?????????????????????????? Sniffer???????????Sniffer ?????簲????????????н??????????????繥?????????Э?????????????????????? Linux ?????????????????????? Tcpdump??Ethereal ?? EtherApe ???????????ν??? Sniffer ?????????????????????????Ч????????У??????? Sniffer ????????????????????????Щ?????????????????????????

?????? Tcpdump??????????з???????????????????????????????磬???????λ???????????

?????? Ethereal???????λ????????????????????????з????Tcpdump??ú???????????????????

?????? EtherApe????????λ???????????????????Ethereal?????EtherApe??????????????????????м??

?????? Tcpdump

???????????????????????????????? Tcpdump ?????????????????????????????Tcpdump ???????????????????????????Э???????????????е??????????????????

????????????????????????? Tcpdump ?????????????????????????????????????

?????? Tcpdump ???

????GNU/Linux ???а???????????????п????http://www.tcpdump.org?????

?????? Tcpdump ?????????

????Tcpdump??????????з???????????????????????й?????????????????????????????????????

????Tcpdump ?????????????

????-a????????????????????????????????

????-d????????????????????????????????????

????-dd?????????????????????C??????????

????-ddd???????????????????????????????

????-e???????????·?????????

????-f????internet???????????????

????-l??????????????л??巽?

????-n??????????????????????????????????????????г????????(??IP???)?????????????DNS???

????-t???????????

????-v?????????????????????IP???е?TTL????????????

????-vv???????????????

????-c??????????????????????????

????-F?????????????ж?????????????????????????????????????

????-i?????????????????

????-r?????????????ж???????(???????????-w??????)

????-w????????????????д???????????У?????????з????????

????-T???????????????????????????????

?????? ????

?????? ???????????????5?? ARP ???????????????????????????????

[plain] view plaincopy
[root@Rocky ~]# tcpdump arp -i eth0 -c 5 -n
tcpdump: verbose output suppressed?? use -v or -vv for full protocol decode
listening on eth0?? link-type EN10MB (Ethernet)?? capture size 96 bytes
10:59:46.728425 arp who-has 192.168.1.1 tell 192.168.1.110
11:00:17.315719 arp who-has 192.168.1.1 tell 192.168.1.111
11:00:17.317911 arp who-has 192.168.1.1 tell 192.168.1.111
11:00:17.418271 arp who-has 192.168.1.1 tell 192.168.1.111
11:00:17.418980 arp who-has 192.168.1.1 tell 192.168.1.111
5 packets captured
5 packets received by filter
0 packets dropped by kernel