抓包
抓包
tcpdump
tcpdump -i bond0 port 8716
tcpdump -i bond0 host 10.248.13.11 and port 18009 -w 20150804.pcap
tcpdump -i bond0 host 10.27.10.140 or 10.27.10.141 or 10.27.10.142 -w new_memc.pcap
# 解析报文 - 只能简单解析
tcpdump -i bond0 port 8716 -Awireshark
常用规则
http.response.code==500
http.request.method=="GET" # 请求方法类型
http.request.method==POST
http.request.uri matches "V4=..1" # 正则
http.request # 过滤所有的http请求
http.request==1
http.request.uri=="/online/setpoint"
http.request.uri contains "/dll/test.htm?"
http.request.full_uri=="http://task.xxxx.xxxx.cn/online/setpoint"最后更新于