z: Z- Q, @, W    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1159, length 64
; C0 v$ K  l/ o% {- q; ?16:17:00.141085 IP (tos 0x0, ttl 62, id 53622, offset 0, flags [DF], proto ICMP (1), length 84)
4 ~: r* ^1 r+ [; C0 Q0 {5 a7 ~    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1160, length 64

admin

sudo tcpdump -i bond1 -vv -e icmp  
tcpdump: WARNING: bond1: no IPv4 address assigned
, `$ }9 h- M' C9 ?2 K; Htcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
4 V- |- d) z) f9 [  y16:21:23.140673 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47732, offset 0, flags [DF], proto ICMP (1), length 84)

4 b5 t, Q5 w$ V
% f2 \- W0 F0 d0 O4 f5 Z! S
, a5 M% i/ @6 C6 W+ t& e+ w    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1423, length 64
16:21:24.140663 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47779, offset 0, flags [DF], proto ICMP (1), length 84)
) J4 u6 p+ Q3 m# |2 K8 h    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1424, length 64
16:21:25.140651 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48122, offset 0, flags [DF], proto ICMP (1), length 84)
( g' D8 G* r: |8 S* S$ s    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1425, length 64
16:21:26.140629 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48938, offset 0, flags [DF], proto ICMP (1), length 84)
, b% K! i+ A+ v, R5 l    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1426, length 64
16:21:27.140613 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 49679, offset 0, flags [DF], proto ICMP (1), length 84)
0 q( M1 g% O) {3 e    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1427, length 64
( ?6 B  u: M- I6 x) l8 J8 S2 a1 w: `) ]16:21:28.140616 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50377, offset 0, flags [DF], proto ICMP (1), length 84)
9 D+ f4 S% w+ N# r& \' `& h    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1428, length 64
) h! b7 v. a5 J8 ?16:21:29.140633 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50603, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1429, length 64
16:21:30.140614 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 51285, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump -i bond1 -vvv -e icmp  
tcpdump: WARNING: bond1: no IPv4 address assigned
9 O2 O( _' _# F* x3 M0 A0 ?tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
! r( o( g2 l1 d6 \. l/ i6 F- V! O16:22:01.140593 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1576, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1461, length 64
7 ]# X' a0 ]! Z' D0 \5 a16:22:02.140601 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1841, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1462, length 64
3 w7 F* i: p- n16:22:03.140606 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 2688, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1463, length 64
16:22:04.140584 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3273, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1464, length 64
16:22:05.140544 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3297, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1465, length 64
16:22:06.140605 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3547, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump  -i  tapa72cc152-ce -w 43.240.248.70.cap