{"id":1654,"date":"2021-10-12T16:40:34","date_gmt":"2021-10-12T23:40:34","guid":{"rendered":"https:\/\/www.xh86.me\/?p=1654"},"modified":"2021-10-12T16:40:34","modified_gmt":"2021-10-12T23:40:34","slug":"tcpdump-%e6%8a%93%e5%8c%85%e5%ae%b9%e5%99%a8%e5%86%85%e7%bd%91%e7%bb%9c%e8%af%b7%e6%b1%82","status":"publish","type":"post","link":"https:\/\/www.xh86.me\/?p=1654","title":{"rendered":"tcpdump \u6293\u5305\u5bb9\u5668\u5185\u7f51\u7edc\u8bf7\u6c42"},"content":{"rendered":"<blockquote><p>\u4f7f\u7528 tcpdump \u5de5\u5177\u6293\u5305\u5bb9\u5668\u5185\u7f51\u7edc\u6570\u636e\u5305<br \/>\n<a id=\"more\" data-pjax-state=\"\"><\/a><\/p><\/blockquote>\n<ol>\n<li>\u83b7\u53d6\u5bb9\u5668\u4f7f\u7528\u7f51\u5361<br \/>\n<figure id=\"code-1634081934226975\" class=\"highlight shell hljs\"><figcaption class=\"level is-mobile\">\n<div class=\"level-left\"><i class=\"fas fa-angle-down\"><\/i>shell<\/div>\n<div class=\"level-right\"><\/div>\n<\/figcaption><div class=\"highlight-body\">\n<table>\n<tbody>\n<tr>\n<td class=\"gutter\">\n<pre><span class=\"line\">1<\/span><\/pre>\n<\/td>\n<td class=\"code\">\n<pre><span class=\"line\"><span class=\"hljs-meta\">#<\/span><span class=\"hljs-bash\"> PID=$(docker inspect --format {{.State.Pid}} &lt;CONTAINER_NAME&gt;)<\/span><\/span><\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/figure>\n<\/li>\n<li>\u627e\u5230\u5f53\u524d\u5bb9\u5668 PID \u4f7f\u7528\u7684\u7f51\u5361<br \/>\n<figure id=\"code-163408193422941\" class=\"highlight shell hljs\"><figcaption class=\"level is-mobile\">\n<div class=\"level-left\"><i class=\"fas fa-angle-down\"><\/i>shell<\/div>\n<div class=\"level-right\"><\/div>\n<\/figcaption><div class=\"highlight-body\">\n<table>\n<tbody>\n<tr>\n<td class=\"gutter\">\n<pre><span class=\"line\">1<\/span>\r\n<span class=\"line\">2<\/span>\r\n<span class=\"line\">3<\/span>\r\n<span class=\"line\">4<\/span>\r\n<span class=\"line\">5<\/span>\r\n<span class=\"line\">6<\/span>\r\n<span class=\"line\">7<\/span>\r\n<span class=\"line\">8<\/span>\r\n<span class=\"line\">9<\/span><\/pre>\n<\/td>\n<td class=\"code\">\n<pre><span class=\"line\"><span class=\"hljs-meta\">#<\/span><span class=\"hljs-bash\"> nsenter -n -t <span class=\"hljs-variable\">$PID<\/span> ip addr<\/span><\/span>\r\n<span class=\"line\">1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000<\/span>\r\n<span class=\"line\">    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<\/span>\r\n<span class=\"line\">    inet 127.0.0.1\/8 scope host lo<\/span>\r\n<span class=\"line\">    valid_lft forever preferred_lft forever<\/span>\r\n<span class=\"line\">192: eth0@if193: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP group default<\/span>\r\n<span class=\"line\">    link\/ether 02:42:c0:a8:a0:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0<\/span>\r\n<span class=\"line\">    inet 192.168.160.3\/20 brd 192.168.175.255 scope global eth0<\/span>\r\n<span class=\"line\">    valid_lft forever preferred_lft forever<\/span><\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/figure>\n<\/li>\n<li>\u6839\u636e\u4e0a\u9762\u00a0<code>eth0@if193<\/code>\u00a0\u4e2d\u00a0<code>@if193<\/code>\u00a0\u4e3a\u5173\u952e\u4fe1\u606f\uff0c\u627e\u5230\u5bbf\u4e3b\u673a\u4e0a\u00a0<code>@if193<\/code>\u00a0\u5bf9\u5e94\u7684\u7f51\u5361<br \/>\n<figure id=\"code-1634081934229304\" class=\"highlight shell hljs\"><figcaption class=\"level is-mobile\">\n<div class=\"level-left\"><i class=\"fas fa-angle-down\"><\/i>shell<\/div>\n<div class=\"level-right\"><\/div>\n<\/figcaption><div class=\"highlight-body\">\n<table>\n<tbody>\n<tr>\n<td class=\"gutter\">\n<pre><span class=\"line\">1<\/span>\r\n<span class=\"line\">2<\/span><\/pre>\n<\/td>\n<td class=\"code\">\n<pre><span class=\"line\"><span class=\"hljs-meta\">#<\/span><span class=\"hljs-bash\"> ip addr | grep 193<\/span><\/span>\r\n<span class=\"line\">193: veth169636c@if192: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue master br-a37be7a191f9 state UP group default<\/span><\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/figure>\n<\/li>\n<li>\u6839\u636e\u00a0<code>193:<\/code>\u00a0\u5bf9\u5e94\u7684\u00a0<code>veth169636c<\/code>\u00a0\u5c31\u662f\u6211\u4eec\u5f53\u524d\u5bb9\u5668\u5bf9\u5e94\u7684\u7f51\u5361\uff0c\u6211\u4eec\u6293\u5305\u7684\u65f6\u5019\u5c31\u4f7f\u7528\u8be5\u7f51\u5361\u5373\u53ef<br \/>\n<figure id=\"code-1634081934229866\" class=\"highlight shell hljs\"><figcaption class=\"level is-mobile\">\n<div class=\"level-left\"><i class=\"fas fa-angle-down\"><\/i>shell<\/div>\n<div class=\"level-right\"><\/div>\n<\/figcaption><div class=\"highlight-body\">\n<table>\n<tbody>\n<tr>\n<td class=\"gutter\">\n<pre><span class=\"line\">1<\/span><\/pre>\n<\/td>\n<td class=\"code\">\n<pre><span class=\"line\"><span class=\"hljs-meta\">#<\/span><span class=\"hljs-bash\"> tcpdump -i veth169636c -w \/tmp\/&lt;CONTAINER_NAME&gt;.<span class=\"hljs-built_in\">cap<\/span><\/span><\/span><\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/figure>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>\u4f7f\u7528 tcpdump \u5de5\u5177\u6293\u5305\u5bb9\u5668\u5185\u7f51\u7edc\u6570\u636e\u5305 \u83b7\u53d6\u5bb9\u5668\u4f7f\u7528\u7f51\u5361 shell 1 # PID=$(docker [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-1654","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/1654","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1654"}],"version-history":[{"count":1,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/1654\/revisions"}],"predecessor-version":[{"id":1655,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/1654\/revisions\/1655"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1654"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1654"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}