Linux 同时捕获两个不同端口上的网络流量
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8309451/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
capture network traffic on two different ports simultaneously
提问by Udit Gupta
I wish to capture tcpdump traffic on two different ports simultaneouly .
我希望同时捕获两个不同端口上的 tcpdump 流量。
I tried this ..
我试过这个..
$ tcpdump port 21 ; tcpdump port 22
Althoug it worked but problem is first it will wait for traffic on port 21 and when interrupted then it will wait for port 22.
虽然它有效,但问题是首先它会等待端口 21 上的流量,当中断时它将等待端口 22。
Also another problem is it will not capture the traffic on port 22 untill traffic on port 21 will be captured.
还有一个问题是它不会捕获端口 22 上的流量,直到端口 21 上的流量被捕获。
I want an order free solution means in whatever order packet arrives if they are for port 21 or 22 they should be captured .
我想要一个无订单的解决方案意味着无论数据包到达的顺序如何,如果它们是用于端口 21 或 22,它们都应该被捕获。
Please help me on this !!!
请帮我解决这个问题!!!
EDIT :
编辑 :
Sorry I did not specified it before the actual command I am trying to run is this ..
抱歉,在我尝试运行的实际命令之前我没有指定它是这个 ..
$ tcpdump -X -s0 protochain 50
and
和
$ tcpdump -X -s0 protochain 51
Now I need to use 50 and 51 both simultaneously ..
现在我需要同时使用 50 和 51 ..
采纳答案by Udit Gupta
Problem solved it was actually very simple I should have tried it before ..
问题解决了它实际上很简单我应该在之前尝试过..
but thanks I got my idea just by looking at your answers.
但谢谢,我只是通过查看您的答案而得到了我的想法。
I think it is the beauty of stackoverflow if we could find an exact answer , we can invent it through the discussion. ..
我认为如果我们能找到确切的答案,这就是 stackoverflow 的美妙之处,我们可以通过讨论来发明它。..
$ tcpdump -X -s0 protochain 50 or 51
回答by Daniel B?hmer
I am no tcpdumpexpert but found this in the tcpdumpmanpage:
我不是tcpdump专家,但在tcpdump联机帮助页中找到了这个:
tcpdump 'gateway snup and (port ftp or ftp-data)'
tcpdump 'gateway snup and (port ftp or ftp-data)'
So try this
所以试试这个
tcpdump '(port ftp or ftp-data)'
回答by taho
Hi, you just need to compose two ports like this:
嗨,你只需要像这样组成两个端口:
tcpdump -n -i $INTERFACE port 21 or port 22
where -nwill get numerical address without reverse resolving (faster)
and $INTERFACEis real interface where you sniff trafic
哪里-n将获得数字地址而无需反向解析(更快)
并且$INTERFACE是您嗅探流量的真实界面
回答by Fabien Haddadi
Like other contributors said, you can use the andlogical operator, but be aware than you can also use it in conjunction with other operators. To ensure that tcpdump sees them, and that the operator precedence is the one you want, use brackets, but only within single quotes, like in this example below:
sudo tcpdump -i eth0 '(port 465 or port 587)' and src 1.2.3.4, because if you omit the single quotes, your shell may interpret them before tcpdump does, and b), you will not be certain of what the operator precedence is to one another. Strong of this, you may now do any combination, just like in arithmetic.
就像其他贡献者所说的那样,您可以使用and逻辑运算符,但请注意,您也可以将其与其他运算符结合使用。为确保 tcpdump 看到它们,并且运算符优先级是您想要的,请使用方括号,但仅限在单引号内,如下例所示:
sudo tcpdump -i eth0 '(port 465 or port 587)' and src 1.2.3.4,因为如果省略单引号,您的 shell 可能会在 tcpdump 之前解释它们, 和 b),您将无法确定运算符之间的优先级。强大的这一点,你现在可以做任何组合,就像在算术中一样。
