tcpdump是linux下的一个抓包工具,作用主要有
1.过滤物理口
2.过滤某个port/ip/mac
3.过滤协议
4.显示ip/mac/port不解析等
过滤某个物理口(网卡)
# 抓取eth0网卡的数据包
tcpdump -i eth0
过滤ip
# 抓取所有经过eth0,目的或源地址是192.168.1.12的数据包
tcpdump -i eth0 host 192.168.0.1
# 抓取所有经过eth0,源地址是192.168.1.12的数据包
tcpdump -i eth0 src host 192.168.0.1
# 抓取所有经过eth0,目的地址是192.168.1.12的数据包
tcpdump -i eth0 dst host 192.168.0.1
# 过滤网段
tcpdump -i eth0 net 192.168
tcpdump -i eth0 src net 192.168
tcpdump -i eth0 dst net 192.168
过滤port
# 抓取所有经过eth0,目的端口是25的数据包
tcpdump -i eth0 port 25
# 过滤端口范围
tcpdump portrange 22-125
# 源端口
tcpdump -i eth0 src port 25
# 目的端口
tcpdump -i eth0 dst port 25
# 过滤8000端口的ip为192.168.1.2的数据包(可以使用逻辑表达式)
tcpdump port 8000 and src host 192.168.1.2
过滤协议
# 过滤ssh协议
tcpdump -i eth0 ssh
常用表达式
非: !/not
且: &&/and
或: ||/or
# 过滤非22端口
tcpdump -i eth0 ! port 22
实操
查看参数
tcpdump -h
tcpdump version 4.5.1
libpcap version 1.5.3
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -j tstamptype ] [ -M secret ]
[ -P in|out|inout ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -z command ]
[ -Z user ] [ expression ]
抓包
tcpdump -i eth0 -s 0 -w a.cap
其中:-s 0 表示包有多大,抓取的数据就有多大;-w a.cap表示存取到a.cap中
另开一个窗口ping 8.8.8.8几秒后停止抓包,查看tcpdump的窗口
➜ /tmp tcpdump -i eth0 -s 0 -w a.cap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C2286 packets captured
2287 packets received by filter
0 packets dropped by kernel
查看包内容
tcpdump -r a.cap
22:43:23.135308 IP api0 > 169.254.128.5: ICMP echo reply, id 43468, seq 46081, length 8
22:43:23.176861 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 1:21, ack 22, win 229, options [nop,nop,TS val 139484218 ecr 2378495695], length 20
22:43:23.176926 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 21, win 227, options [nop,nop,TS val 2378496014 ecr 139484218], length 0
22:43:23.178535 IP api0.ssh > 1.179.182.186.51375: Flags [P.], seq 22:1302, ack 21, win 227, options [nop,nop,TS val 2378496016 ecr 139484218], length 1280
22:43:23.495132 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 21:173, ack 1302, win 251, options [nop,nop,TS val 139484297 ecr 2378496016], length 152
22:43:23.534485 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 173, win 235, options [nop,nop,TS val 2378496372 ecr 139484297], length 0
22:43:23.847482 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 173:317, ack 1302, win 251, options [nop,nop,TS val 139484385 ecr 2378496372], length 144
22:43:23.847524 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 317, win 243, options [nop,nop,TS val 2378496685 ecr 139484385], length 0
22:43:23.848928 IP api0.ssh > 1.179.182.186.51375: Flags [P.], seq 1302:2022, ack 317, win 243, options [nop,nop,TS val 2378496686 ecr 139484385], length 720
22:43:23.923096 IP 169.254.128.4 > api0: ICMP echo request, id 22900, seq 25224, length 8
22:43:23.923159 IP api0 > 169.254.128.4: ICMP echo reply, id 22900, seq 25224, length 8
22:43:24.174467 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 317:333, ack 2022, win 271, options [nop,nop,TS val 139484465 ecr 2378496686], length 16
22:43:24.214284 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 333, win 243, options [nop,nop,TS val 2378497052 ecr 139484465], length 0
22:43:24.528689 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 333:385, ack 2022, win 271, options [nop,nop,TS val 139484554 ecr 2378497052], length 52
22:43:24.528727 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 385, win 243, options [nop,nop,TS val 2378497366 ecr 139484554], length 0
22:43:24.528840 IP api0.ssh > 1.179.182.186.51375: Flags [P.], seq 2022:2074, ack 385, win 243, options [nop,nop,TS val 2378497366 ecr 139484554], length 52
22:43:24.836138 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 385:469, ack 2074, win 271, options [nop,nop,TS val 139484632 ecr 2378497366], length 84
22:43:24.875235 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 469, win 243, options [nop,nop,TS val 2378497713 ecr 139484632], length 0
22:43:26.037618 IP api0.57550 > 169.254.0.4.http: Flags [S], seq 2025128073, win 29200, options [mss 1460,sackOK,TS val 2378498875 ecr 0,nop,wscale 7], length 0
22:43:26.039078 IP 169.254.0.4.http > api0.57550: Flags [S.], seq 2435664468, ack 2025128074, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 1], length 0
22:43:26.039107 IP api0.57550 > 169.254.0.4.http: Flags [.], ack 1, win 229, length 0
22:43:26.039158 IP api0.57550 > 169.254.0.4.http: Flags [P.], seq 1:182, ack 1, win 229, length 181
22:43:26.040456 IP 169.254.0.4.http > api0.57550: Flags [.], ack 182, win 7836, length 0
22:43:26.040468 IP api0.57550 > 169.254.0.4.http: Flags [P.], seq 182:558, ack 1, win 229, length 376
22:43:26.041756 IP 169.254.0.4.http > api0.57550: Flags [.], ack 558, win 8372, length 0
22:43:26.041853 IP 169.254.0.4.http > api0.57550: Flags [P.], seq 1:129, ack 558, win 8372, length 128
22:43:26.041860 IP api0.57550 > 169.254.0.4.http: Flags [.], ack 129, win 237, length 0
22:43:26.041871 IP 169.254.0.4.http > api0.57550: Flags [F.], seq 129, ack 558, win 8372, length 0
22:43:26.042130 IP api0.57550 > 169.254.0.4.http: Flags [F.], seq 558, ack 130, win 237, length 0
22:43:26.043461 IP 169.254.0.4.http > api0.57550: Flags [.], ack 559, win 8372, length 0
22:43:26.152907 IP 169.254.128.5 > api0: ICMP echo request, id 43486, seq 46099, length 8
22:43:26.152944 IP api0 > 169.254.128.5: ICMP echo reply, id 43486, seq 46099, length 8
22:43:26.894580 IP api0.ssh > 1.179.182.186.51375: Flags [P.], seq 2074:2158, ack 469, win 243, options [nop,nop,TS val 2378499732 ecr 139484632], length 84
22:43:26.941364 IP 169.254.128.4 > api0: ICMP echo request, id 22923, seq 25247, length 8
22:43:26.941411 IP api0 > 169.254.128.4: ICMP echo reply, id 22923, seq 25247, length 8
22:43:27.209987 IP 1.179.182.186.51375 > api0.ssh: Flags [P.], seq 469:521, ack 2158, win 271, options [nop,nop,TS val 139485225 ecr 2378499732], length 52
22:43:27.210043 IP api0.ssh > 1.179.182.186.51375: Flags [.], ack 521, win 243, options [nop,nop,TS val 2378500047 ecr 139485225], length 0
22:43:27.210067 IP 1.179.182.186.51375 > api0.ssh: Flags [F.], seq 521, ack 2158, win 271, options [nop,nop,TS val 139485225 ecr 2378499732], length 0
22:43:27.211484 IP 1.179.182.186.51501 > api0.ssh: Flags [S], seq 1638027811, win 29200, options [mss 1424,sackOK,TS val 139485226 ecr 0,nop,wscale 7], length 0
22:43:27.211515 IP api0.ssh > 1.179.182.186.51501: Flags [S.], seq 1860491578, ack 1638027812, win 28960, options [mss 1460,sackOK,TS val 2378500049 ecr 139485226,nop,wscale 7], length 0
22:43:27.213376 IP api0.ssh > 1.179.182.186.51375: Flags [F.], seq 2158, ack 522, win 243, options [nop,nop,TS val 2378500051 ecr 139485225], length 0
22:43:27.528020 IP 1.179.182.186.51501 > api0.ssh: Flags [.], ack 1, win 229, options [nop,nop,TS val 139485305 ecr 2378500049], length 0
22:43:27.536453 IP api0.ssh > 1.179.182.186.51501: Flags [P.], seq 1:22, ack 1, win 227, options [nop,nop,TS val 2378500374 ecr 139485305], length 21
22:43:27.888267 IP api0.ssh > 1.179.182.186.51375: Flags [F.], seq 2158, ack 522, win 243, options [nop,nop,TS val 2378500726 ecr 139485225], length 0
22:43:28.193196 IP 1.179.182.186.51375 > api0.ssh: Flags [.], ack 2159, win 271, options [nop,nop,TS val 139485472 ecr 2378500051], length 0
22:43:28.212243 IP api0.ssh > 1.179.182.186.51501: Flags [P.], seq 1:22, ack 1, win 227, options [nop,nop,TS val 2378501050 ecr 139485305], length 21
22:43:28.416268 IP api0.53826 > 169.254.0.55.lsi-bobcat: Flags [P.], seq 2588:2752, ack 1827, win 49376, length 164
22:43:28.418257 IP 169.254.0.55.lsi-bobcat > api0.53826: Flags [P.], seq 1827:1993, ack 2752, win 20186, length 166
22:43:28.418306 IP api0.53826 > 169.254.0.55.lsi-bobcat: Flags [.], ack 1993, win 49376, length 0
22:43:28.517198 IP 1.179.182.186.51501 > api0.ssh: Flags [P.], seq 1:21, ack 22, win 229, options [nop,nop,TS val 139485553 ecr 2378500374], length 20
显示全部信息
-r 只是显示摘要信息,如果想要看详细信息可以使用
tcpdump -A -r a.cap
22:44:08.933864 IP 169.254.0.4.http > api0.57588: Flags [S.], seq 2192916898, ack 617913455, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 1], length 0
E..4..@.:............P....A.$..o..9.y...............
22:44:08.933889 IP api0.57588 > 169.254.0.4.http: Flags [.], ack 1, win 229, length 0
E..(6.@.@..............P$..o..A.P...V/..
22:44:08.933942 IP api0.57588 > 169.254.0.4.http: Flags [P.], seq 1:185, ack 1, win 229, length 184
E...6.@.@..]...........P$..o..A.P...V...POST /heart_report.cgi HTTP/1.1
Accept-Encoding: identity
Content-Length: 196
Host: 169.254.0.4
Content-Type: application/json
Connection: close
User-Agent: Python-urllib/2.6
22:44:08.934765 IP 169.254.0.4.http > api0.57588: Flags [.], ack 185, win 7836, length 0
E..(.1@.:.)..........P....A.$..'P.......
22:44:08.934777 IP api0.57588 > 169.254.0.4.http: Flags [P.], seq 185:381, ack 1, win 229, length 196
E...6.@.@..P...........P$..'..A.P...V...[{"timestamp": 1580654648, "namespace": "qce/heartbeat", "dimension": {"vmip": "172.16.0.2", "vm_uuid": "547ca70e-7e4c-4490-a8e7-01fcb1160b7f"}, "batch": [{"name": "barad_agent_hb", "value": 1}]}]
22:44:08.935550 IP 169.254.0.4.http > api0.57588: Flags [.], ack 381, win 8372, length 0
E..(.2@.:.)..........P....A.$...P. .....
22:44:08.935649 IP 169.254.0.4.http > api0.57588: Flags [P.], seq 1:129, ack 381, win 8372, length 128
E....3@.:.)P.........P....A.$...P. .s...HTTP/1.1 200 OK
Connection: close
Content-Length: 70
{"returnValue":0,"returnCode":0,"msg":"OK","seq":12335952500857952241}
22:44:08.935654 IP api0.57588 > 169.254.0.4.http: Flags [.], ack 129, win 237, length 0
E..(6.@.@..............P$.....B#P...V/..
22:44:08.935660 IP 169.254.0.4.http > api0.57588: Flags [F.], seq 129, ack 381, win 8372, length 0
E..(.4@.:.)..........P....B#$...P. ..-..
22:44:08.935896 IP api0.57588 > 169.254.0.4.http: Flags [F.], seq 381, ack 130, win 237, length 0
E..(6.@.@..............P$.....B$P...V/..
22:44:08.936970 IP 169.254.0.4.http > api0.57588: Flags [.], ack 382, win 8372, length 0
E..(.5@.:.)..........P....B$$...P. ..,..
22:44:09.014927 IP 1.179.182.186.52144 > api0.ssh: Flags [P.], seq 21:173, ack 1302, win 251, options [nop,nop,TS val 139495677 ecr 2378541555], length 152
E.....@.*..............."eW$].............
.P..............7.Vh.
.?.....n....diffie-hellman-group1-sha1....ssh-rsa...
aes128-cbc...
aes128-cbc... hmac-sha1... hmac-sha1....none....none...................
22:44:09.042629 IP api0.58601 > 169.254.0.2.ntp: NTPv4, Client, length 48
E..L..@.@..............{.8V..........................................^.
.5^
22:44:09.042937 IP 169.254.0.2.ntp > api0.58601: NTPv4, Server, length 48
E..L..@.;............{...8..$.....PR..........[h.Q.}..^.
.XD..^.
22:44:09.054292 IP api0.ssh > 1.179.182.186.52144: Flags [.], ack 173, win 235, options [nop,nop,TS val 2378541892 ecr 139495677], length 0
E..4S.@.@...............]..."eW.....d......
...D.P..
22:44:09.217708 IP 169.254.128.4 > api0: ICMP echo request, id 23245, seq 10033, length 8
E.........E...........v.Z.'1
22:44:09.217746 IP api0 > 169.254.128.4: ICMP echo reply, id 23245, seq 10033, length 8
E...N3..@.V...........~.Z.'1
22:44:09.324762 IP api0 > dns.google: ICMP echo request, id 5131, seq 3, length 64
E..T..@.@.............-.....9.6^............................ !"#$%&'()*+,-./01234567
22:44:09.340866 IP dns.google > api0: ICMP echo reply, id 5131, seq 3, length 64
E..T....1.............5.....9.6^............................ !"#$%&'()*+,-./01234567
22:44:09.341055 IP api0.ssh > 117.136.74.216.11923: Flags [P.], seq 6086:6202, ack 3699, win 271, length 116
.~.....s.|.W..t....+..$.r}..D..sP...m......P..o....2|a..}./`......q...{..A.AQ..GsU.....|].a..A....P=. ...........{....HN.O.a
22:44:09.346696 IP 1.179.182.186.52144 > api0.ssh: Flags [P.], seq 173:317, ack 1302, win 251, options [nop,nop,TS val 139495760 ecr 2378541892], length 144
E.....@.*..!............"eW.]..............
.P.P...D..........l..(....
.g..io4!.lb.._.79ka.E%.k....r..q.ME..B.-...0..............h...S../
22:44:09.346736 IP api0.ssh > 1.179.182.186.52144: Flags [.], ack 317, win 243, options [nop,nop,TS val 2378542184 ecr 139495760], length 0
E..4S.@.@...............]..."eXL....d......
...h.P.P
22:44:09.347996 IP api0.ssh > 1.179.182.186.52144: Flags [P.], seq 1302:2022, ack 317, win 243, options [nop,nop,TS val 2378542185 ecr 139495760], length 720
E...S.@.@...............]..."eXL....gv.....
}..{J........t?,..Ff[..kZq............:...w......>................~..E.ozV....J.`.....3~e]....P.T.{..x..s.......?kc.......y...H.u.tri.0..+..5..J.3b`.).._...&....d&I.Q.0..."e.s..u-W*.>...I..04....U..1..Q!.uJ.i.A.4...{..(..z..p.].~k...A..vS..Z#..1i...........8..]...(..X....[..l.R....K...m.9..b,......qv..N..Uv..3X.l09..ef4......"...<.......u....DW.T`.+..wG.
...........
22:44:09.366358 IP 117.136.74.216.11923 > api0.ssh: Flags [.], ack 6202, win 2034, length 0
Eh.(..@.~...u.J.........p}.s...rP...b...
22:44:09.636942 IP 117.136.74.216.11923 > api0.ssh: Flags [.], ack 6202, win 2040, length 0
Eh.(,%@.~.c.u.J.........p}.s...rP...b...
22:44:10.000216 IP api0.ssh > 1.179.182.186.52144: Flags [P.], seq 1302:2022, ack 317, win 243, options [nop,nop,TS val 2378542838 ecr 139495760], length 720
E...S.@.@...............]..."eXL....gv.....
}..{J........t?,..Ff[..kZq............:...w......>................~..E.ozV....J.`.....3~e]....P.T.{..x..s.......?kc.......y...H.u.tri.0..+..5..J.3b`.).._...&....d&I.Q.0..."e.s..u-W*.>...I..04....U..1..Q!.uJ.i.A.4...{..(..z..p.].~k...A..vS..Z#..1i...........8..]...(..X....[..l.R....K...m.9..b,......qv..N..Uv..3X.l09..ef4......"...<.......u....DW.T`.+..wG.
...........
22:44:10.038619 IP api0.57590 > 169.254.0.4.http: Flags [S], seq 2040860092, win 29200, options [mss 1460,sackOK,TS val 2378542876 ecr 0,nop,wscale 7], length 0
.......r.VC............Py.
............
22:44:10.040012 IP 169.254.0.4.http > api0.57590: Flags [S.], seq 1778671327, ack 2040860093, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 1], length 0
...9.................P..j.^.y.
22:44:10.040040 IP api0.57590 > 169.254.0.4.http: Flags [.], ack 1, win 229, length 0
.j.^.P...V/............Py.
22:44:10.040090 IP api0.57590 > 169.254.0.4.http: Flags [P.], seq 1:182, ack 1, win 229, length 181
.j.^.P...V...POST /ca_report.cgi HTTP/1.1
Accept-Encoding: identity
Content-Length: 268
Host: 169.254.0.4
Content-Type: application/json
Connection: close
User-Agent: Python-urllib/2.6
也可以使用十六进制显示
tcpdump -X -r a.cap
22:44:21.633293 IP api0.ssh > 1.179.182.186.52412: Flags [.], ack 173, win 235, options [nop,nop,TS val 2378554471 ecr 139498822], length 0
0x0000: 4500 0034 84b3 4000 4006 5191 ac10 0002 E..4..@.@.Q.....
0x0010: 01b3 b6ba 0016 ccbc 30d7 6294 6932 93aa ........0.b.i2..
0x0020: 8010 00eb 64a6 0000 0101 080a 8dc5 dc67 ....d..........g
0x0030: 0850 9546 .P.F
22:44:21.934624 IP api0.57604 > 169.254.0.4.http: Flags [S], seq 2381561220, win 29200, options [mss 1460,sackOK,TS val 2378554772 ecr 0,nop,wscale 7], length 0
0x0000: 4500 003c 6010 4000 4006 8497 ac10 0002 E..<`.@.@.......
0x0010: a9fe 0004 e104 0050 8df3 bd84 0000 0000 .......P........
0x0020: a002 7210 5643 0000 0204 05b4 0402 080a ..r.VC..........
0x0030: 8dc5 dd94 0000 0000 0103 0307 ............
22:44:21.935377 IP 169.254.0.4.http > api0.57604: Flags [S.], seq 1775983592, ack 2381561221, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 1], length 0
0x0000: 45b8 0034 0000 4000 3a06 e9f7 a9fe 0004 E..4..@.:.......
0x0010: ac10 0002 0050 e104 69db 5be8 8df3 bd85 .....P..i.[.....
0x0020: 8012 3908 ed7c 0000 0204 0590 0101 0402 ..9..|..........
0x0030: 0103 0301 ....
22:44:21.935405 IP api0.57604 > 169.254.0.4.http: Flags [.], ack 1, win 229, length 0
0x0000: 4500 0028 6011 4000 4006 84aa ac10 0002 E..(`.@.@.......
0x0010: a9fe 0004 e104 0050 8df3 bd85 69db 5be9 .......P....i.[.
0x0020: 5010 00e5 562f 0000 P...V/..
22:44:21.935458 IP api0.57604 > 169.254.0.4.http: Flags [P.], seq 1:182, ack 1, win 229, length 181
0x0000: 4500 00dd 6012 4000 4006 83f4 ac10 0002 E...`.@.@.......
0x0010: a9fe 0004 e104 0050 8df3 bd85 69db 5be9 .......P....i.[.
0x0020: 5018 00e5 56e4 0000 504f 5354 202f 6361 P...V...POST./ca
0x0030: 5f72 6570 6f72 742e 6367 6920 4854 5450 _report.cgi.HTTP
0x0040: 2f31 2e31 0d0a 4163 6365 7074 2d45 6e63 /1.1..Accept-Enc
0x0050: 6f64 696e 673a 2069 6465 6e74 6974 790d oding:.identity.
0x0060: 0a43 6f6e 7465 6e74 2d4c 656e 6774 683a .Content-Length:
0x0070: 2033 3335 0d0a 486f 7374 3a20 3136 392e .335..Host:.169.
0x0080: 3235 342e 302e 340d 0a43 6f6e 7465 6e74 254.0.4..Content
0x0090: 2d54 7970 653a 2061 7070 6c69 6361 7469 -Type:.applicati
0x00a0: 6f6e 2f6a 736f 6e0d 0a43 6f6e 6e65 6374 on/json..Connect
0x00b0: 696f 6e3a 2063 6c6f 7365 0d0a 5573 6572 ion:.close..User
0x00c0: 2d41 6765 6e74 3a20 5079 7468 6f6e 2d75 -Agent:.Python-u
0x00d0: 726c 6c69 622f 322e 360d 0a0d 0a rllib/2.6....
22:44:21.936159 IP 169.254.0.4.http > api0.57604: Flags [.], ack 182, win 7836, length 0
0x0000: 45b8 0028 a301 4000 3a06 4702 a9fe 0004 E..(..@.:.G.....
0x0010: ac10 0002 0050 e104 69db 5be9 8df3 be3a .....P..i.[....:
0x0020: 5010 1e9c 47dc 0000 P...G...
22:44:21.936170 IP api0.57604 > 169.254.0.4.http: Flags [P.], seq 182:517, ack 1, win 229, length 335
0x0000: 4500 0177 6013 4000 4006 8359 ac10 0002 E..w`.@.@..Y....
0x0010: a9fe 0004 e104 0050 8df3 be3a 69db 5be9 .......P...:i.[.
0x0020: 5018 00e5 577e 0000 5b7b 2274 696d 6573 P...W~..[{"times
0x0030: 7461 6d70 223a 2031 3538 3036 3534 3636 tamp":.158065466
0x0040: 312c 2022 6e61 6d65 7370 6163 6522 3a20 1,."namespace":.
0x0050: 2271 6365 2f63 766d 222c 2022 6469 6d65 "qce/cvm",."dime
0x0060: 6e73 696f 6e22 3a20 7b22 766d 6970 223a nsion":.{"vmip":
0x0070: 2022 3137 322e 3136 2e30 2e32 222c 2022 ."172.16.0.2",."
0x0080: 766d 5f75 7569 6422 3a20 2235 3437 6361 vm_uuid":."547ca
0x0090: 3730 652d 3765 3463 2d34 3439 302d 6138 70e-7e4c-4490-a8
0x00a0: 6537 2d30 3166 6362 3131 3630 6237 6622 e7-01fcb1160b7f"
0x00b0: 7d2c 2022 6261 7463 6822 3a20 5b7b 226e },."batch":.[{"n
0x00c0: 616d 6522 3a20 2263 7075 5f75 7361 6765 ame":."cpu_usage
0x00d0: 222c 2022 7661 6c75 6522 3a20 312e 3630 ",."value":.1.60
0x00e0: 3030 3030 3030 3030 3030 3030 3031 7d2c 00000000000001},
0x00f0: 207b 226e 616d 6522 3a20 2263 7075 5f6c .{"name":."cpu_l
0x0100: 6f61 645f 3122 2c20 2276 616c 7565 223a oad_1",."value":
0x0110: 2030 2e30 7d2c 207b 226e 616d 6522 3a20 .0.0},.{"name":.
0x0120: 2263 7075 5f6c 6f61 645f 3522 2c20 2276 "cpu_load_5",."v
0x0130: 616c 7565 223a 2030 2e30 317d 2c20 7b22 alue":.0.01},.{"
0x0140: 6e61 6d65 223a 2022 6370 755f 6c6f 6164 name":."cpu_load
0x0150: 5f31 3522 2c20 2276 616c 7565 223a 2030 _15",."value":.0
0x0160: 2e30 3530 3030 3030 3030 3030 3030 3030 .050000000000000
0x0170: 3030 337d 5d7d 5d 003}]}]