CentOS sniffer报告如何生成查看

Generating and Viewing Sniffer Reports in CentOS

To generate and view network traffic reports in CentOS, you can use command-line tools (like tcpdump and tshark) for automation/scripting or graphical tools (like Wireshark) for interactive analysis. Below is a structured guide covering both approaches:

1. Prerequisites: Install Required Tools

Before generating reports, install the necessary sniffer tools using yum (CentOS 7) or dnf (CentOS 8/Stream):

# Install tcpdump (command-line packet capture)
sudo yum install tcpdump -y  

# Install Wireshark (GUI for packet analysis)
sudo yum install wireshark -y  

# Install tshark (command-line tool for Wireshark)
sudo yum install tshark -y  

These tools allow you to capture, save, and analyze network traffic.

2. Capture Network Traffic for Reporting

Use tcpdump or tshark to capture traffic and save it to a file (commonly in .pcap format, compatible with most analysis tools). Replace eth0 with your target network interface (check available interfaces with tcpdump -D).

With tcpdump

# Capture all traffic on eth0 and save to 'capture.pcap'
sudo tcpdump -i eth0 -w capture.pcap  

# Capture only HTTP traffic (port 80) on eth0
sudo tcpdump -i eth0 port 80 -w http_capture.pcap  

# Limit capture to 100 packets (useful for testing)
sudo tcpdump -i eth0 -c 100 -w limited_capture.pcap  

The -w flag writes packets to a file, while options like -c (packet count) or filters (e.g., port 80) help narrow the scope.

With tshark

# Capture all traffic on eth0 and save to 'tshark_capture.pcap'
sudo tshark -i eth0 -w tshark_capture.pcap  

tshark behaves similarly to tcpdump but offers more advanced filtering and field extraction.

3. View Captured Reports

Once traffic is captured, you can view the .pcap file using the same tools or convert it to other formats (e.g., CSV) for further analysis.

View with tcpdump

# Read and display the entire 'capture.pcap' file
sudo tcpdump -r capture.pcap  

# Display in numeric format (no hostname resolution) for faster output
sudo tcpdump -r capture.pcap -nn  

# Filter for SSH traffic (port 22) in the saved file
sudo tcpdump -r capture.pcap port 22  

This is useful for quick command-line reviews of packet contents.

View with Wireshark (GUI)

# Open 'capture.pcap' in Wireshark (graphical interface)
wireshark capture.pcap  

Wireshark provides a detailed, interactive view of packets, including:

• Packet headers (source/destination IP, ports, protocols).
• Payload inspection (for supported protocols like HTTP).
• Color-coded traffic (e.g., red for TCP errors).
  You can also use filters (e.g., http.request for HTTP requests) to narrow down traffic.

View with tshark (Command-Line)

# Display all packets in 'capture.pcap' with basic details
sudo tshark -r capture.pcap  

# Extract specific fields (frame number, source/dest IP, ports) to a CSV file
sudo tshark -r capture.pcap -T fields -e frame.number -e ip.src -e ip.dst -e tcp.port -E separator=, -E quote=d -E header=y >
     report.csv  

The -T fields option lets you specify which packet attributes to include, making it ideal for automated reporting.

4. Advanced: Generate Summarized Reports

For structured summaries (e.g., traffic statistics, top talkers), use tshark or external tools like ELK Stack (Elasticsearch, Logstash, Kibana).

Summarize Traffic with tshark

# Count packets by protocol (e.g., TCP, UDP, ICMP)
sudo tshark -r capture.pcap -qz io.phy.proto  

# Get top 10 source IPs by packet count
sudo tshark -r capture.pcap -qz io.phy.src_ip  

These commands provide concise insights into traffic patterns without opening the full GUI.

Key Notes

• Permissions: Most sniffer tools require root access (use sudo) to capture network traffic.
• Security: Avoid capturing sensitive data (e.g., passwords) unless necessary. Use filters to limit capture scope.
• Log Rotation: For long-term monitoring, configure logrotate to manage .pcap file sizes and retention.

By following these steps, you can effectively generate, capture, and analyze network traffic reports in CentOS using both command-line and graphical tools.

声明：本文内容由网友自发贡献，本站不承担相应法律责任。对本内容有异议或投诉，请联系2913721942#qq.com核实处理，我们将尽快回复您，谢谢合作！