分类默认分类下的文章 - 小陈运维

登录 / 注册

chenby

累计撰写 208 篇文章
累计收到 124 条评论

搜索到 208 篇与默认分类的结果

2022-02-15
CentOS安装时钟同步服务使用chrony用于时间同步yum install chrony -y vim /etc/chrony.conf cat /etc/chrony.conf | grep -v "^#" | grep -v "^$" pool ntp.aliyun.com iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 10.0.0.0/8 local stratum 10 keyfile /etc/chrony.keys leapsectz right/UTC logdir /var/log/chrony systemctl restart chronyd systemctl enable chronyd客户端安装并配置yum install chrony -y vim /etc/chrony.conf cat /etc/chrony.conf | grep -v "^#" | grep -v "^$" pool 10.0.0.20 iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync keyfile /etc/chrony.keys leapsectz right/UTC logdir /var/log/chrony systemctl restart chronyd ; systemctl enable chronyd使用客户端进行验证chronyc sources -v .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current best, '+' = combined, '-' = not combined, | / 'x' = may be in error, '~' = too variable, '?' = unusable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* master01 3 6 17 7 -2539ns[ -29us] +/- 16ms https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年02月15日
- 435 阅读
- 0 评论
- 0 点赞
2022-02-11
使用二进制方式安装Docker 长期使用安装工具进行安装docker，今天用二进制方式手动安装一下docker环境。二进制包下载地址：https://download.docker.com/linux/static/stable/x86_64/ #解压 tar xf docker-20.10.9.tgz #拷贝二进制文件 cp docker/* /usr/bin/ #创建containerd的service文件,并且启动 cat >/etc/systemd/system/containerd.service <<EOF [Unit] Description=containerd container runtime Documentation=https://containerd.io After=network.target local-fs.target [Service] ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/bin/containerd Type=notify Delegate=yes KillMode=process Restart=always RestartSec=5 LimitNPROC=infinity LimitCORE=infinity LimitNOFILE=1048576 TasksMax=infinity OOMScoreAdjust=-999 [Install] WantedBy=multi-user.target EOF systemctl enable --now containerd.service准备docker的service文件#准备docker的service文件 cat > /etc/systemd/system/docker.service <<EOF [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket containerd.service [Service] Type=notify ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always StartLimitBurst=3 StartLimitInterval=60s LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity Delegate=yes KillMode=process OOMScoreAdjust=-500 [Install] WantedBy=multi-user.target EOF #准备docker的socket文件 cat > /etc/systemd/system/docker.socket <<EOF [Unit] Description=Docker Socket for the API [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target EOF启动验证#创建docker组 groupadd docker #启动docker systemctl enable --now docker.socket && systemctl enable --now docker.service #验证 docker info创建docker配置文件cat >/etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": [ "https://docker.mirrors.ustc.edu.cn", "http://hub-mirror.c.163.com" ], "max-concurrent-downloads": 10, "log-driver": "json-file", "log-level": "warn", "log-opts": { "max-size": "10m", "max-file": "3" }, "data-root": "/var/lib/docker" } EOF systemctl restart dockerLinux运维交流社区Linux运维交流社区，互联网新闻以及技术交流。84篇原创内容公众号 https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年02月11日
- 539 阅读
- 0 评论
- 0 点赞
2022-02-10
Kubernetes（K8S）内核优化常用参数详解 net.ipv4.tcp_keepalive_time=600 net.ipv4.tcp_keepalive_intvl=30 net.ipv4.tcp_keepalive_probes=10 net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1 net.ipv4.neigh.default.gc_stale_time=120 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.arp_announce=2 net.ipv4.conf.lo.arp_announce=2 net.ipv4.conf.all.arp_announce=2 net.ipv4.ip_local_port_range= 45001 65000 net.ipv4.ip_forward=1 net.ipv4.tcp_max_tw_buckets=6000 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_synack_retries=2 net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 net.netfilter.nf_conntrack_max=2310720 net.ipv6.neigh.default.gc_thresh1=8192 net.ipv6.neigh.default.gc_thresh2=32768 net.ipv6.neigh.default.gc_thresh3=65536 net.core.netdev_max_backlog=16384 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_max_syn_backlog = 8096 net.core.somaxconn = 32768 fs.inotify.max_user_instances=8192 fs.inotify.max_user_watches=524288 fs.file-max=52706963 fs.nr_open=52706963 kernel.pid_max = 4194303 net.bridge.bridge-nf-call-arptables=1 vm.swappiness=0 vm.overcommit_memory=1 vm.panic_on_oom=0 vm.max_map_count = 262144内核参数解释net.ipv4.tcp_keepalive_time=600 #此参数表示TCP发送keepalive探测消息的间隔时间(秒) net.ipv4.tcp_keepalive_intvl=30 #tcp检查间隔时间（keepalive探测包的发送间隔） net.ipv4.tcp_keepalive_probes=10 #tcp检查次数（如果对方不予应答，探测包的发送次数） net.ipv6.conf.all.disable_ipv6=1 #禁用IPv6，修为0为启用IPv6 net.ipv6.conf.default.disable_ipv6=1 #禁用IPv6，修为0为启用IPv6 net.ipv6.conf.lo.disable_ipv6=1 #禁用IPv6，修为0为启用IPv6 net.ipv4.neigh.default.gc_stale_time=120 #ARP缓存条目超时 net.ipv4.conf.all.rp_filter=0 #默认为1，系统会严格校验数据包的反向路径，可能导致丢包 net.ipv4.conf.default.rp_filter=0 #不开启源地址校验 net.ipv4.conf.default.arp_announce=2 #始终使用与目的IP地址对应的最佳本地IP地址作为ARP请求的源IP地址 net.ipv4.conf.lo.arp_announce=2 #始终使用与目的IP地址对应的最佳本地IP地址作为ARP请求的源IP地址 net.ipv4.conf.all.arp_announce=2 #始终使用与目的IP地址对应的最佳本地IP地址作为ARP请求的源IP地址 net.ipv4.ip_local_port_range= 45001 65000 # 定义网络连接可用作其源（本地）端口的最小和最大端口的限制，同时适用于TCP和UDP连接。 net.ipv4.ip_forward=1 # 其值为0,说明禁止进行IP转发；如果是1,则说明IP转发功能已经打开。 net.ipv4.tcp_max_tw_buckets=6000 #配置服务器 TIME_WAIT 数量 net.ipv4.tcp_syncookies=1 #此参数应该设置为1，防止SYN Flood net.ipv4.tcp_synack_retries=2 #表示回应第二个握手包（SYN+ACK包）给客户端IP后，如果收不到第三次握手包（ACK包），进行重试的次数（默认为5） net.bridge.bridge-nf-call-ip6tables=1 # 是否在ip6tables链中过滤IPv6包 net.bridge.bridge-nf-call-iptables=1 # 二层的网桥在转发包时也会被iptables的FORWARD规则所过滤，这样有时会出现L3层的iptables rules去过滤L2的帧的问题 net.netfilter.nf_conntrack_max=2310720 #连接跟踪表的大小，建议根据内存计算该值CONNTRACK_MAX = RAMSIZE (in bytes) / 16384 / (x / 32)，并满足nf_conntrack_max=4*nf_conntrack_buckets，默认262144 net.ipv6.neigh.default.gc_thresh1=8192 net.ipv6.neigh.default.gc_thresh2=32768 net.ipv6.neigh.default.gc_thresh3=65536 #gc_thresh3 是表大小的绝对限制 #gc_thresh2 设置为等于系统的最大预期邻居条目数的值 #在这种情况下，gc_thresh3 应该设置为一个比 gc_thresh2 值高的值，例如，比 gc_thresh2 高 25%-50%，将其视为浪涌容量。 #gc_thresh1 提高到较大的值；此设置的作用是，如果表包含的条目少于 gc_thresh1，内核将永远不会删除（超时）过时的条目。 net.core.netdev_max_backlog=16384 # 每CPU网络设备积压队列长度 net.core.rmem_max = 16777216 # 所有协议类型读写的缓存区大小 net.core.wmem_max = 16777216 # 最大的TCP数据发送窗口大小 net.ipv4.tcp_max_syn_backlog = 8096 # 第一个积压队列长度 net.core.somaxconn = 32768 # 第二个积压队列长度 fs.inotify.max_user_instances=8192 # 表示每一个real user ID可创建的inotify instatnces的数量上限，默认128. fs.inotify.max_user_watches=524288 # 同一用户同时可以添加的watch数目，默认8192。 fs.file-max=52706963 # 文件描述符的最大值 fs.nr_open=52706963 #设置最大微博号打开数 kernel.pid_max = 4194303 #最大进程数 net.bridge.bridge-nf-call-arptables=1 #是否在arptables的FORWARD中过滤网桥的ARP包 vm.swappiness=0 # 禁止使用 swap 空间，只有当系统 OOM 时才允许使用它 vm.overcommit_memory=1 # 不检查物理内存是否够用 vm.panic_on_oom=0 # 开启 OOM vm.max_map_count = 262144Linux运维交流社区Linux运维交流社区，互联网新闻以及技术交流。82篇原创内容公众号 https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年02月10日
- 426 阅读
- 0 评论
- 0 点赞
2022-02-08
CentOS&RHEL内核升级在安装部署一些环境的时候，会要求内核版本的要求，可以通过YUM工具进行安装配置更高版本的内核，当然更新内核有风险，在操作之前慎重，严谨在生产环境操作！安装源# 为 RHEL-8或 CentOS-8配置源 yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm # 为 RHEL-7 SL-7 或 CentOS-7 安装 ELRepo yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm启用内核源，并安装# 查看可用安装包 yum --disablerepo="*" --enablerepo="elrepo-kernel" list available # 安装最新的内核 # 我这里选择的是稳定版kernel-ml 如需更新长期维护版本kernel-lt yum --enablerepo=elrepo-kernel install kernel-ml查看已有内核# 查看已安装哪些内核 rpm -qa | grep kernel kernel-core-4.18.0-358.el8.x86_64 kernel-tools-4.18.0-358.el8.x86_64 kernel-ml-core-5.16.7-1.el8.elrepo.x86_64 kernel-ml-5.16.7-1.el8.elrepo.x86_64 kernel-modules-4.18.0-358.el8.x86_64 kernel-4.18.0-358.el8.x86_64 kernel-tools-libs-4.18.0-358.el8.x86_64 kernel-ml-modules-5.16.7-1.el8.elrepo.x86_64查看当前使用的并设置# 查看默认内核 grubby --default-kernel /boot/vmlinuz-5.16.7-1.el8.elrepo.x86_64 # 若不是最新的使用命令设置 grubby --set-default /boot/vmlinuz-「您的内核版本」.x86_64 # 重启生效 reboot整合一条命令为：yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm -y ; yum --disablerepo="*" --enablerepo="elrepo-kernel" list available -y ; yum --enablerepo=elrepo-kernel install kernel-ml -y ; grubby --default-kernel ; rebootLinux运维交流社区Linux运维交流社区，互联网新闻以及技术交流。82篇原创内容公众号 https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年02月08日
- 126 阅读
- 0 评论
- 0 点赞
2022-01-14
网络抓包 tcpdump 使用指南在网络问题的调试中，tcpdump应该说是一个必不可少的工具，和大部分linux下优秀工具一样，它的特点就是简单而强大。它是基于Unix系统的命令行式的数据包嗅探工具，可以抓取流动在网卡上的数据包。监听所有网卡所有包tcpdump监听指定网卡的包tcpdump -i ens18监听指定IP的包tcpdump host 192.168.1.11监听指定来源IPtcpdump src host 192.168.1.11监听目标地址IPtcpdump dst host 192.168.1.11监听指定端口tcpdump port 80监听TCPtcpdump tcp监听UDPtcpdump udp监听192.168.1.11的tcp协议的80端口的数据包tcpdump tcp port 80 and src host 192.168.1.11 11:59:07.836563 IP 192.168.1.11.39680 > hello.http: Flags [.], ack 867022485, win 502, length 0 11:59:07.836711 IP 192.168.1.11.39680 > hello.http: Flags [P.], seq 0:77, ack 1, win 502, length 77: HTTP: HEAD / HTTP/1.1 11:59:07.838462 IP 192.168.1.11.39680 > hello.http: Flags [.], ack 248, win 501, length 0 11:59:07.838848 IP 192.168.1.11.39680 > hello.http: Flags [F.], seq 77, ack 248, win 501, length 0 11:59:07.839192 IP 192.168.1.11.39680 > hello.http: Flags [.], ack 249, win 501, length 0监听IP之间的包tcpdump ip host 192.168.1.11 and 192.168.1.60 11:57:52.742468 IP 192.168.1.11.38978 > hello.http: Flags [S], seq 3437424457, win 64240, options [mss 1460,sackOK,TS val 2166810854 ecr 0,nop,wscale 7], length 0 11:57:52.742606 IP hello.http > 192.168.1.11.38978: Flags [S.], seq 3541873211, ack 3437424458, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:57:52.742841 IP 192.168.1.11.38978 > hello.http: Flags [.], ack 1, win 502, length 0 11:57:52.742927 IP 192.168.1.11.38978 > hello.http: Flags [P.], seq 1:78, ack 1, win 502, length 77: HTTP: HEAD / HTTP/1.1 11:57:52.742943 IP hello.http > 192.168.1.11.38978: Flags [.], ack 78, win 502, length 0 11:57:52.744407 IP hello.http > 192.168.1.11.38978: Flags [P.], seq 1:248, ack 78, win 502, length 247: HTTP: HTTP/1.1 200 OK 11:57:52.744613 IP 192.168.1.11.38978 > hello.http: Flags [.], ack 248, win 501, length 0 11:57:52.744845 IP 192.168.1.11.38978 > hello.http: Flags [F.], seq 78, ack 248, win 501, length 0 11:57:52.745614 IP hello.http > 192.168.1.11.38978: Flags [F.], seq 248, ack 79, win 502, length 0 11:57:52.745772 IP 192.168.1.11.38978 > hello.http: Flags [.], ack 249, win 501, length 0监听除了与192.168.1.4之外的数据包tcpdump ip host 192.168.1.60 and ! 192.168.1.4 11:57:20.862575 IP 192.168.1.9.47190 > hello.9200: Flags [P.], seq 3233461117:3233461356, ack 1301434191, win 9399, length 239 11:57:20.878165 IP hello.9200 > 192.168.1.9.47190: Flags [P.], seq 1:4097, ack 239, win 3081, length 4096 11:57:20.878340 IP hello.9200 > 192.168.1.9.47190: Flags [P.], seq 4097:8193, ack 239, win 3081, length 4096 11:57:20.878417 IP 192.168.1.9.47190 > hello.9200: Flags [.], ack 4097, win 9384, length 0组合示例tcpdump tcp -i ens18 -v -nn -t -A -s 0 -c 50 and dst port ! 22 and src net 192.168.1.0/24 -w ./cby.cap (1)tcp: ip icmp arp rarp 和 tcp、udp、icmp这些选项等都要放到第一个参数的位置，用来过滤数据报的类型 (2)-i eth1 : 只抓经过接口eth1的包 (3)-t : 不显示时间戳 (4)-s 0 : 抓取数据包时默认抓取长度为68字节。加上-S 0 后可以抓到完整的数据包 (5)-c 50 : 只抓取50个数据包 (6)dst port ! 22 : 不抓取目标端口是22的数据包 (7)src net 192.168.1.0/24 : 数据包的源网络地址为192.168.1.0/24 (8)-w ./cby.cap : 保存成cap文件，方便用ethereal(即wireshark)分析 (9)-v 使用 -v，-vv 和 -vvv 来显示更多的详细信息，通常会显示更多与特定协议相关的信息。 (10)-nn 单个 n 表示不解析域名，直接显示 IP；两个 n 表示不解析域名和端口。 (11)-A 表示使用 ASCII 字符串打印报文的全部数据组合过滤器《与/AND/&&》《或/OR/||》《非/not/!》 and or && or or || not or !在HTTP中提取用户头tcpdump -nn -A -s0 -l | grep "User-Agent:" User-Agent: Prometheus/2.30.0 User-Agent: Microsoft-Delivery-Optimization/10.0在HTTP中同时提取用户头和主机信息tcpdump -nn -A -s0 -l | egrep -i 'User-Agent:|Host:' Host: 192.168.1.42:9200 User-Agent: Prometheus/2.30.0 HOST: 239.255.255.250:1900 USER-AGENT: Microsoft Edge/97.0.1072.55 Windows抓取 HTTP GET 流量tcpdump -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420' 11:55:13.704801 IP (tos 0x0, ttl 64, id 14605, offset 0, flags [DF], proto TCP (6), length 291) localhost.35498 > localhost.9200: Flags [P.], cksum 0x849a (incorrect -> 0xd0b0), seq 3090925559:3090925798, ack 809492640, win 630, options [nop,nop,TS val 2076158003 ecr 842090965], length 239 E..#9.@.@.}C... ...+..#..;..0?.....v....... {..321I.GET /metrics HTTP/1.1 Host: 192.168.1.43:9200 User-Agent: Prometheus/2.30.0 Accept: application/openmetrics-text; version=0.0.1,text/plain;version=0.0.4;q=0.5,*/*;q=0.1 Accept-Encoding: gzip X-Prometheus-Scrape-Timeout-Seconds: 10抓取 HTTP POST 请求流量tcpdump -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354' 11:53:10.831855 IP (tos 0x0, ttl 63, id 0, offset 0, flags [none], proto TCP (6), length 643) localhost.47702 > dns50.online.tj.cn.http-alt: Flags [P.], cksum 0x1a41 (correct), seq 3331055769:3331056372, ack 799860501, win 4096, length 603: HTTP, length: 603 POST /?tk=391f8956e632962ee9c1dc661a9b46779d86ca43fe252bddbfc09d2cc66bf875323f6e7f03b881db21133b1bf2ae5bc5 HTTP/1.1 Host: 220.194.116.50:8080 Accept: */* Accept-Language: zh-CN,zh-Hans;q=0.9 Q-Guid: e54764008893a559b852b6e9f1c8ae268958471308f41a96fd42e477e26323b8 Q-UA: Accept-Encoding: gzip,deflate Q-UA2: QV=3&PL=IOS&RF=SDK&PR=IBS&PP=com.tencent.mqq&PPVN=3.8.0.1824&TBSVC=18500&DE=PHONE&VE=GA&CO=IMTT&RL=1170*2532&MO=iPhone14,2&CHID=50001&LCID=9751&OS=15.1.1 Content-Length: 144 User-Agent: QQ-S-ZIP: gzip Connection: keep-alive Content-Type: application/multipart-formdata Q-Auth: E.......?.f.......t2.V....../...P....A..POST /?tk=391f8956e632962ee9c1dc661a9b46779d86ca43fe252bddbfc09d2cc66bf875323f6e7f03b881db21133b1bf2ae5bc5 HTTP/1.1 Host: 220.194.116.50:8080 Accept: */* Accept-Language: zh-CN,zh-Hans;q=0.9 Q-Guid: e54764008893a559b852b6e9f1c8ae268958471308f41a96fd42e477e26323b8 Q-UA: Accept-Encoding: gzip,deflate Q-UA2: QV=3&PL=IOS&RF=SDK&PR=IBS&PP=com.tencent.mqq&PPVN=3.8.0.1824&TBSVC=18500&DE=PHONE&VE=GA&CO=IMTT&RL=1170*2532&MO=iPhone14,2&CHID=50001&LCID=9751&OS=15.1.1 Content-Length: 144 User-Agent: QQ-S-ZIP: gzip Connection: keep-alive Content-Type: application/multipart-formdata Q-Auth:注意：一个 POST 请求会被分割为多个 TCP 数据包提取 HTTP 请求的主机名和路径root@pve:~# tcpdump -s 0 -v -n -l | egrep -i "POST /|GET /|Host:" tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes GET /gchatpic_new/2779153238/851197814-3116860870-F4902AF1432FE48B812982F082A31097/0?term=255&pictype=0 HTTP/1.1 Host: 112.80.128.33 GET /gchatpic_new/2779153238/851197814-3116860870-F4902AF1432FE48B812982F082A31097/0?term=255&pictype=0 HTTP/1.1 Host: 112.80.128.33 POST /mmtls/74ce36ed HTTP/1.1 Host: extshort.weixin.qq.com POST /mmtls/74ce36ed HTTP/1.1 Host: extshort.weixin.qq.com从 HTTP 请求中提取密码和主机名tcpdump -s 0 -v -n -l | egrep -i "POST /|GET /|pwd=|passwd=|password=|Host:" POST /index.php/action/login?_=b395d487431320461e9a6741e3828918 HTTP/1.1 Host: x.oiox.cn name=cby&password=Cby****&referer=http%3A%2F%2Fx.oiox.cn%2Fadmin%2Fwelcome.php [|http] POST /index.php/action/login?_=b395d487431320461e9a6741e3828918 HTTP/1.1 Host: x.oiox.cn name=cby&password=Cby****&referer=http%3A%2F%2Fx.oiox.cn%2Fadmin%2Fwelcome.php [|http] GET /admin/welcome.php HTTP/1.1 Host: x.oiox.cn从 HTTP 请求中提取Cookie信息tcpdump -nn -A -s0 -l -v | egrep -i 'Set-Cookie|Host:|Cookie:' Host: x.oiox.cn Cookie: 8bf110c223e1a04b7b63ca5aa97c9f61__typecho_uid=1; 8bf110cxxxxxxxb7b63ca5aa97c9f61__typecho_authCode=%24T%24W3hV7B9vRfefa6593049ba02c33b3c4796a7cfa35; PHPSESSID=bq67s1n0cb9ml6dq254qpdvfec通过排除 echo 和 reply 类型的数据包使抓取到的数据包不包括标准的 ping 包tcpdump 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply' 11:20:32.285428 IP localhost > localhost: ICMP localhost udp port 64594 unreachable, length 36 11:20:32.522061 IP localhost > localhost: ICMP localhost udp port 58617 unreachable, length 36 11:20:37.736249 IP localhost > localhost: ICMP redirect 204.79.197.219 to host localhost, length 48 11:20:44.379646 IP localhost > 111.206.187.34: ICMP localhost udp port 37643 unreachable, length 36 11:20:44.379778 IP localhost > 111.206.187.34: ICMP localhost udp port 37643 unreachable, length 36 11:20:46.351245 IP localhost > localhost: ICMP redirect lt-in-f188.1e100.net to host localhost, length 49可以通过过滤器 ip6 来抓取 IPv6 流量，同时可以指定协议如 TCProot@vm371841:~# tcpdump -nn ip6 proto 6 -v tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 06:40:26.060313 IP6 (flowlabel 0xfe65e, hlim 64, next-header TCP (6) payload length: 40) 2a00:b700::e831:2aff:fe27:e9d9.44428 > 2001:2030:21:181::26e7.443: Flags [S], cksum 0x451c (incorrect -> 0x24cd), seq 3503520271, win 64800, options [mss 1440,sackOK,TS val 2504544710 ecr 0,nop,wscale 6], length 0 06:40:34.296847 IP6 (flowlabel 0xc9f9c, hlim 64, next-header TCP (6) payload length: 40) 2a00:b700::e831:2aff:fe27:e9d9.55082 > 2a00:1450:4010:c0e::84.443: Flags [S], cksum 0x6754 (incorrect -> 0x0813), seq 3899361154, win 64800, options [mss 1440,sackOK,TS val 2141524802 ecr 0,nop,wscale 6], length 0发起的出站 DNS 请求和 A 记录响应tcpdump -i eth0 -s0 port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 06:44:10.499529 IP vm371841.37357 > dns.yandex.ru.domain: 34151+ [1au] A? czr12g1e.slt-dk.sched.tdnsv8.com. (61) 06:44:10.500992 IP vm371841.56195 > dns.yandex.ru.domain: 45667+ [1au] PTR? 219.3.144.45.in-addr.arpa. (54) 06:44:10.661142 IP dns.yandex.ru.domain > vm371841.56195: 45667 NXDomain 0/1/1 (112) 06:44:10.661438 IP vm371841.56195 > dns.yandex.ru.domain: 45667+ PTR? 219.3.144.45.in-addr.arpa. (43) 06:44:10.687147 IP dns.yandex.ru.domain > vm371841.56195: 45667 NXDomain 0/1/0 (101) 06:44:10.806349 IP dns.yandex.ru.domain > vm371841.37357: 34151 11/0/1 A 139.170.156.155, A 220.200.129.141, A 58.243.200.63, A 113.59.43.25, A 124.152.41.39, A 139.170.156.154, A 59.83.204.154, A 123.157.255.158, A 113.200.17.157, A 43.242.166.42, A 116.177.248.23 (237)抓取 DHCP 服务的请求和响应报文tcpdump -v -n port 67 or 68 11:50:28.939726 IP (tos 0x0, ttl 64, id 35862, offset 0, flags [DF], proto UDP (17), length 320) 192.168.1.136.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 70:3a:a6:cb:27:3c, length 292, xid 0x3ccba40c, secs 11529, Flags [none] Client-IP 192.168.1.136 Client-Ethernet-Address 70:3a:a6:cb:27:3c Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Request Client-ID (61), length 7: ether 70:3a:a6:cb:27:3c Hostname (12), length 11: "S24G-U_273C" Vendor-Class (60), length 13: "CloudSwitch_1" MSZ (57), length 2: 800 Parameter-Request (55), length 5: Subnet-Mask (1), Default-Gateway (3), Hostname (12), Domain-Name-Server (6) Vendor-Class (60)Linux运维交流社区Linux运维交流社区，互联网新闻以及技术交流。81篇原创内容公众号 https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年01月14日
- 1,213 阅读
- 1 评论
- 0 点赞