分类 Ubuntu 下的文章

“Ubuntu是以桌面应用为主的Linux发行版,基于Debian。Ubuntu有三个正式版本,包括桌面版、服务器版及用于物联网设备和机器人的Core版。从17.10版本开始,Ubuntu以GNOME为默认桌面环境。 Ubuntu是著名的Linux发行版之一,也是目前最多用户的Linux版本。 ”

linux shell 批量修改文件后缀名

rename 's/\.csv/\.txt/' *

linux shell 批量转换文件名大小写

rename 'y/A-Z/a-z/' *

(反着写就是小写变大写)

linux shell 删除所有文件的后缀名

rename 's/.csv//' *

或者

rename 's/\.bak$//' *.bak

linux shell 给所有文件添加后缀名

rename 's/$/\.txt/'  *

linux shell 在所有文件名前添加某个字符串

rename 's/^/const/' *

hexdump 十六进制输出数据

echo -ne "const.net.cn" |hexdump -C

00000000 63 6f 6e 73 74 2e 6e 65 74 2e 63 6e |const.net.cn|
0000000c

echo -ne "const.net.cn" |hexdump -e '16/1 "%02X " "\n"'

63 6F 6E 73 74 2E 6E 65 74 2E 63 6E

linux shell 执行字符串命令

cmd="echo hello word"
$cmd

或者

eval $cmd

linux shell date string

Date FormatOption MeaningExample Output
date +%clocale’s date timeSat May 9 11:49:47 2020
date +%xlocale’s date05/09/20
date +%Xlocale’s time11:49:47
date +%Alocale’s full weekday nameSaturday
date +%Blocale’s full month nameMay
date +%m-%d-%YMM-DD-YYYY date format05-09-2020
date +%DMM/DD/YY date format05/09/20
date +%FYYYY-MM-DD date format2020-05-09
date +%THH:MM:SS time format11:44:15
date +%uDay of Week6
date +%UWeek of Year with Sunday as first day of week18
date +%VISO Week of Year with Monday as first day of week19
date +%jDay of Year130
date +%ZTimezonePDT
date +%mMonth of year (MM)05
date +%dDay of Month (DD)09
date +%YYear (YY)2020
date +%HHour (HH)11
date +%HHour (HH) in 24-hour clock format11
date +%IHour in 12-hour clock format11
date +%plocale’s equivalent of AM or PMAM
date +%Psame as %p but in lower caseam
date '+%F %T'

2021-12-30 16:26:50

linux 编码转换显示hexstring

echo -n d6d0b9fa |xxd -r -p |iconv -f gb2312 -t utf8

中国

echo -n 中国 |iconv -f utf8 -t gb2312 |xxd -p

d6d0b9fa

echo -n 中国 |xxd -p

e4b8ade59bbd

echo -n e4b8ade59bbd |xxd -r -p

中国

使用ss 查看网络监听连接

ss -nlput
ss -h

-h, --help this message
-V, --version output version information
-n, --numeric don't resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
-l, --listening display listening sockets
-o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show process using socket
-i, --info show internal TCP information
--tipcinfo show internal tipc socket information
-s, --summary show socket usage summary
--tos show tos and priority information
-b, --bpf show bpf filter socket information
-E, --events continually display sockets as they are destroyed
-Z, --context display process SELinux security contexts
-z, --contexts display process and socket SELinux security contexts
-N, --net switch to the specified network namespace name

-4, --ipv4 display only IP version 4 sockets
-6, --ipv6 display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp display only TCP sockets
-S, --sctp display only SCTP sockets
-u, --udp display only UDP sockets
-d, --dccp display only DCCP sockets
-w, --raw display only RAW sockets
-x, --unix display only Unix domain sockets
--tipc display only TIPC sockets
--vsock display only vsock sockets
-f, --family=FAMILY display sockets of type FAMILY
FAMILY := {inet|inet6|link|unix|netlink|vsock|tipc|xdp|help}

-K, --kill forcibly close sockets, display what was closed
-H, --no-header Suppress header line
-O, --oneline socket's data printed on a single line

显示所有IP地址

ip -4 a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.10.8/24 brd 192.168.10.255 scope global noprefixroute enp0s31f6
       valid_lft forever preferred_lft forever
    inet 192.168.1.64/24 brd 192.168.1.255 scope global noprefixroute enp0s31f6
       valid_lft forever preferred_lft forever
    inet 192.168.3.64/24 brd 192.168.3.255 scope global noprefixroute enp0s31f6
       valid_lft forever preferred_lft forever
    inet 192.169.5.64/24 brd 192.169.5.255 scope global noprefixroute enp0s31f6
       valid_lft forever preferred_lft forever
    inet 192.168.6.64/24 brd 192.168.6.255 scope global noprefixroute enp0s31f6
       valid_lft forever preferred_lft forever
    inet 192.168.2.64/24 brd 192.168.2.255 scope global noprefixroute enp0s31f6
       valid_lft forever preferred_lft forever

linux shell directory md5sum
使用md5sum 校验整个目录
生成md5sum.txt

find . -type f |xargs md5sum > /path/to/file/md5sum.txt
md5sum -c /path/to/file/md5sum.txt

listing md5sum for all files
Therefore you should be able to run this command to get the result you want:

find -type f -exec md5sum "{}" +

If you really want to use pipe, then you need to tell find to delimit the responses with a null and xargs to expect null delimited arguments like this:

find -type f -print0 |xargs -0 md5sum

linux shell 写一条日志记录到syslog
Log a message to your client, eg:

logger -t hello-world -s 'Hello World - 1'

获取网卡mac地址,并设置为hostname

hostname `cat /sys/class/net/eth0/address |sed 's/://g'`

iptables 自动保存

sudo apt-get install iptables-persistent

树莓派介绍
树莓派(英语:Raspberry Pi)英国树莓派基金会开发的微型单板计算机,目的是以低价硬件及自由软件促进学校的基本计算机科学教育。

树莓派系列计算机每一代均使用博通(Broadcom)出产的ARM架构处理器,如今生产的机型(树莓派4B)内存在2GB和8GB之间,主要TF卡作为系统存储媒体(初代使用SD卡),配备USB接口和HDMI的视频输出(支持声音输出),内置Ethernet/WLAN/Bluetooth网络链接的方式(依据型号决定),并且可使用多种操作系统。产品线型号分为A型、B型、Zero型和ComputeModule计算卡。

Raspberry Pi OS是官方推出的操作系统,适用于所有型号的树莓派。

树莓派shadowsocks解决method aes-256-gcm not supported方法
sudo apt install python3 && sudo apt install python3-pip
sudo pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip -U
sudo apt-get install -y libsodium*

树莓派 ss shadowsocks-for-raspberry
sudo vim /etc/shadowsocks/config.json 编辑服务器的信息
使用sudo sslocal -c /etc/shadowsocks/config.json -d -start 就可以运行ss了
设置开机自动启动,新建一个sh脚本,输入下列代码,加入执行权限,sudo chmod 755 shadowsocks.sh, 然后编辑开机启动脚本sudo vim /etc/rc.local,在exit 0 之前加入/home/pi/Documents/shadowsocks.sh

sudo sslocal -c /etc/shadowsocks/config.json -d start

OK,shadowsocks就安装好了,但是socks5不支持http和https的协议,所以还需要安装代理

树莓派 安装privoxy
安装privoxy, sudo apt-get install privoxy
配置privoxy,sudo vim /etc/privoxy/config,找到并修改为以下代码

listen-address  127.0.0.1:8118
forward-socks5   /               127.0.0.1:1080 .
# 访问局域网不走ss
forward         192.168.*.*/     .
forward            10.*.*.*/     .
forward           127.*.*.*/     .

启动privoxy,systemctl start privoxy
现在进行测试,curl google.com --proxy 127.0.0.1:8118,如果有结果那么配置成功了,现在可以通过privoxy代理任意程序了
树莓派 you-get

sudo pip3 install you-get
you-get -V

you-get: version 0.4.1555, a tiny downloader that scrapes the web.

安装apache2

sudo apt install apache2 -y

安装php

sudo apt install php -y

restart Apache2:

sudo service apache2 restart

Install MySQL (MariaDB Server) on Raspberry Pi
MySQL (often pronounced My S–Q–L) is a popular open source relational database.
Install the MySQL Server (MariaDB Server) and PHP-MySQL packages by entering the following command:

sudo apt install mariadb-server php-mysql -y
sudo service apache2 restart
sudo mysql_secure_installation

To install phpMyAdmin on a Raspberry Pi, type the following command into the terminal:

sudo apt install phpmyadmin -y

Enable the PHP MySQLi extension and restart Apache2 for changes to take effect:

sudo phpenmod mysqli
sudo service apache2 restart

如果/var/www/html/目录下面没有phpmyadmin文件夹,执行下面命令

sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin

访问localhost/phpmyadmin,如果出现HY000/1698错误:
mysqli_real_connect(): (HY000/1698): Access denied for user 'root'@'localhost'
解决办法:
sudo mysql -uroot -p

输入密码成功登录后,建立一个新的用户,并给予最大的权限:

CREATE USER '新用户'@'%' IDENTIFIED BY '新用户的密码';
GRANT ALL PRIVILEGES ON . TO '新用户'@'%' WITH GRANT OPTION;

好了,用你的新用户名和密码去登录phpmyadmin吧。

建议步骤:

sudo chown -R pi:www-data /var/www/html/
sudo chmod -R 770 /var/www/html/

linux nobody socket bind

sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/binary

raspberrypi 关闭wifi
运行以下命令来确保rfkill的安装。

sudo apt install rfkill

禁用Raspberry Pi上的Wi-Fi接口

sudo rfkill block wifi

禁用你的蓝牙连接。

sudo rfkill block bluetooth

想恢复连接的功能,你可以运行以下命令。

sudo rfkill unblock wifi

raspberrypi 供电不足 异常

当+5V电源输入电压不足时,显示屏的右上角会显示一个黄色的小闪电符号作为报警。 +5V电源输入电压不足会引起很多问题,比如运行不稳定,数据丢失,甚至会导致SD卡永久损坏。 使用一个优质的、足功率、足电压的电源适配器是必须的。但即使我们使用官方电源适配器,偶尔也会因为micro USB口长期反复插拔后,导致接触不良而引起接触电阻过高,使得树莓派+5V输入电压不足。 于是我们需要有能够实时监测树莓派电压不足(Under-voltage)的方法,以便能够在所开发的应用中及时报警,或者采取相应行动。

原理
Raspberry Pi OS 中的命令 vcgencmd get_throttled 会得到一个十六进制数,这个数字反映了和当前系统频率、输入电压等相关的状态信息

$ vcgencmd get_throttled

throttled=0x50005

这个数字转换为二进制后,其中的8位,代表了8个标志的状态,我们重点看其中的两位:

这个数字的第 0 位为 1 的话,表明当前发生了输入电压不足的情况;
这个数字的第 16 位为 1 的话,表明启动之后曾经发生过输入电压不足的情况;
那我们只要实时检测这两个标志位,就可以监测到树莓派输入电压不足的情况。

#Flag Bits
UNDERVOLTED         = '0'
CAPPED              = '1'
THROTTLED           = '2'
SOFT_TEMPLIMIT      = '3'
HAS_UNDERVOLTED     = '16'
HAS_CAPPED          = '17'
HAS_THROTTLED       = '18'
HAS_SOFT_TEMPLIMIT  = '19'

UNDERVOLTED 说明输入电压过低了
THROTTLED 表明系统工作频率被强制降低了
HAS_UNDERVOLTED 说明曾经检测到电压过低的情况,
HAS_THROTTLED 说明曾经被降频

raspberrypi 降低功率
禁用 HDMI 输出
估计省电:约 30mA。

在无头配置中使用 Raspberry Pi 时,根据定义,您也不需要连接显示器。如果是这种情况,您也可以禁用 HDMI 输出。

要禁用 Raspberry Pi 上的 HDMI 输出,请执行以下命令:

sudo /opt/vc/bin/tvservice -o

然后,要在再次需要时重新启用 HDMI 输出,请使用以下命令:

sudo /opt/vc/bin/tvservice -p

与禁用 USB 控制器一样,重新启动后启用 HDMI 输出。

OpenSSL3.0.1下载

wget https://www.openssl.org/source/openssl-3.0.1.tar.gz

OpenSSL3.0.1解压

tar xvf openssl-3.0.1.tar.gz

OpenSSL3.0.1编译

cd openssl-3.0.1
./Configure --prefix=/opt/openssl --openssldir=/usr/local/ssl
make -j12
sudo make install
sudo ln -s /opt/openssl/bin/openssl /usr/bin/openssl3
echo "/opt/openssl/lib64/" > /etc/ld.so.conf.d/openssl3.0.1.conf
sudo ldconfig

OpenSSL3.0.1运行

openssl3 version
OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)

OpenSSL3.0.1 生成 SM2 密钥

openssl3 ecparam -genkey -name SM2 
-----BEGIN SM2 PARAMETERS-----
BggqgRzPVQGCLQ==
-----END SM2 PARAMETERS-----
-----BEGIN PRIVATE KEY-----
MIGIAgEAMBQGCCqBHM9VAYItBggqgRzPVQGCLQRtMGsCAQEEIL/8jEekBeJc8bjW
96Xd0xiyqlE8cpq5wdr2GTRog4C+oUQDQgAE45bfR1XYxfUN8cc0gHzRQfbfbxXB
sb6eGcWHhhofO9c4smNcqsioh0aZCrD5e0iNKE/wpNQ5ySP7xiz7RlpxEQ==
-----END PRIVATE KEY-----

openssl3 ecparam -genkey -name SM2 -out sm2.key

OpenSSL3.0.1 命令行SM2签名

openssl3 pkeyutl -sign -inkey sm2.key -in test.data -rawin  -digest sm3 -pkeyopt distid:1234567812345678 |hexdump -C

00000000 30 44 02 20 26 c4 c1 3f 0f 45 01 eb 1c 42 03 c7 |0D. &..?.E...B..|
00000010 3d 82 2b c9 70 84 94 af ba 69 8f 4a 61 32 b6 98 |=.+.p....i.Ja2..|
00000020 72 b1 d2 91 02 20 5f 02 75 9c 0a 13 0e bb a7 4d |r.... _.u......M|
00000030 b6 64 4d 37 63 6b 75 df 83 ab 40 90 e7 7f a9 d0 |.dM7cku...@.....|
00000040 8e 80 5a 87 32 84 |..Z.2.|
00000046

Samba 介绍
Samba,是种用来让UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做链接的自由软件。第三版不仅可访问及分享SMB的文件夹及打印机,本身还可以集成入Windows Server的网域,扮演为网域控制站以及加入Active Directory成员。
安装samba

sudo apt install samba

查看samba版本

samba -V
Version 4.13.14-Ubuntu

修改smb.conf配置
samba的配置文件在/etc/samba/路径下,文件名为smb.conf,注意需要root用户权限才能编辑该文件,我是用root用户下使用vim进行编辑修改的。
在文件末尾添加以下内容

[test]
comment = samba test
path = /home/d/share //共享文件路径
browseable = yes
read only = no
guest ok = yes
writable = yes

添加samba用户    
smbpasswd -a 用户名
接着需要两次输入密码
此处设置的用户和密码,是用来登录用的

安装smbclient

sudo apt install smbclient

打开samba SMBV1 enable

服务器端在/etc/samba/smb.conf文件中[global]段中加入
server min protocol NT1
客户端在/etc/samba/smb.conf文件中[global]段中加入
client min protocol NT1

启动samba

systemctl start smbd

重启samba

systemctl restart smbd

nmap 扫描Samba服务支持的SMB协议版本

nmap -p445 -Pn  --script smb-protocols 192.168.10.64
Nmap scan report for 192.168.10.64
Host is up (0.000071s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds

Host script results:
| smb-protocols: 
|   dialects: 
|     NT LM 0.12 (SMBv1) [dangerous, but default]
|     2.02
|     2.10
|     3.00
|     3.02
|_    3.11

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

错误解决:Max protocol NT1 is less than min protocol SMB2_02
一般出现在使用smbclient 连接samba服务器时,这是由于smb.conf的client min protocol配置默认是SMB2_02,将client min protocol 配置为NT1即可。

smbclient 连接samba服务器

sudo smbpasswd -a hehe
smbclient //192.168.10.64/test -U hehe

指定协议版本连接Samba服务器

smbclient //192.168.10.64/test -m NT1 -U hehe

指定SMB默认端口连接Samba服务器

smbclient //192.168.10.64/test -p 9445 -m NT1 -U hehe

smb 端口
TCP 139 和 TCP 445 端口
smb-protocols.nse not found
使用nmap --script smb-protocols.nse 192.168.10.64
提示smb-protocols.nse not found,应该是没有相应的script,网上下载即可。
扫描smb版本方法

nmap --script smb-protocols 192.168.10.64 -p139
nmap --script smb-protocols 192.168.10.64 -p445
nmap --script smb-protocols 192.168.10.64 

输出类似

Host script results:
| smb-protocols: 
|   dialects: 
|     NT LM 0.12 (SMBv1) [dangerous, but default]
|     2.02
|     2.10
|     3.00
|     3.02
|_    3.11

smbclient - 類似FTP操作方式的訪問SMB/CIFS服務器資源的客戶端

smbclient 是個可以和SMB/CIFS服務器“交談”的客戶端程序。它提供 了類似FTP程序(參見ftp

   (1))的用戶界面。它可以完成的操作包括象從服務
   器下載文件到本地,上傳本地文件到服務器及在服務器上查找目錄信息等。

http://manpages.ubuntu.com/manpages/bionic/zh_TW/man1/smbclient.1.html

smbclient url port
通过-p port 参数可指定端口,windows默认的网络共享好像不能够指定端口。只能使用默认的端口。

smbclient 示例
列出某个IP地址所提供的共享文件夹

smbclient -L 198.168.10.64 -U username%password

像ftp客户端一样使用smbclient

smbclient //192.168.10.64/tmp  -U username%password

执行smbclient命令成功后,进入smbclient环境,出现提示符:smb:/>

这里有许多命令和ftp命令相似,如cd 、lcd、get、megt、put、mput等。通过这些命令,我们可以访问远程主机的共享资源。

直接一次性使用smbclient命令

smbclient -c "ls"  //192.168.10.64/tmp  -U username%password

smbclient //192.168.10.64/tmp  -U username%password

smb:/>ls

功能一样的。

创建一个共享文件夹

smbclient -c "mkdir share1" //192.168.10.64/tmp -U username%password

smb-protocols对应说明

SMB3_00: Windows 8

SMB3_02: Windows 8.1

SMB3_10: early Windows 10

SMB3_11: Windows 10

By default SMB3 in smb.conf selects the SMB3_11 variant.*

server min protocol = nt1
设置samba 支持的SMB协议版本,因为SMBv1(NT1)不安全,默认被禁用。导致很多只支持SMBv1的设备(电视盒子之类很多都只支持SMBv1协议)无法查看共享文件。
nmap smb 扫描脚本相关

cd /usr/share/nmap/scripts; ls |  grep smb
smb2-capabilities.nse
smb2-security-mode.nse
smb2-time.nse
smb2-vuln-uptime.nse
smb-brute.nse
smb-double-pulsar-backdoor.nse
smb-enum-domains.nse
smb-enum-groups.nse
smb-enum-processes.nse
smb-enum-services.nse
smb-enum-sessions.nse
smb-enum-shares.nse
smb-enum-users.nse
smb-flood.nse
smb-ls.nse
smb-mbenum.nse
smb-os-discovery.nse
smb-print-text.nse
smb-protocols.nse
smb-psexec.nse
smb-security-mode.nse
smb-server-stats.nse
smb-system-info.nse
smb-vuln-conficker.nse
smb-vuln-cve2009-3103.nse
smb-vuln-cve-2017-7494.nse
smb-vuln-ms06-025.nse
smb-vuln-ms07-029.nse
smb-vuln-ms08-067.nse
smb-vuln-ms10-054.nse
smb-vuln-ms10-061.nse
smb-vuln-ms17-010.nse
smb-vuln-regsvc-dos.nse
smb-vuln-webexec.nse
smb-webexec-exploit.nse

nmap --script smb-os-discovery.nse -p445 192.168.10.64

输出:

Nmap scan report for 192.168.10.64
Host is up (0.000074s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds

Host script results:
| smb-os-discovery: 
|   OS: Windows 6.1 (Samba 4.13.14-Ubuntu)
|   Computer name: xxx
|   NetBIOS computer name: xxx\x00
|   Domain name: \x00
|   FQDN: xxx-1
|_  System time: 2022-01-28T10:49:04+08:00

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

nmap 遍历samba共享

nmap --script smb-enum-shares.nse -p445 192.168.10.64

nmap 遍历samba用户

nmap –script smb-enum-users.nse -p445 192.168.10.64

nmap 同时运行多个脚本

nmap --script smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-services.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse -p445 192.168.10.64

更多内容:https://www.infosecademy.com/nmap-smb-scripts-enumeration/

server min protocol (G)
This setting controls the minimum protocol version that the server will allow the client to use.

Normally this option should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropriate protocol unless you have legacy clients which are SMB1 capable only.

Default: server min protocol = SMB2_02
Example: server min protocol = NT1

所有的smb协议版本

  • LANMAN1: First modern version of the protocol. Long filename support.
  • LANMAN2: Updates to Lanman1 protocol.
  • NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.

SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.

  • SMB2_02: The earliest SMB2 version.
  • SMB2_10: Windows 7 SMB2 version.

By default SMB2 selects the SMB2_10 variant.

SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available.

  • SMB3_00: Windows 8 SMB3 version.
  • SMB3_02: Windows 8.1 SMB3 version.
  • SMB3_11: Windows 10 SMB3 version.

By default SMB3 selects the SMB3_11 variant.

Configuring 20.04 samba for SMBv1

client min protocol = NT1
server min protocol = NT1
sudo service smbd restart
sudo service nmbd restart

How do I enable SMBv1 on my Raspberry Pi file server?
On the CLIENT and/or SERVER machine add to /etc/samba/smb.conf in the [global] section

client min protocol = NT1
server min protocol = NT1

dumpcap 安装

sudo apt install pcaputils

使用

sudo dumpcap -i enp0s31f6

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216090552_xl1tkO.pcapng

抓取广播包

sudo dumpcap -i enp0s31f6 -f "broadcast"

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216090953_PKm09I.pcapng

抓取指定IP包

sudo dumpcap -i enp0s31f6 -f "ip host 192.168.10.64"

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216091028_Af9Bi0.pcapng

抓取指定MAC地址包

sudo dumpcap -i enp0s31f6 -f "ether host 8c:ec:4b:d0:f8:31"

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216091135_uxv8ib.pcapng

抓取多个IP地址包

sudo dumpcap -i enp0s31f6 -f "ip host 192.168.10.64 or 192.168.10.71"

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216091244_qLj4UK.pcapng

查看所有网络接口

sudo dumpcap -D
  1. ppp0
  2. vmnet1
  3. enp0s31f6
  4. vmnet8
  5. lo (Loopback)
  6. any
  7. docker0
  8. bluetooth-monitor
  9. nflog
  10. nfqueue
  11. bluetooth0
  12. wlp0s20f3

抓取指定包数就停止

sudo dumpcap -i enp0s31f6 -c 10

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216091625_zExgX6.pcapng
Packets captured: 10
Packets received/dropped on interface 'enp0s31f6': 10/0 (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%)

抓取指定时长自动停止
时间单位是秒

sudo dumpcap -i enp0s31f6 -a duration:10

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216091758_v2Fpaa.pcapng
Packets captured: 198
Packets received/dropped on interface 'enp0s31f6': 198/0 (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%)
抓取指定文件大小自动停止
文件大小单位是kB

sudo dumpcap -i enp0s31f6 -a filesize:10

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216091850_1ZyWF9.pcapng
Packets captured: 95
Packets received/dropped on interface 'enp0s31f6': 95/0 (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%)

抓取指定文件个数后自动停止
这个应该要配合其他选项使用,如果文件无限制大小,就会一直写下去,也就没什么意义了。

sudo dumpcap -i enp0s31f6 -a files:2

dumpcap: Ring buffer requested, but capture isn't being saved to a permanent file.
dumpcap: Ring buffer requested, but no maximum capture file size, duration interval, or packets were specified.
Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216092356_MzSbHh.pcapng
正确的命令应该是这样

sudo dumpcap -i enp0s31f6 -b filesize:10 -a files:2 -w output.pcapng

Capturing on 'enp0s31f6'
File: output_00001_20220216092700.pcapng
Packets: 101 File: output_00002_20220216092705.pcapng
Packets captured: 202
Packets received/dropped on interface 'enp0s31f6': 202/0 (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%)

设置抓包文件格式
pcapng格式

sudo dumpcap -i enp0s31f6 -n

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216092830_966pcE.pcapng
libpcap格式

sudo dumpcap -i enp0s31f6 -p

Capturing on 'enp0s31f6'
File: /tmp/wireshark_enp0s31f6_20220216092835_wc04em.pcapng

错误解决

Couldn't run /usr/bin/dumpcap in child process:Permission Denied

输入以下这句命令:
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

运行上述setcap命令行,能让dumpcap 无需root权限即可访问系统原生sockets,也就有权对整个网络栈执行管理相关操作了。