mirror of
https://github.com/fofolee/uTools-Manuals.git
synced 2025-12-17 00:04:34 +08:00
语法高亮,滚动条美化,设置页面调整
This commit is contained in:
fofolee
@@ -5,21 +5,21 @@
|
||||
<h3 id="安装">安装</h3>
|
||||
<p>ngrep命令的下载地址:http://ngrep.sourceforge.net/,libpcap下载地址:http://www.tcpdump.org/。先用<code>yum install libpcap</code>完全安装libpcap,注意有时候用libpcap安装包安装的不完整会影响ngrep的使用。</p>
|
||||
<p>如果yum无法安装就用以下步骤安装libpcap:</p>
|
||||
<pre><code>wget http://www.tcpdump.org/release/libpcap-1.3.0.tar.gz
|
||||
<pre><code class="language-bash">wget http://www.tcpdump.org/release/libpcap-1.3.0.tar.gz
|
||||
tar -zxf libpcap-1.3.0.tar.gz
|
||||
cd libpcap-1.3.0
|
||||
./configure
|
||||
make && make install</code></pre>
|
||||
<p>ngrep的安装就是 configure/make/make install 三部曲。</p>
|
||||
<p>注:configure时是遇到 please wipe out all unused pcap installations,添加以下选项:</p>
|
||||
<pre><code>./configure --with-pcap-includes=/usr/local/include/pcap</code></pre>
|
||||
<pre><code class="language-bash">./configure --with-pcap-includes=/usr/local/include/pcap</code></pre>
|
||||
<p>在安装后输入ngrep来验证下安装是否成功。</p>
|
||||
<h3 id="语法">语法</h3>
|
||||
<pre><code>ngrep <-LhNXViwqpevxlDtTRM> <-IO pcap_dump> <-n num> <-d dev> <-A num>
|
||||
<pre><code class="language-bash">ngrep <-LhNXViwqpevxlDtTRM> <-IO pcap_dump> <-n num> <-d dev> <-A num>
|
||||
<-s snaplen> <-S limitlen> <-w normal|byline|single|none> <-c cols>
|
||||
<-P char> <-F file> <match expression> <bpf filter></code></pre>
|
||||
<h3 id="选项">选项</h3>
|
||||
<pre><code>-e :显示空数据包
|
||||
<pre><code class="language-bash">-e :显示空数据包
|
||||
-i :忽略大小写
|
||||
-v :反转匹配
|
||||
-R :don't do privilege revocation logic
|
||||
@@ -47,18 +47,18 @@ make && make install</code></pre>
|
||||
-L :查询网卡接口</code></pre>
|
||||
<h3 id="实例">实例</h3>
|
||||
<p>捕捉cloudian:18080端口的request和response,<code>-W byline</code>用来解析包中的换行符,否则包里的所有数据都是连续的,可读性差。<code>-d lo</code>是监听本地网卡:</p>
|
||||
<pre><code>ngrep -W byline -d lo port 18080</code></pre>
|
||||
<pre><code class="language-bash">ngrep -W byline -d lo port 18080</code></pre>
|
||||
<p>捕捉amazon:80端口的request和response。<code>-d eth0是</code>用来监听对外的网卡:</p>
|
||||
<pre><code>ngrep -W byline -d eth0 port 80</code></pre>
|
||||
<pre><code class="language-bash">ngrep -W byline -d eth0 port 80</code></pre>
|
||||
<p>可以用<code>-d any</code>来捕捉所有的包:</p>
|
||||
<pre><code>ngrep '[a-zA-Z]' -t -W byline -d any tcp port 18080</code></pre>
|
||||
<pre><code class="language-bash">ngrep '[a-zA-Z]' -t -W byline -d any tcp port 18080</code></pre>
|
||||
<p>捕获字符串<code>.flv</code>,比如要查看在Web Flash 视频中的.flv文件的下载地址:</p>
|
||||
<pre><code>ngrep -d3 -N -q \.flv
|
||||
<pre><code class="language-bash">ngrep -d3 -N -q \.flv
|
||||
interface: \Device\TNT_40_1_{670F6B50-0A13-4BAB-9D9E-994A833F5BA9} (10.132.0.0/2
|
||||
55.255.192.0)
|
||||
match: \.flv</code></pre>
|
||||
<p>打开一个视频页面:</p>
|
||||
<pre><code>T(6) 10.132.34.23:24860 -> 61.142.208.154:80 [AP]
|
||||
<pre><code class="language-bash">T(6) 10.132.34.23:24860 -> 61.142.208.154:80 [AP]
|
||||
GET /f59.c31.56.com/flvdownload/12/19/ggyg7741@56.com_56flv_zhajm_119556973
|
||||
97.flv HTTP/1.1..accept: */*..Referer: http://www.56.com/flashApp/v_player_
|
||||
site.swf..x-flash-version: 9,0,45,0..UA-CPU: x86..Accept-Encoding: gzip, de
|
||||
@@ -68,7 +68,7 @@ CLR 2.0.50727; .NET CLR 3.0.04506.30)..host: f59.r.56.com..Connection: Keep
|
||||
3081156-23207350-22395727-; geoip=............; wl_all_s=y....</code></pre>
|
||||
<p>OK。地址已经找到了,就是http://f59.c31.56.com/flvdownload/12/19/ggyg7741@56.com_56flv_zhajm_11955697397.flv</p>
|
||||
<p>加个<code>-W byline</code>参数后,将解析包中的换行符:</p>
|
||||
<pre><code>T(6) 2007/11/25 15:56:12.192619 10.132.34.23:26365 -> 59.151.21.101:80 [AP]
|
||||
<pre><code class="language-bash">T(6) 2007/11/25 15:56:12.192619 10.132.34.23:26365 -> 59.151.21.101:80 [AP]
|
||||
GET /aa.flv HTTP/1.1.
|
||||
Accept: */*.
|
||||
Accept-Language: zh-cn.
|
||||
|
||||
Reference in New Issue
Block a user