【云原生】ptcpdump捕获任何进程、容器或 Pod 的网络流量的抓包神器——筑梦之路

ptcpdump 是一个使用 eBPF 技术开发的、类 tcpdump 的网络抓包工具。它除了兼容 tcpdump 的常用命令行参数以及包过滤语法外, 还额外提供了如下核心特性:

  • 在输出中记录和显示发送网络流量的进程、容器、Pod 信息。

  • 支持对指定进程、容器以及 Pod 进行抓包。

  • 支持将抓取的数据包保存为 pcapng 格式,可以使用 tcpdump 或者 Wireshark 做进一步分析。

  • 当在 Wireshark 中打开保存的 pcapng 文件时,将能够看到每个数据包对应的进程、容器、Pod 信息。

  • 使用静态链接的方式编译该工具,系统中不需要安装额外的系统链接库。

更多信息请参考项目的源代码仓库:https://github.com/mozillazg/ptcpdump

兼容 tcpdump 的常用命令行参数和包过滤语法

sudo tcpdump -i eth0 tcp
sudo tcpdump -i eth0 tcp and port 80 and host 10.10.1.1
sudo tcpdump -i eth0 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
sudo tcpdump -i any
sudo tcpdump -i any -s 0 -n -c 100 -w demo.pcapng port 80

sudo ptcpdump -i eth0 tcp
sudo ptcpdump -i eth0 tcp and port 80 and host 10.10.1.1
sudo ptcpdump -i eth0 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
sudo ptcpdump -i any
sudo ptcpdump -i any -s 0 -n -c 100 -w demo.pcapng port 80

在输出中记录和显示发送网络流量的进程、容器和 Pod 信息

$ sudo ptcpdump -i any -c 4 port 80 or port 443
2024-07-07 12:56:56 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 12:56:56 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
12:56:59.517657 veth18618a4a wget.13626 In IP 10.244.0.4.46834 > 13.251.96.10.443: Flags [S], seq 2743105662, win 64240, length 0, Container [test], Pod [test.default]
12:56:59.517836 eth0 wget.13626 Out IP 172.19.0.2.46834 > 13.251.96.10.443: Flags [S], seq 2743105662, win 64240, length 0, Container [test], Pod [test.default]
12:56:59.692593 eth0 wget.13626 In IP 13.251.96.10.443 > 172.19.0.2.46834: Flags [S.], seq 1966397178, ack 2743105663, win 65084, length 0, Container [test], Pod [test.default]
12:56:59.692754 veth18618a4a wget.13626 Out IP 13.251.96.10.443 > 10.244.0.4.46834: Flags [S.], seq 1966397178, ack 2743105663, win 65084, length 0, Container [test], Pod [test.default]
4 packets captured
6 packets received by filter
0 packets dropped by kernel

更详细的输出: 

$ ptcpdump -i any -c 4 -v port 80 or port 443
2024-07-07 12:58:59 WARN ptcpdump: capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
12:59:02.265356 veth18618a4a In IP (tos 0x0, ttl 64, id 35996, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.4.41666 > 13.215.144.61.443: Flags [S], cksum 0xa93a, seq 40651020, win 64240, options [mss 1460,sackOK,TS val 2665081987 ecr 0,nop,wscale 7], length 0
    Process (pid 14565, cmd /usr/bin/wget, args wget https://mozillazg.com -O /dev/null)
    Container (name test, id 78116e60ff73d3dc41c795288fbf955ed543c964e56cada0c3fa466bc939a339, image docker.io/library/alpine:3.18, labels {"io.cri-containerd.kind":"container","io.kubernetes.container.name":"test","io.kubernetes.pod.name":"test","io.kubernetes.pod.namespace":"default","io.kubernetes.pod.uid":"9e4bc54b-de48-4b1c-8b9e-54709f67ed0c"})
    Pod (name test, namespace default, UID 9e4bc54b-de48-4b1c-8b9e-54709f67ed0c, labels {"run":"test"}, annotations {"kubernetes.io/config.seen":"2024-07-07T12:43:29.121307922Z","kubernetes.io/config.source":"api"})
12:59:02.265606 eth0 Out IP (tos 0x0, ttl 63, id 35996, offset 0, flags [DF], proto TCP (6), length 60)
    172.19.0.2.41666 > 13.215.144.61.443: Flags [S], cksum 0x4a58, seq 40651020, win 64240, options [mss 1460,sackOK,TS val 2665081987 ecr 0,nop,wscale 7], length 0
    Process (pid 14565, cmd /usr/bin/wget, args wget https://mozillazg.com -O /dev/null)
    Container (name test, id 78116e60ff73d3dc41c795288fbf955ed543c964e56cada0c3fa466bc939a339, image docker.io/library/alpine:3.18, labels {"io.cri-containerd.kind":"container","io.kubernetes.container.name":"test","io.kubernetes.pod.name":"test","io.kubernetes.pod.namespace":"default","io.kubernetes.pod.uid":"9e4bc54b-de48-4b1c-8b9e-54709f67ed0c"})
    Pod (name test, namespace default, UID 9e4bc54b-de48-4b1c-8b9e-54709f67ed0c, labels {"run":"test"}, annotations {"kubernetes.io/config.seen":"2024-07-07T12:43:29.121307922Z","kubernetes.io/config.source":"api"})
12:59:02.462586 eth0 In IP (tos 0x4, ttl 47, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    13.215.144.61.443 > 172.19.0.2.41666: Flags [S.], cksum 0x9772, seq 3160052321, ack 40651021, win 65084, options [mss 1240,sackOK,TS val 3710435767 ecr 2665081987,nop,wscale 9], length 0
    Process (pid 14565, cmd /usr/bin/wget, args wget https://mozillazg.com -O /dev/null)
    Container (name test, id 78116e60ff73d3dc41c795288fbf955ed543c964e56cada0c3fa466bc939a339, image docker.io/library/alpine:3.18, labels {"io.cri-containerd.kind":"container","io.kubernetes.container.name":"test","io.kubernetes.pod.name":"test","io.kubernetes.pod.namespace":"default","io.kubernetes.pod.uid":"9e4bc54b-de48-4b1c-8b9e-54709f67ed0c"})
    Pod (name test, namespace default, UID 9e4bc54b-de48-4b1c-8b9e-54709f67ed0c, labels {"run":"test"}, annotations {"kubernetes.io/config.seen":"2024-07-07T12:43:29.121307922Z","kubernetes.io/config.source":"api"})
12:59:02.462782 veth18618a4a Out IP (tos 0x4, ttl 46, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    13.215.144.61.443 > 10.244.0.4.41666: Flags [S.], cksum 0x3890, seq 3160052321, ack 40651021, win 65084, options [mss 1240,sackOK,TS val 3710435767 ecr 2665081987,nop,wscale 9], length 0
    Process (pid 14565, cmd /usr/bin/wget, args wget https://mozillazg.com -O /dev/null)
    Container (name test, id 78116e60ff73d3dc41c795288fbf955ed543c964e56cada0c3fa466bc939a339, image docker.io/library/alpine:3.18, labels {"io.cri-containerd.kind":"container","io.kubernetes.container.name":"test","io.kubernetes.pod.name":"test","io.kubernetes.pod.namespace":"default","io.kubernetes.pod.uid":"9e4bc54b-de48-4b1c-8b9e-54709f67ed0c"})
    Pod (name test, namespace default, UID 9e4bc54b-de48-4b1c-8b9e-54709f67ed0c, labels {"run":"test"}, annotations {"kubernetes.io/config.seen":"2024-07-07T12:43:29.121307922Z","kubernetes.io/config.source":"api"})
4 packets captured
6 packets received by filter
0 packets dropped by kernel

支持对指定进程、容器或 Pod 进行抓包

 

# 指定进程 pid 抓包

$ sudo ptcpdump -i any -c 4 --pid 82106
2024-07-07 13:11:40 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 13:11:40 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:11:50.170538 ens33 python3.10.82106 Out IP 10.0.2.15.36648 > 13.251.96.10.443: Flags [S], seq 1633417447, win 64240, length 0
13:11:50.369972 ens33 python3.10.82106 In IP 13.251.96.10.443 > 10.0.2.15.36648: Flags [S.], seq 1793291274, ack 1633417448, win 64240, length 0
2 packets captured
3 packets received by filter
0 packets dropped by kernel


# 指定 -f 参数对该进程创建的子进程也进行抓包

$ sudo ptcpdump -i any -c 4 --pid 82106 -f 'tcp[tcpflags] & tcp-fin != 0'
2024-07-07 13:17:31 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 13:17:31 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:17:37.800903 ens33 python3.10.82106 Out IP 10.0.2.15.38576 > 52.74.166.77.443: Flags [F.], seq 2442149577, ack 367271121, win 62780, length 0
13:17:37.977316 ens33 python3.10.82106 In IP 52.74.166.77.443 > 10.0.2.15.38576: Flags [FP.], seq 367271145, ack 2442149578, win 64239, length 0
13:17:44.390627 ens33 curl.95920 Out IP 10.0.2.15.38590 > 52.74.166.77.443: Flags [F.], seq 3726932781, ack 1510095004, win 63045, length 0
13:17:44.564990 ens33 curl.95920 In IP 52.74.166.77.443 > 10.0.2.15.38590: Flags [FP.], seq 1510095028, ack 3726932782, win 64239, length 0
4 packets captured
4 packets received by filter
0 packets dropped by kernel



# 指定进程名称抓包

通过 --pname 参数指定进程名称(comm),实现指定进程名称抓包

$ sudo ptcpdump -i any -c 2 --pname curl
2024-07-07 13:23:18 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 13:23:18 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:23:24.881499 lo curl.26511 Out IP 127.0.0.1.43332 > 127.0.0.53.53: 44133+ [1au] A? mozillazg.com. (42)
13:23:24.881663 lo curl.26511 Out IP 127.0.0.1.43332 > 127.0.0.53.53: 14694+ [1au] AAAA? mozillazg.com. (42)
2 packets captured
2 packets received by filter
0 packets dropped by kernel



# 通过运行目标程序来抓包

使用 -- 参数运行目标程序的方式来实现对特定程序进行抓包

$ sudo ptcpdump -i any -- curl -I https://mozillazg.com
2024-07-07 13:26:44 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 13:26:44 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:26:44.055757 lo curl.28094 Out IP 127.0.0.1.48826 > 127.0.0.53.53: 8942+ [1au] A? mozillazg.com. (42)
13:26:44.055914 lo curl.28094 Out IP 127.0.0.1.48826 > 127.0.0.53.53: 34274+ [1au] AAAA? mozillazg.com. (42)
13:26:44.775840 lo curl.28094 In IP 127.0.0.53.53 > 127.0.0.1.48826: 8942 3/0/1 CNAME mozillazg.netlify.com., A 13.251.96.10, A 46.137.195.11 (106)
13:26:45.135988 lo curl.28094 In IP 127.0.0.53.53 > 127.0.0.1.48826: 34274 3/0/1 CNAME mozillazg.netlify.com., AAAA 2406:da18:880:3802::c8, AAAA 2406:da18:b3d:e202::64 (130)
13:26:45.136819 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [S], seq 3460683104, win 64800, length 0
13:26:45.310505 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [S.], seq 630810442, ack 3460683105, win 65232, length 0
13:26:45.310821 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [.], seq 3460683105, ack 630810443, win 507, length 0
13:26:45.414551 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [P.], seq 3460683105:3460683622, ack 630810443, win 507, length 517
13:26:45.595214 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [.], seq 630810443, ack 3460683622, win 127, length 0
13:26:45.595413 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [.], seq 630810443:630811651, ack 3460683622, win 127, length 1208
13:26:45.595595 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [.], seq 3460683622, ack 630811651, win 501, length 0
13:26:45.595702 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [P.], seq 630811651:630812859, ack 3460683622, win 127, length 1208
13:26:45.595797 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [.], seq 3460683622, ack 630812859, win 492, length 0
13:26:45.595862 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [P.], seq 630812859:630813338, ack 3460683622, win 127, length 479
13:26:45.595934 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [.], seq 3460683622, ack 630813338, win 489, length 0
13:26:45.600998 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [P.], seq 3460683622:3460683686, ack 630813338, win 489, length 64
13:26:45.601344 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [P.], seq 3460683686:3460683781, ack 630813338, win 489, length 95
13:26:45.616759 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [P.], seq 3460683781:3460683882, ack 630813338, win 501, length 101
13:26:45.779516 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [.], seq 630813338, ack 3460683781, win 127, length 0
13:26:45.779792 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [P.], seq 630813338:630813399, ack 3460683781, win 127, length 61
13:26:45.779996 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [P.], seq 630813399:630813443, ack 3460683781, win 127, length 44
13:26:45.780318 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [P.], seq 3460683882:3460683913, ack 630813443, win 501, length 31
HTTP/2 200
13:26:45.788787 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [P.], seq 630813443:630813677, ack 3460683882, win 127, length 234
accept-ranges: bytes
age: 79059
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-type: text/html; charset=UTF-8
date: Sun, 07 Jul 2024 05:26:44 GMT
etag: "80cf37f5974e2232d976c6f622121dee-ssl"
server: Netlify
strict-transport-security: max-age=31536000
x-nf-request-id: 01J25THACQSN9364YHSR2C0X5F
content-length: 11727

13:26:45.789558 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [P.], seq 3460683913:3460683937, ack 630813677, win 501, length 24
13:26:45.791514 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [F.], seq 3460683937, ack 630813677, win 501, length 0
13:26:45.963642 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [.], seq 630813677, ack 3460683937, win 127, length 0
13:26:45.963956 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [P.], seq 630813677:630813701, ack 3460683937, win 127, length 24
13:26:45.964172 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [R], seq 3460683937, win 0, length 0
13:26:45.964415 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [F.], seq 630813701, ack 3460683937, win 127, length 0
13:26:45.964506 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [R], seq 3460683937, win 0, length 0
13:26:45.966158 wlp4s0 curl.28094 In IP6 2406:da18:880:3802::c8.443 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744: Flags [.], seq 630813702, ack 3460683938, win 127, length 0
13:26:45.966299 wlp4s0 curl.28094 Out IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.53744 > 2406:da18:880:3802::c8.443: Flags [R], seq 3460683938, win 0, length 0
32 packets captured
32 packets received by filter
0 packets dropped by kernel



# 指定容器抓包

通过 --container-id 参数指定容器 id 进行抓包

$ sudo ptcpdump -i any -c 2 --container-id 36f0310403b1
2024-07-07 13:36:19 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 13:36:19 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:36:24.191242 veth09dec8f curl.32636 In IP 172.19.0.2.48960 > 18.139.194.139.443: Flags [S], seq 3213779351, win 64240, length 0, Container [kind-control-plane]
13:36:24.191369 wlp4s0 curl.32636 Out IP 192.168.1.50.48960 > 18.139.194.139.443: Flags [S], seq 3213779351, win 64240, length 0, Container [kind-control-plane]
2 packets captured
2 packets received by filter
0 packets dropped by kernel


通过 --container-name 参数指定容器名称进行抓包

$ sudo ptcpdump -i any -c 2 --container-name kind-control-plane
2024-07-07 13:37:16 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 13:37:16 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:37:22.560764 veth09dec8f curl.33093 In IP 172.19.0.2.39084 > 18.139.194.139.443: Flags [S], seq 3645727033, win 64240, length 0, Container [kind-control-plane]
13:37:22.561010 wlp4s0 curl.33093 Out IP 192.168.1.50.39084 > 18.139.194.139.443: Flags [S], seq 3645727033, win 64240, length 0, Container [kind-control-plane]
2 packets captured
2 packets received by filter
0 packets dropped by kernel


# 指定 Pod 抓包

通过 --pod-name 参数指定 Pod 名称进行抓包, 参数值的格式为 <pod 名称>.<pod 命名空间

$ sudo ptcpdump -i any -c 2 --pod-name test.default
2024-07-07 13:38:29 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 13:38:29 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:38:34.175752 eth0 wget.33660 Out IP 172.19.0.2.51564 > 13.215.144.61.443: Flags [S], seq 567383917, win 64240, length 0, Container [test], Pod [test.default]
13:38:34.372894 eth0 wget.33660 In IP 13.215.144.61.443 > 172.19.0.2.51564: Flags [S.], seq 2654865684, ack 567383918, win 65084, length 0, Container [test], Pod [test.default]
2 packets captured
3 packets received by filter
0 packets dropped by kernel

将数据保存为 pcapng 格式使用 tcpdump 或 Wireshark 进行分析

 保存为 pcapng 格式

通过 -w 参数将抓包数据保存为 pcapng 格式

$ sudo ptcpdump -i any -c 5 -w demo.pcapng
2024-07-07 13:41:32 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 13:41:32 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
5 packets captured
22 packets received by filter
0 packets dropped by kernel

使用 tcpdump 进行分析

$ sudo ptcpdump -i any -c 5 -w - port 80 | tcpdump -n -r -
reading from file -, link-type EN10MB (Ethernet), snapshot length 65535
2024-07-07 13:44:33 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output
2024-07-07 13:44:33 WARN capturing on any, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:44:44.530637 IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.50858 > 2406:da18:880:3801::c8.80: Flags [S], seq 495824072, win 64800, options [mss 1440,sackOK,TS val 2411675580 ecr 0,nop,wscale 7], length 0
13:44:44.708902 IP6 2406:da18:880:3801::c8.80 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.50858: Flags [S.], seq 640438481, ack 495824073, win 65232, options [mss 1220,sackOK,TS val 1591525382 ecr 2411675580,nop,wscale 9], length 0
13:44:44.709261 IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.50858 > 2406:da18:880:3801::c8.80: Flags [.], ack 1, win 507, options [nop,nop,TS val 2411675670 ecr 1591525382], length 0
13:44:44.709475 IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.50858 > 2406:da18:880:3801::c8.80: Flags [P.], seq 1:78, ack 1, win 507, options [nop,nop,TS val 2411675670 ecr 1591525382], length 77: HTTP: GET / HTTP/1.1
5 packets captured
6 packets received by filter
0 packets dropped by kernel
13:44:44.877110 IP6 2406:da18:880:3801::c8.80 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.50858: Flags [P.], seq 1:266, ack 78, win 128, options [nop,nop,TS val 1591525469 ecr 2411675670], length 265: HTTP: HTTP/1.1 301 Moved Permanently

 读取文件的方式通过 tcpdump 对抓取的数据进行分析

$ tcpdump -n -r demo.pcapng
reading from file demo.pcapng, link-type EN10MB (Ethernet), snapshot length 65535
13:47:41.169584 IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.43038 > 2406:da18:b3d:e201::64.80: Flags [S], seq 3876639697, win 64800, options [mss 1440,sackOK,TS val 2072195434 ecr 0,nop,wscale 7], length 0
13:47:41.571055 IP 192.168.1.50.60580 > 18.139.194.139.80: Flags [S], seq 481256927, win 64240, options [mss 1460,sackOK,TS val 2707199178 ecr 0,nop,wscale 7], length 0
13:47:41.956270 IP6 2406:da18:b3d:e201::64.80 > 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.43038: Flags [S.], seq 2283576526, ack 3876639698, win 65232, options [mss 1220,sackOK,TS val 4276006323 ecr 2072195434,nop,wscale 9], length 0
13:47:41.956437 IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.43038 > 2406:da18:b3d:e201::64.80: Flags [.], ack 1, win 507, options [nop,nop,TS val 2072195828 ecr 4276006323], length 0
13:47:41.956733 IP6 2409:8a00:2631:22f0:acdc:55a6:9015:b8f1.43038 > 2406:da18:b3d:e201::64.80: Flags [P.], seq 1:78, ack 1, win 507, options [nop,nop,TS val 2072195828 ecr 4276006323], length 77: HTTP: GET / HTTP/1.1

使用 Wireshark 进行分析

 

 参考资料:

  • mozillazg/ptcpdump: Process-aware, eBPF-based tcpdump

  • tcpdump(1) man page | TCPDUMP & LIBPCAP

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/799995.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

LED显示屏中什么情况下用网线?什么情况下用光纤?

在这个色彩斑斓的数字时代&#xff0c;LED显示屏如同城市的眼睛&#xff0c;闪烁着各种信息与艺术的光芒。而要让这些“眼睛”明亮有神&#xff0c;背后离不开两条重要的“信息高速公路”——网线和光纤。它们就像是LED显示屏的血管&#xff0c;负责输送数据这一“血液”。那么…

实验三:图像的平滑滤波

目录 一、实验目的 二、实验原理 1. 空域平滑滤波 2. 椒盐噪声的处理 三、实验内容 四、源程序和结果 (1) 主程序&#xff08;matlab&#xff09; (2) 函数GrayscaleFilter (3) 函数MeanKernel (4) 函数MedFilter 五、结果分析 1. 空域平滑滤波 2. 椒盐噪声的处理…

Python PDF文件的加密和水印处理使用详解

概要 在日常工作中,处理PDF文件是非常常见的需求。为了保护PDF文件的内容,我们可能需要对其进行加密。同时,为了防止文件被未经授权的复制和使用,添加水印也是一种有效的方法。本文将详细介绍如何使用Python对PDF文件进行加密和添加水印的操作,包含详细的示例代码,帮助全…

嵌入式系统中的GPIO控制与应用

GPIO是嵌入式系统中最常见且功能最强大的接口之一。它允许硬件工程师通过编程来配置和控制芯片上的数字引脚&#xff0c;实现输入和输出的功能。在本文中&#xff0c;我们将从理论和实践两个方面探讨GPIO的工作原理&#xff0c;并通过一个简单的示例项目来演示如何利用GPIO控制…

IP风险画像 金融行业的安全盾牌

在当今数字化时代&#xff0c;金融行业面临着前所未有的安全挑战。随着在线交易和数字银行业务的迅猛发展&#xff0c;欺诈和网络攻击的威胁也在不断增加。金融机构需要高效、可靠的安全解决方案来保护客户的资产和个人信息&#xff0c;防止各种形式的欺诈行为。 IP风险画像是…

CS110L(Rust)

1.Rust 语法总结 数值类型 有符号整数: i8, i16, i32, i64无符号整数: u8, u16, u32, u64 变量声明 声明变量: let i 0; // 类型推断let n: i32 1; // 显式类型声明 可变变量: let mut n 0; n n 1; 字符串 注意&#xff0c;let s: str "Hello world";…

WebSocket、服务器推送技术

WebSocket 是一种在单个 TCP 连接上进行 全双工 通信的协议&#xff0c;它可以让客户端和服务器之间进行实时的双向通信&#xff0c;且不存在同源策略限制 WebSocket 使用一个长连接&#xff0c;在客户端和服务器之间保持持久的连接&#xff0c;从而可以实时地发送和接收数据…

区块链与云计算的融合:新时代数据安全的挑战与机遇

随着信息技术的迅猛发展&#xff0c;云计算和区块链技术作为两大前沿技术在各自领域内展示出了巨大的潜力。而它们的结合&#xff0c;即区块链与云计算的融合&#xff0c;正在成为数据安全领域的新趋势。本文将探讨这一融合对数据安全带来的挑战和机遇&#xff0c;以及其在企业…

django实现用户的注册、登录、注销功能

创建django项目的步骤&#xff1a;Django项目的创建步骤-CSDN博客 一、前置工作 配置数据库&#xff0c;设置数据库引擎为mysql 1、在settings文件中找到DATABASES, 配置以下内容 DATABASES {"default": {ENGINE: django.db.backends.mysql, # 数据库引擎NAME: dja…

【数据结构与算法】希尔排序:基于插入排序的高效排序算法

&#x1f493; 博客主页&#xff1a;倔强的石头的CSDN主页 &#x1f4dd;Gitee主页&#xff1a;倔强的石头的gitee主页 ⏩ 文章专栏&#xff1a;《数据结构与算法》 期待您的关注 ​ 目录 一、引言 二、基本原理 三、实现步骤 四、C语言实现 五、性能分析 1. 时间复杂度…

Hadoop3:HDFS-查看logs文件,排查NameNode故障原因。

问题一、NameNode进程退出 我们发现&#xff0c;NameNode进程不存在。 情况1、单独启动NameNode hdfs --daemon start namenode能够正常拉起&#xff0c;那就没问题 情况2、无法独立启动NameNode 先尝试启动NameNode hdfs --daemon start namenode发现&#xff0c;没能成…

el-date-picker手动输入日期,通过设置开始时间和阶段自动填写结束时间

需求&#xff1a;根据开始时间&#xff0c;通过填写阶段时长&#xff0c;自动填写结束时间&#xff0c;同时开始时间和节数时间可以手动输入 代码如下&#xff1a; <el-form ref"ruleForm2" :rules"rules2" :model"formData" inline label-po…

Redis深度解析:从基础到高级特性,剖析关键技术

一、关于Redis Redis介绍 REmote DIctionary Server(Redis) 是一个由 Salvatore Sanfilippo 写的 key-value 存储系统&#xff0c;是跨平台的非关系型数据库。 Redis 是一个开源的使用 ANSIC 语言编写、遵守 BSD&#xff08;开源协议&#xff09; 协议、支持网络、可基于内存…

指令判断数据更改,文本变色

默认数据是这样&#xff0c;如果更改了其中一个&#xff0c;文本框变成红色 <el-form-item label"Activity name"><el-inputv-model"form.name"v-highlight"datas[name]"input"changeValue(name)"/></el-form-item>…

excel系列(二) - 利用 easypoi 快速实现 excel 文件导入导出

一、介绍 在上篇文章中&#xff0c;我们介绍了 apache poi 工具实现 excel 文件的导入导出。 本篇我们继续深入介绍另一款优秀的 excel 工具库&#xff1a;easypoi。 二、easypoi 以前的以前&#xff0c;有个大佬程序员&#xff0c;跳到一家公司之后就和业务人员聊上了&…

智慧水利:迈向水资源管理的新时代,结合物联网、云计算等先进技术,阐述智慧水利解决方案在提升水灾害防控能力、优化水资源配置中的关键作用

本文关键词&#xff1a;智慧水利、智慧水利工程、智慧水利发展前景、智慧水利技术、智慧水利信息化系统、智慧水利解决方案、数字水利和智慧水利、数字水利工程、数字水利建设、数字水利概念、人水和协、智慧水库、智慧水库管理平台、智慧水库建设方案、智慧水库解决方案、智慧…

LLM-阿里 DashVector + langchain self-querying retriever 优化 RAG 实践【Query 优化】

文章目录 前言self querying 简介代码实现总结 前言 现在比较流行的 RAG 检索就是通过大模型 embedding 算法将数据嵌入向量数据库中&#xff0c;然后在将用户的查询向量化&#xff0c;从向量数据库中召回相似性数据&#xff0c;构造成 context template, 放到 LLM 中进行查询…

HCIE是什么等级的证书?

HCIE&#xff08;华为认证互联网专家&#xff0c;Huawei Certified Internetwork Expert&#xff09;是华为认证体系中的最高等级证书。它要求考生具备在复杂网络环境中规划、设计、部署、运维和优化网络的能力。HCIE认证是华为认证体系中最具挑战性和含金量的认证之一&#xf…

MWA(Modern Web App)初学那些事-2-Basic HTML CSS

初学MWA(Modern Web App&#xff09;那些事-2-Basic HTML & CSS 目录 初学MWA(Modern Web App&#xff09;那些事-2-Basic HTML & CSS前言一、本节学习目标二、HTML基础内容2.1关键元素2.4 Scripts 三、CSS 基础内容3.1 级联样式表-用于设置网页样式和布局3.2 CSS规则语…

cuda缓存示意图

一、定义 cuda 缓存示意图gpu 架构示意图gpu 内存访问示意图 二、实现 cuda 缓存示意图 DRAM: 通常指的是GPU的显存&#xff0c;位于GPU芯片外部&#xff0c;通过某种接口&#xff08;如PCIE&#xff09;与GPU芯片相连。它是GPU访问的主要数据存储区域&#xff0c;用于存储大…