# tcpdump -i eth0 port 80 -Xns 1000 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 1000 bytes 16:28:11.574091 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [S], seq 2155308325, win 65535, options [mss 1304,nop,nop,sackOK], length 0 0x0000: 4500 0030 c790 4000 7606 83f2 3dc2 39fa E..0..@.v...=.9. 0x0010: 85f2 bb96 67e3 0050 8077 6525 0000 0000 ....g..P.we%.... 0x0020: 7002 ffff 7ca6 0000 0204 0518 0101 0402 p...|........... 16:28:11.574152 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [S.], seq 28297922, ack 2155308326, win 14600, options [mss 1460,nop,nop,sackOK], length 0 0x0000: 4500 0030 0000 4000 4006 8183 85f2 bb96 E..0..@.@....... 0x0010: 3dc2 39fa 0050 67e3 01af cac2 8077 6526 =.9..Pg......we& 0x0020: 7012 3908 767f 0000 0204 05b4 0101 0402 p.9.v........... 16:28:11.595974 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [.], ack 1, win 65535, length 0 0x0000: 4500 0028 c791 4000 7606 83f9 3dc2 39fa E..(..@.v...=.9. 0x0010: 85f2 bb96 67e3 0050 8077 6526 01af cac3 ....g..P.we&.... 0x0020: 5010 ffff dc4b 0000 P....K.. 16:28:11.597050 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [P.], seq 1:1102, ack 1, win 65535, length 1101 0x0000: 4500 0475 c792 4000 7606 7fab 3dc2 39fa E..u..@.v...=.9. 0x0010: 85f2 bb96 67e3 0050 8077 6526 01af cac3 ....g..P.we&.... 0x0020: 5018 ffff d121 0000 504f 5354 202f 3264 P....!..POST./2d 0x0030: 6f77 696b 692f 7770 2d61 646d 696e 2f61 owiki/wp-admin/a 0x0040: 646d 696e 2d61 6a61 782e 7068 7020 4854 dmin-ajax.php.HT 0x0050: 5450 2f31 2e31 0d0a 486f 7374 3a20 7777 TP/1.1..Host:.ww 0x0060: 772e 7761 6b61 7565 2e69 6e66 6f0d 0a55 w.wakaue.info..U 0x0070: 7365 722d 4167 656e 743a 204d 6f7a 696c ser-Agent:.Mozil 0x0080: 6c61 2f35 2e30 2028 5769 6e64 6f77 7320 la/5.0.(Windows. 0x0090: 4e54 2035 2e31 3b20 7276 3a32 322e 3029 NT.5.1;.rv:22.0) 0x00a0: 2047 6563 6b6f 2f32 3031 3030 3130 3120 .Gecko/20100101. 0x00b0: 4669 7265 666f 782f 3232 2e30 0d0a 4163 Firefox/22.0..Ac 0x00c0: 6365 7074 3a20 6170 706c 6963 6174 696f cept:.applicatio 0x00d0: 6e2f 6a73 6f6e 2c20 7465 7874 2f6a 6176 n/json,.text/jav 0x00e0: 6173 6372 6970 742c 202a 2f2a 3b20 713d ascript,.*/*;.q= 0x00f0: 302e 3031 0d0a 4163 6365 7074 2d4c 616e 0.01..Accept-Lan 0x0100: 6775 6167 653a 206a 612c 656e 2d75 733b guage:.ja,en-us; 0x0110: 713d 302e 372c 656e 3b71 3d30 2e33 0d0a q=0.7,en;q=0.3.. 0x0120: 4163 6365 7074 2d45 6e63 6f64 696e 673a Accept-Encoding: 0x0130: 2067 7a69 702c 2064 6566 6c61 7465 0d0a .gzip,.deflate.. 0x0140: 436f 6e74 656e 742d 5479 7065 3a20 6170 Content-Type:.ap 0x0150: 706c 6963 6174 696f 6e2f 782d 7777 772d plication/x-www- 0x0160: 666f 726d 2d75 726c 656e 636f 6465 643b form-urlencoded; 0x0170: 2063 6861 7273 6574 3d55 5446 2d38 0d0a .charset=UTF-8.. 0x0180: 582d 5265 7175 6573 7465 642d 5769 7468 X-Requested-With 0x0190: 3a20 584d 4c48 7474 7052 6571 7565 7374 :.XMLHttpRequest 0x01a0: 0d0a 5265 6665 7265 723a 2068 7474 703a ..Referer:.http: 0x01b0: 2f2f 7777 772e 7761 6b61 7565 2e69 6e66 //www.wakaue.inf 0x01c0: 6f2f 3264 6f77 696b 692f 0d0a 436f 6e74 o/2dowiki/..Cont 0x01d0: 656e 742d 4c65 6e67 7468 3a20 3135 0d0a ent-Length:.15.. 0x01e0: 436f 6f6b 6965 3a20 7770 2d73 6574 7469 Cookie:.wp-setti 0x01f0: 6e67 732d 313d 6564 6974 6f72 2533 4468 ngs-1=editor%3Dh 0x0200: 746d 6c25 3236 6c69 6272 6172 7943 6f6e tml%26libraryCon 0x0210: 7465 6e74 2533 4462 726f 7773 6525 3236 tent%3Dbrowse%26 0x0220: 756e 666f 6c64 2533 4431 3b20 7770 2d73 unfold%3D1;.wp-s 0x0230: 6574 7469 6e67 732d 7469 6d65 2d31 3d31 ettings-time-1=1 0x0240: 3337 3633 3738 3732 393b 2077 6f72 6470 376378729;.wordp 0x0250: 7265 7373 5f74 6573 745f 636f 6f6b 6965 ress_test_cookie 0x0260: 3d57 502b 436f 6f6b 6965 2b63 6865 636b =WP+Cookie+check 0x0270: 3b20 776f 7264 7072 6573 735f 6c6f 6767 ;.wordpress_logg 0x0280: 6564 5f69 6e5f 3830 3361 6665 6338 3736 ed_in_803afec876 0x0290: 6463 3032 3263 3663 6430 6465 3465 3262 dc022c6cd0de4e2b 0x02a0: 3630 3036 3534 3d75 656b 6177 615f 6164 600654=uekawa_ad 0x02b0: 6d69 6e25 3743 3133 3736 3532 3733 3831 min%7C1376527381 0x02c0: 2537 4330 6334 3530 6434 6334 3937 3639 %7C0c450d4c49769 0x02d0: 3439 3935 6236 3663 3430 3265 3532 3333 4995b66c402e5233 0x02e0: 6535 393b 205f 5f75 746d 613d 3131 3432 e59;.__utma=1142 0x02f0: 3739 3136 392e 3236 3033 3339 3737 342e 79169.260339774. 0x0300: 3133 3735 3637 3630 3638 2e31 3337 3630 1375676068.13760 0x0310: 3135 3739 302e 3133 3736 3033 3133 3530 15790.1376031350 0x0320: 2e37 3b20 5f5f 7574 6d7a 3d31 3134 3237 .7;.__utmz=11427 0x0330: 3931 3639 2e31 3337 3536 3736 3036 382e 9169.1375676068. 0x0340: 312e 312e 7574 6d63 7372 3d28 6469 7265 1.1.utmcsr=(dire 0x0350: 6374 297c 7574 6d63 636e 3d28 6469 7265 ct)|utmccn=(dire 0x0360: 6374 297c 7574 6d63 6d64 3d28 6e6f 6e65 ct)|utmcmd=(none 0x0370: 293b 204e 696e 6a61 4163 6365 7373 5573 );.NinjaAccessUs 0x0380: 6572 3030 3138 3139 3438 3d31 3337 3630 er00181948=13760 0x0390: 3331 3335 3234 3831 2532 3031 3337 3536 31352481%2013756 0x03a0: 3736 3036 3738 3139 2532 3031 3337 3630 76067819%2013760 0x03b0: 3331 3335 3234 3831 2532 3031 3225 3230 31352481%2012%20 0x03c0: 373b 205f 6761 3d47 4131 2e32 7;._ga=GA1.2 16:28:11.597143 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [.], ack 1102, win 16515, length 0 0x0000: 4500 0028 1644 4000 4006 6b47 85f2 bb96 E..(.D@.@.kG.... 0x0010: 3dc2 39fa 0050 67e3 01af cac3 8077 6973 =.9..Pg......wis 0x0020: 5010 4083 977b 0000 P.@..{.. 16:28:11.597663 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [P.], seq 1:578, ack 1102, win 16515, length 577 0x0000: 4500 0269 1645 4000 4006 6905 85f2 bb96 E..i.E@.@.i..... 0x0010: 3dc2 39fa 0050 67e3 01af cac3 8077 6973 =.9..Pg......wis 0x0020: 5018 4083 bba0 0000 4854 5450 2f31 2e31 P.@.....HTTP/1.1 0x0030: 2034 3034 204e 6f74 2046 6f75 6e64 0d0a .404.Not.Found.. 0x0040: 4461 7465 3a20 5475 652c 2031 3320 4175 Date:.Tue,.13.Au 0x0050: 6720 3230 3133 2030 373a 3238 3a31 3120 g.2013.07:28:11. 0x0060: 474d 540d 0a53 6572 7665 723a 2041 7061 GMT..Server:.Apa 0x0070: 6368 650d 0a43 6f6e 7465 6e74 2d4c 656e che..Content-Len 0x0080: 6774 683a 2034 3133 0d0a 436f 6e6e 6563 gth:.413..Connec 0x0090: 7469 6f6e 3a20 636c 6f73 650d 0a43 6f6e tion:.close..Con 0x00a0: 7465 6e74 2d54 7970 653a 2074 6578 742f tent-Type:.text/ 0x00b0: 6874 6d6c 3b20 6368 6172 7365 743d 6973 html;.charset=is 0x00c0: 6f2d 3838 3539 2d31 0d0a 0d0a 3c21 444f o-8859-1....<!DO 0x00d0: 4354 5950 4520 4854 4d4c 2050 5542 4c49 CTYPE.HTML.PUBLI 0x00e0: 4320 222d 2f2f 4945 5446 2f2f 4454 4420 C."-//IETF//DTD. 0x00f0: 4854 4d4c 2032 2e30 2f2f 454e 223e 0a3c HTML.2.0//EN">.< 0x0100: 6874 6d6c 3e3c 6865 6164 3e0a 3c74 6974 html><head>.<tit 0x0110: 6c65 3e34 3034 204e 6f74 2046 6f75 6e64 le>404.Not.Found 0x0120: 3c2f 7469 746c 653e 0a3c 2f68 6561 643e </title>.</head> 0x0130: 3c62 6f64 793e 0a3c 6831 3e4e 6f74 2046 <body>.<h1>Not.F 0x0140: 6f75 6e64 3c2f 6831 3e0a 3c70 3e54 6865 ound</h1>.<p>The 0x0150: 2072 6571 7565 7374 6564 2055 524c 202f .requested.URL./ 0x0160: 3264 6f77 696b 692f 7770 2d61 646d 696e 2dowiki/wp-admin 0x0170: 2f61 646d 696e 2d61 6a61 782e 7068 7020 /admin-ajax.php. 0x0180: 7761 7320 6e6f 7420 666f 756e 6420 6f6e was.not.found.on 0x0190: 2074 6869 7320 7365 7276 6572 2e3c 2f70 .this.server.</p 0x01a0: 3e0a 3c70 3e41 6464 6974 696f 6e61 6c6c >.<p>Additionall 0x01b0: 792c 2061 2034 3034 204e 6f74 2046 6f75 y,.a.404.Not.Fou 0x01c0: 6e64 0a65 7272 6f72 2077 6173 2065 6e63 nd.error.was.enc 0x01d0: 6f75 6e74 6572 6564 2077 6869 6c65 2074 ountered.while.t 0x01e0: 7279 696e 6720 746f 2075 7365 2061 6e20 rying.to.use.an. 0x01f0: 4572 726f 7244 6f63 756d 656e 7420 746f ErrorDocument.to 0x0200: 2068 616e 646c 6520 7468 6520 7265 7175 .handle.the.requ 0x0210: 6573 742e 3c2f 703e 0a3c 6872 3e0a 3c61 est.</p>.<hr>.<a 0x0220: 6464 7265 7373 3e41 7061 6368 6520 5365 ddress>Apache.Se 0x0230: 7276 6572 2061 7420 7777 772e 7761 6b61 rver.at.www.waka 0x0240: 7565 2e69 6e66 6f20 506f 7274 2038 303c ue.info.Port.80< 0x0250: 2f61 6464 7265 7373 3e0a 3c2f 626f 6479 /address>.</body 0x0260: 3e3c 2f68 746d 6c3e 0a ></html>. 16:28:11.597719 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [F.], seq 578, ack 1102, win 16515, length 0 0x0000: 4500 0028 1646 4000 4006 6b45 85f2 bb96 E..(.F@.@.kE.... 0x0010: 3dc2 39fa 0050 67e3 01af cd04 8077 6973 =.9..Pg......wis 0x0020: 5011 4083 9539 0000 P.@..9.. 16:28:11.619786 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [.], ack 579, win 64958, length 0 0x0000: 4500 0028 c795 4000 7606 83f5 3dc2 39fa E..(..@.v...=.9. 0x0010: 85f2 bb96 67e3 0050 8077 6973 01af cd05 ....g..P.wis.... 0x0020: 5010 fdbe d7fd 0000 P....... 16:28:11.619811 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [F.], seq 1102, ack 579, win 64958, length 0 0x0000: 4500 0028 c798 4000 7606 83f2 3dc2 39fa E..(..@.v...=.9. 0x0010: 85f2 bb96 67e3 0050 8077 6973 01af cd05 ....g..P.wis.... 0x0020: 5011 fdbe d7fc 0000 P....... 16:28:11.619827 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [.], ack 1103, win 16515, length 0 0x0000: 4500 0028 1647 4000 4006 6b44 85f2 bb96 E..(.G@.@.kD.... 0x0010: 3dc2 39fa 0050 67e3 01af cd05 8077 6974 =.9..Pg......wit 0x0020: 5010 4083 9538 0000 P.@..8.. ^C 10 packets captured 10 packets received by filter 0 packets dropped by kernel
リクエストヘッダの平文が見れる。
オプション
-i 監視するLANインタフェースを指定する。 -X 16進で表示する際に、ASCII文字も表示する。 port tcpdumpを取得するポートを指定する -n IPアドレスやポート番号などを名前に変換せずに表示する。 -s 取得するパケットのデータ長を指定する。