tcpflowを使ã£ã¦ãƒ‘ケット監視
何ã‹ãƒˆãƒ©ãƒ–ルãŒèµ·ã“ã£ãŸã¨ãã€ã‚¢ãƒ—リケーションã®ãƒã‚°ã‚’見るよりもパケット直接見ãŸæ–¹ãŒæ—©ã„ã£ã¦ã°ã‚ã¡ã‚ƒã‚“ãŒè¨€ã£ã¦ãŸã€‚
å‚考:http://www.slideshare.net/takafumionaka/ss-5852561
ã¨ã‚るアプリã®é–‹ç™ºé‹ç”¨(トラブルシュート)
Debian環境ã§ä½¿ã†ã€‚
ã¾ãšã¯ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«
sudo aptitude install tcpflow
tcpflowã®ãƒ˜ãƒ«ãƒ—を見る。
usage: tcpflow [-chpsv] [-b max_bytes] [-d debug_level] [-f max_fds]
[-i iface] [-w file] [expression]
-b: max number of bytes per flow to save
-c: console print only (don't create files)
-C: console print only, but without the display of source/dest header
-d: debug level; default is 1
-e: output each flow in alternating colors
-f: maximum number of file descriptors to use
-h: print this help message
-i: network interface on which to listen
(type "ifconfig -a" for a list of interfaces)
-p: don't use promiscuous mode
-r: read packets from tcpdump output file
-s: strip non-printable characters (change to '.')
-v: verbose operation equivalent to -d 10
expression: tcpdump-like filtering expression
- c を忘れるã¨å¤§å¤‰ãªã“ã¨ã«ãªã‚‹ã®ã§å¿˜ã‚Œãªã„ã¨ã„ã„ã¨æ€ã„ã¾ã™ã€‚
監視ã™ã‚‹ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚¢ãƒ€ãƒ—タを探ã™ã€‚
ifconfig -a
ã§ã€ç›£è¦–
sudo tcpflow -c port 80 -i lo
80番ãƒãƒ¼ãƒˆã§ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ãƒã‚°ãŒæµã‚Œã‚‹ã®ã§ã€ç›£è¦–æˆåŠŸã™ã‚‹ã€‚
