Tcpdump:最经典的网络监控和数据捕获嗅探器
在Ethereal(Wireshark)呈现之前大家都用Tcpdump,而且很多人如今还在一向使用。它也许没有Wireshark那么多花里胡哨的工具(比方标致的图形界面,亦或数以百计的使用协议逻辑分析),但它能出色的终结很多命令,并且漏洞十分少,耗费系统资源也十分少。它很少添加新特性了,但常常修正一些bug和维持较小的体积。它能很好的跟踪网络问题来历,并能监控网络流动。其Windows下的版本叫做WinDump。Libpcap/WinPcap的包捕获库即是基于TCPDump,它也用在Nmap等其它工具中。记得曾经TsutomuShimomura(应当叫下村侵吧)即是使用他自己修改正的TCPDUMP版本来记录了KEVINMITNICK攻击他系统的记录,后来就配合FBI抓住了KEVINMITNICK。(Before Ethereal (Wireshark) everyone used Tcpdump, and many people still use it today. It may not have as many bells and whistles as Wireshark (such as the Peugeot GUI, or the hundreds of use protocol logic analysis), but it can terminate many commands well, and has very few loopholes and consumes very little system resources. It rarely adds new features, but often fixes some bugs and maintains a small size. It can track the origin of network problems very well, and can monitor network flow. The Windows version is called WinDump. The packet capture library of Libpcap/WinPcap is based on TCPDump, which is also used in other tools such as Nmap. I remember that Tsutomu Shimomura (should be called Shimura Invasion) used his own modified version of TCPDUMP to record KEVINMITNICK's attack on his system, and later cooperated with the FBI to capture KEVINMITNICK.)
页:
[1]