tcpdump 抓包

admin

sudo tcpdump -i bond1.104 -v -vv -t   
/ p7 t; g) L' I8 b5 F! w
3 L' }% s, k$ s
sudo tcpdump -i ens1f0 -vv -w /tmp/ens1f0.cap     抓包写如文件中

admin

sudo tcpdump -i bond1.104 -vvv -t
tcpdump: WARNING: bond1.104: no IPv4 address assigned
0 n! r/ u! A" e! |: Z2 V. S, m* Qtcpdump: listening on bond1.104, link-type EN10MB (Ethernet), capture size 65535 bytes
- u1 J& N2 y4 dIP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
" q+ B. |8 y* f0 a    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 437, length 64
" h- T5 c: x0 ], o+ eIP (tos 0x0, ttl 64, id 18437, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 437, length 64
IP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 438, length 64
  i8 \* S( v0 S1 ]2 U8 v# @- SIP (tos 0x0, ttl 64, id 18696, offset 0, flags [DF], proto ICMP (1), length 84)
8 H5 p/ o* T! [7 i3 u* A( U$ q6 q+ s    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 438, length 64
IP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
    CD--6 > 10.4.5.100: ICMP echo request, id 7024, seq 439, length 64
IP (tos 0x0, ttl 64, id 18958, offset 0, flags [DF], proto ICMP (1), length 84)
$ ^4 c" x* _+ U    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 439, length 64
IP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
    CD--6 > 10.64.35.100: ICMP echo request, id 7024, seq 440, length 64
" l: b+ O# o% a, p- Q0 kIP (tos 0x0, ttl 64, id 19338, offset 0, flags [DF], proto ICMP (1), length 84)
    10.4.5.100 > CD--6: ICMP echo reply, id 7024, seq 440, length 64

1320503165

sudo  tcpdump -i vnet7 -vv -e icmp   抓取vnet7子接口地址

admin

sudo tcpdump -i bond1 -vv icmp  
8 K( }7 j; w* G- Z6 z# \) Y4 \tcpdump: WARNING: bond1: no IPv4 address assigned
/ y  X$ f3 [0 V& [0 ?tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
8 x1 P, W4 R+ K( f$ x# _16:16:57.141135 IP (tos 0x0, ttl 62, id 52282, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1157, length 64
16:16:58.141200 IP (tos 0x0, ttl 62, id 52414, offset 0, flags [DF], proto ICMP (1), length 84)
# b1 s$ }' a1 ]9 U/ U    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1158, length 64
16:16:59.141214 IP (tos 0x0, ttl 62, id 53243, offset 0, flags [DF], proto ICMP (1), length 84)
% _" C5 z! u! {- ?: q: i    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1159, length 64
16:17:00.141085 IP (tos 0x0, ttl 62, id 53622, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1160, length 64

admin

sudo tcpdump -i bond1 -vv -e icmp  
tcpdump: WARNING: bond1: no IPv4 address assigned
& H( }& F: r% ]7 B% }tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
% J0 b. ]+ x5 R! {16:21:23.140673 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47732, offset 0, flags [DF], proto ICMP (1), length 84)



    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1423, length 64
16:21:24.140663 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 47779, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1424, length 64
16:21:25.140651 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48122, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1425, length 64
" r% H# a7 P4 o8 O. a( c( [16:21:26.140629 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 48938, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1426, length 64
3 Q3 T0 T( [4 A/ @2 w16:21:27.140613 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 49679, offset 0, flags [DF], proto ICMP (1), length 84)
5 t. T5 e* j$ r% D; B8 k* ~    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1427, length 64
16:21:28.140616 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50377, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1428, length 64
5 o5 N: u. B7 v% h( ?16:21:29.140633 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 50603, offset 0, flags [DF], proto ICMP (1), length 84)
& M' j+ s& l# c, u) `7 r, f    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1429, length 64
16:21:30.140614 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 51285, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump -i bond1 -vvv -e icmp  
# v: j% g' _' ~6 m8 atcpdump: WARNING: bond1: no IPv4 address assigned
6 ~6 i, K1 `" D+ a6 W0 Itcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 65535 bytes
) |" h1 e# M7 Y3 I- _/ n! o16:22:01.140593 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1576, offset 0, flags [DF], proto ICMP (1), length 84)
0 p8 N6 V, |/ K    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1461, length 64
16:22:02.140601 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 1841, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1462, length 64
16:22:03.140606 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 2688, offset 0, flags [DF], proto ICMP (1), length 84)
& n  J+ d0 H; u' w! ^. ?# N( V    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1463, length 64
6 I5 F4 h/ E2 a16:22:04.140584 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3273, offset 0, flags [DF], proto ICMP (1), length 84)
    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1464, length 64
16:22:05.140544 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3297, offset 0, flags [DF], proto ICMP (1), length 84)
6 _- T( ?' b2 W& M* ]    10.32.69.236 > 43.240.248.70: ICMP echo request, id 16362, seq 1465, length 64
16:22:06.140605 00:0e:1e:b3:98:20 (oui Unknown) > 00:00:5e:00:01:65 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 205, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 3547, offset 0, flags [DF], proto ICMP (1), length 84)

admin

sudo tcpdump  -i  tapa72cc152-ce -w 43.240.248.70.cap