通过tcpdump查看tcp协议详情

ns7381
161 阅读2分钟

tcp

tcpdump 80端口,执行curl www.baiducom查看数据传输过程

第一个会话窗口

[root@hadoop3 client]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.17.0.1      0.0.0.0         UG    0      0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
[root@hadoop3 client]# arp -an
? (172.17.0.1) at 02:42:34:d8:1b:a2 [ether] on eth0
? (172.17.0.2) at 02:42:ac:11:00:02 [ether] on eth0
# 为了查看arp请求的包
[root@hadoop3 client]# arp -d 172.17.0.1 & curl www.baidu.com

第二个会话窗口

[root@hadoop3 fd]# tcpdump -nn -i eth0 port 80  
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
# arp请求路由表的默认网关ip的mac地址
00:05:59.307023 ARP, Request who-has 172.17.0.1 tell 172.17.0.3, lenth 20
00:05:59.307029 ARP, Reply 172.17.0.1 is at 02:42:34:d8:1b:a2, lenth 46
# 三次握手
00:05:59.307046 IP 172.17.0.3.36974 > 61.135.185.32.80: Flags [S], seq 2178843908, win 29200, options [mss 1460,sackOK,TS val 2119316142 ecr 0,nop,wscale 7], length 0
00:05:59.313330 IP 61.135.185.32.80 > 172.17.0.3.36974: Flags [S.], seq 452870419, ack 2178843909, win 65535, options [mss 1460,wscale 2,eol], length 0
00:05:59.313388 IP 172.17.0.3.36974 > 61.135.185.32.80: Flags [.], ack 1, win 229, length 0
# 数据传输
00:05:59.313575 IP 172.17.0.3.36974 > 61.135.185.32.80: Flags [P.], seq 1:78, ack 1, win 229, length 77: HTTP: GET / HTTP/1.1
00:05:59.313877 IP 61.135.185.32.80 > 172.17.0.3.36974: Flags [.], ack 78, win 65535, length 0
00:05:59.321110 IP 61.135.185.32.80 > 172.17.0.3.36974: Flags [P.], seq 1:1413, ack 78, win 65535, length 1412: HTTP: HTTP/1.1 200 OK
00:05:59.321156 IP 172.17.0.3.36974 > 61.135.185.32.80: Flags [.], ack 1413, win 251, length 0
00:05:59.321304 IP 61.135.185.32.80 > 172.17.0.3.36974: Flags [P.], seq 1413:2782, ack 78, win 65535, length 1369: HTTP
00:05:59.321336 IP 172.17.0.3.36974 > 61.135.185.32.80: Flags [.], ack 2782, win 274, length 0
# 四次分手
00:05:59.321761 IP 172.17.0.3.36974 > 61.135.185.32.80: Flags [F.], seq 78, ack 2782, win 274, length 0
00:05:59.321949 IP 61.135.185.32.80 > 172.17.0.3.36974: Flags [.], ack 79, win 65535, length 0
00:05:59.326636 IP 61.135.185.32.80 > 172.17.0.3.36974: Flags [F.], seq 2782, ack 79, win 65535, length 0
00:05:59.326686 IP 172.17.0.3.36974 > 61.135.185.32.80: Flags [.], ack 2783, win 274, length 0
avatar
文章
阅读
粉丝