{"id":13833,"date":"2023-08-17T06:26:31","date_gmt":"2023-08-16T21:26:31","guid":{"rendered":"https:\/\/lab4ict.com\/system\/?p=13833"},"modified":"2023-08-17T07:13:46","modified_gmt":"2023-08-16T22:13:46","slug":"tcpdump%e3%81%a7%e3%83%91%e3%82%b1%e3%83%83%e3%83%88%e3%82%ad%e3%83%a3%e3%83%97%e3%83%81%e3%83%a3%e3%81%99%e3%82%8b%ef%bc%81%ef%bc%88%e3%83%95%e3%82%a3%e3%83%ab%e3%82%bf%e3%83%aa%e3%83%b3%e3%82%b0","status":"publish","type":"post","link":"https:\/\/lab4ict.com\/system\/archives\/13833","title":{"rendered":"Tcpdump\u3067\u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01\uff08\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\uff09"},"content":{"rendered":"

Tcpdump\u3067\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3057\u306a\u304c\u3089\u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002
\n<\/p>\n

\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3092\u78ba\u8a8d\u3059\u308b\uff01<\/h2>\n

\u300c-D\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001\u6307\u5b9a\u3067\u304d\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n

\r\n# tcpdump -D\r\n1.enp0s3 [Up, Running]\r\n2.lo [Up, Running, Loopback]\r\n3.any (Pseudo-device that captures on all interfaces) [Up, Running]\r\n4.bluetooth-monitor (Bluetooth Linux Monitor) [none]\r\n5.nflog (Linux netfilter log (NFLOG) interface) [none]\r\n6.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]\r\n7.usbmon0 (Raw USB traffic, all USB buses) [none]\r\n8.usbmon1 (Raw USB traffic, bus number 1)\r\n9.usbmon2 (Raw USB traffic, bus number 2)\r\n<\/pre>\n
\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n
\u300c-i\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n
\r\n# tcpdump -c 3 -i enp0s3\r\ndropped privs to tcpdump\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n06:12:12.686568 IP vmsrhe11.loc.lab4ict.com.ssh > dpc001p1.loc.lab4ict.com.38984: Flags [P.], seq 2854369762:2854369982, ack 3637069513, win 341, options [nop,nop,TS val 1336800761 ecr 3911764049], length 220\r\n06:12:12.686786 IP dpc001p1.loc.lab4ict.com.38984 > vmsrhe11.loc.lab4ict.com.ssh: Flags [.], ack 220, win 9612, options [nop,nop,TS val 3911764060 ecr 1336800761], length 0\r\n06:12:12.687309 IP vmsrhe11.loc.lab4ict.com.ssh > dpc001p1.loc.lab4ict.com.38984: Flags [P.], seq 220:640, ack 1, win 341, options [nop,nop,TS val 1336800761 ecr 3911764060], length 420\r\n3 packets captured\r\n4 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n
\u300cport\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n
\r\n# tcpdump -c 3 -nn -i enp0s3 port 22\r\ndropped privs to tcpdump\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n06:15:29.809648 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 2854373942:2854374162, ack 3637072125, win 341, options [nop,nop,TS val 1336997884 ecr 3911961167], length 220\r\n06:15:29.809853 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 220, win 9612, options [nop,nop,TS val 3911961173 ecr 1336997884], length 0\r\n06:15:29.810206 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 220:576, ack 1, win 341, options [nop,nop,TS val 1336997884 ecr 3911961173], length 356\r\n3 packets captured\r\n4 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u9001\u4fe1\u5143\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n
\u300csrc port\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001\u9001\u4fe1\u5143\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n
\r\n# tcpdump -c 3 -nn -i enp0s3 src port 22\r\ndropped privs to tcpdump\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n06:16:53.706258 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 2854375538:2854375758, ack 3637073021, win 341, options [nop,nop,TS val 1337081780 ecr 3912045059], length 220\r\n06:16:53.706825 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 220:440, ack 1, win 341, options [nop,nop,TS val 1337081781 ecr 3912045064], length 220\r\n06:16:53.706926 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 440:636, ack 1, win 341, options [nop,nop,TS val 1337081781 ecr 3912045064], length 196\r\n3 packets captured\r\n3 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u9001\u4fe1\u5148\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n
\u300cdest port\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001\u9001\u4fe1\u5148\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n
\r\n# tcpdump -c 3 -nn -i enp0s3 dst port 22\r\ndropped privs to tcpdump\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n06:18:23.826471 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 2854378382, win 9612, options [nop,nop,TS val 3912135179 ecr 1337171900], length 0\r\n06:18:23.826937 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 189, win 9612, options [nop,nop,TS val 3912135179 ecr 1337171901], length 0\r\n06:18:23.827096 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 369, win 9612, options [nop,nop,TS val 3912135179 ecr 1337171901], length 0\r\n3 packets captured\r\n3 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u30db\u30b9\u30c8\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n
\u300chost\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001\u30db\u30b9\u30c8\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n
\r\n# tcpdump -c 3 -nn -i enp0s3 host 10.1.1.1\r\ndropped privs to tcpdump\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n06:19:31.209734 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 2854381298:2854381518, ack 3637077013, win 341, options [nop,nop,TS val 1337239284 ecr 3912202554], length 220\r\n06:19:31.209907 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 220, win 9612, options [nop,nop,TS val 3912202559 ecr 1337239284], length 0\r\n06:19:31.210249 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 220:576, ack 1, win 341, options [nop,nop,TS val 1337239284 ecr 3912202559], length 356\r\n3 packets captured\r\n4 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u9001\u4fe1\u5143\u30db\u30b9\u30c8\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n
\u300csrc host\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001\u9001\u4fe1\u5143\u30db\u30b9\u30c8\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n
\r\n# tcpdump -c 3 -nn -i enp0s3 src host 10.1.1.1\r\ndropped privs to tcpdump\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n06:20:34.834617 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 2854383402, win 9612, options [nop,nop,TS val 3912266180 ecr 1337302909], length 0\r\n06:20:34.835040 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 189, win 9612, options [nop,nop,TS val 3912266181 ecr 1337302909], length 0\r\n06:20:34.835157 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 369, win 9612, options [nop,nop,TS val 3912266181 ecr 1337302909], length 0\r\n3 packets captured\r\n3 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u9001\u4fe1\u5148\u30db\u30b9\u30c8\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n
\u300cdst host\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001\u9001\u4fe1\u5148\u30db\u30b9\u30c8\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n
\r\n# tcpdump -c 3 -nn -i enp0s3 dst host 10.1.1.1\r\ndropped privs to tcpdump\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n06:21:25.281702 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 2854385174:2854385394, ack 3637079333, win 341, options [nop,nop,TS val 1337353356 ecr 3912316620], length 220\r\n06:21:25.282218 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 220:440, ack 1, win 341, options [nop,nop,TS val 1337353356 ecr 3912316626], length 220\r\n06:21:25.282313 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 440:636, ack 1, win 341, options [nop,nop,TS val 1337353356 ecr 3912316626], length 196\r\n3 packets captured\r\n3 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u9001\u4fe1\u5148\u30db\u30b9\u30c8\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n
\u300cand\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001\u8907\u6570\u6761\u4ef6\u3092\u6307\u5b9a\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n
\r\n# tcpdump -c 3 -nn -i enp0s3 host 10.1.1.1 and port 22\r\ndropped privs to tcpdump\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n06:23:20.353842 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 2854389046:2854389266, ack 3637082505, win 341, options [nop,nop,TS val 1337468428 ecr 3912431688], length 220\r\n06:23:20.354016 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 220, win 9612, options [nop,nop,TS val 3912431693 ecr 1337468428], length 0\r\n06:23:20.354368 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 220:576, ack 1, win 341, options [nop,nop,TS val 1337468429 ecr 3912431693], length 356\r\n3 packets captured\r\n4 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u300cor\u300d\u6761\u4ef6\u3082\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002<\/p>\n
\r\n# tcpdump -c 3 -nn -i enp0s3 host 10.1.1.1 or 10.1.12.11\r\ndropped privs to tcpdump\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n06:24:44.065894 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 2854393170:2854393390, ack 3637084661, win 341, options [nop,nop,TS val 1337552140 ecr 3912515397], length 220\r\n06:24:44.066103 IP 10.1.1.1.38984 > 10.1.12.11.22: Flags [.], ack 220, win 9612, options [nop,nop,TS val 3912515403 ecr 1337552140], length 0\r\n06:24:44.066448 IP 10.1.12.11.22 > 10.1.1.1.38984: Flags [P.], seq 220:576, ack 1, win 341, options [nop,nop,TS val 1337552141 ecr 3912515403], length 356\r\n3 packets captured\r\n4 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u304a\u308f\u308a\u306b<\/h2>\n
tcpdump\u3067\u306f\u3001\u5fc5\u8981\u3068\u306a\u308b\u30d5\u30a3\u30eb\u30bf\u6761\u4ef6\u304c\u4e00\u901a\u308a\u6307\u5b9a\u3067\u304d\u308b\u306e\u3067\u3001\u6761\u4ef6\u3092\u3046\u307e\u304f\u7d5e\u3063\u3066\u8abf\u67fb\u306b\u6d3b\u304b\u3059\u3088\u3046\u306b\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n
\u95a2\u9023\u8a18\u4e8b<\/h2>\n
\"\u3010\u8a18\u4e8b\u4e00\u89a7\u3011Linux\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3044\u3053\u306a\u3059\uff01\"<\/div>
\u3010\u8a18\u4e8b\u4e00\u89a7\u3011Linux\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3044\u3053\u306a\u3059\uff01<\/div>
Linux\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3044\u3053\u306a\u3059\u305f\u3081\u306e\u8a18\u4e8b\u4e00\u89a7\u3092\u63b2\u8f09\u3057\u307e\u3059\u3002...<\/div><\/a><\/div>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Tcpdump\u3067\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3057\u306a\u304c\u3089\u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n","protected":false},"author":1,"featured_media":5527,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[874],"tags":[915,309,408,914,917,519],"class_list":["post-13833","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-network-linux","tag-tcpdump","tag-309","tag-408","tag-914","tag-917","tag-519"],"_links":{"self":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/13833","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/comments?post=13833"}],"version-history":[{"count":9,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/13833\/revisions"}],"predecessor-version":[{"id":13856,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/13833\/revisions\/13856"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media\/5527"}],"wp:attachment":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media?parent=13833"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/categories?post=13833"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/tags?post=13833"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}