zoukankan      html  css  js  c++  java

  • tcpdump使用

    1. 在work帐号下,是没有 tcpdump的,需要到root帐号下,tcpdump已经装好了。

    2. 用另一台机器连接本机的redis服务。

    然后,在root下,使用

    # tcpdump -n -i xgbe0 host 10.117.146.16 and 10.117.146.17

    首先发现是有ack包用来维持连接(其中也有ARP,根据IP地址获取物理地址):

    18:39:58.489583 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 1, win 70, options [nop,nop,TS val 3307108132 ecr 3307091780], length 0
18:39:58.489593 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 1, win 57, options [nop,nop,TS val 3307106780 ecr 3307033133], length 0
18:40:03.489565 ARP, Request who-has 10.117.146.16 tell 10.117.146.17, length 46
18:40:03.489574 ARP, Reply 10.117.146.16 is-at 6c:92:bf:28:c9:c0, length 28
18:40:13.489538 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 1, win 70, options [nop,nop,TS val 3307123132 ecr 3307106780], length 0
18:40:13.489555 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 1, win 57, options [nop,nop,TS val 3307121780 ecr 3307033133], length 0

    然后,客户端发起一个命令:

    10.117.146.16:6379> zrange page_rank 0 -1 
1) "bing.com"
2) "baidu.com"
3) "google.com"

    发现,服务器出现了两次请求。之后,出现了3个ack。再之后,ack恢复到像之前那样的两个。

    18:46:52.290830 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [P.], seq 1:47, ack 1, win 70, options [nop,nop,TS val 3307521935 ecr 3307516378], length 46
18:46:52.290843 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 47, win 57, options [nop,nop,TS val 3307520581 ecr 3307521935], length 0
18:46:52.290867 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [P.], seq 1:51, ack 47, win 57, options [nop,nop,TS val 3307520581 ecr 3307521935], length 50
18:46:52.290895 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 51, win 70, options [nop,nop,TS val 3307521935 ecr 3307520581], length 0
18:47:07.290512 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 51, win 70, options [nop,nop,TS val 3307536935 ecr 3307520581], length 0
18:47:07.290521 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 47, win 57, options [nop,nop,TS val 3307535581 ecr 3307521935], length 0

    用以下命令可以打印出包的内容,虽然没有解码看的不太清楚:

    tcpdump -n -i xgbe0 host 10.117.146.16 and 10.117.146.17 -X -nn

    内容如下:

    19:51:13.418725 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 1, win 70, options [nop,nop,TS val 3311383064 ecr 3311366709], length 0
        0x0000:  4500 0034 6a76 4000 4006 9742 0a75 9211  E..4jv@.@..B.u..
        0x0010:  0a75 9210 bd07 18eb bda4 dc02 6a58 4e41  .u..........jXNA
        0x0020:  8010 0046 662a 0000 0101 080a c55f b218  ...Ff*......._..
        0x0030:  c55f 7235                                ._r5
19:51:13.418738 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 1, win 57, options [nop,nop,TS val 3311381709 ecr 3311113079], length 0
        0x0000:  4500 0034 a43b 4000 4006 5d7d 0a75 9210  E..4.;@.@.]}.u..
        0x0010:  0a75 9211 18eb bd07 6a58 4e41 bda4 dc03  .u......jXNA....
        0x0020:  8010 0039 4a43 0000 0101 080a c55f accd  ...9JC......._..
        0x0030:  c55b 9377                                .[.w
19:51:15.050938 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [P.], seq 1:47, ack 1, win 70, options [nop,nop,TS val 3311384696 ecr 3311381709], length 46
        0x0000:  4500 0062 6a77 4000 4006 9713 0a75 9211  E..bjw@.@....u..
        0x0010:  0a75 9210 bd07 18eb bda4 dc03 6a58 4e41  .u..........jXNA
        0x0020:  8018 0046 7951 0000 0101 080a c55f b878  ...FyQ......._.x
        0x0030:  c55f accd 2a34 0d0a 2436 0d0a 7a72 616e  ._..*4..$6..zran
        0x0040:  6765 0d0a 2439 0d0a 7061 6765 5f72 616e  ge..$9..page_ran
        0x0050:  6b0d 0a24 310d 0a30 0d0a 2432 0d0a 2d31  k..$1..0..$2..-1
        0x0060:  0d0a                                     ..
19:51:15.050951 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 47, win 57, options [nop,nop,TS val 3311383341 ecr 3311384696], length 0
        0x0000:  4500 0034 a43c 4000 4006 5d7c 0a75 9210  E..4.<@.@.]|.u..
        0x0010:  0a75 9211 18eb bd07 6a58 4e41 bda4 dc31  .u......jXNA...1
        0x0020:  8010 0039 1eb0 0000 0101 080a c55f b32d  ...9........._.-
        0x0030:  c55f b878                                ._.x
19:51:15.050973 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [P.], seq 1:51, ack 47, win 57, options [nop,nop,TS val 3311383341 ecr 3311384696], length 50
        0x0000:  4500 0066 a43d 4000 4006 5d49 0a75 9210  E..f.=@.@.]I.u..
        0x0010:  0a75 9211 18eb bd07 6a58 4e41 bda4 dc31  .u......jXNA...1
        0x0020:  8018 0039 3964 0000 0101 080a c55f b32d  ...99d......._.-
        0x0030:  c55f b878 2a33 0d0a 2438 0d0a 6269 6e67  ._.x*3..$8..bing
        0x0040:  2e63 6f6d 0d0a 2439 0d0a 6261 6964 752e  .com..$9..baidu.
        0x0050:  636f 6d0d 0a24 3130 0d0a 676f 6f67 6c65  com..$10..google
        0x0060:  2e63 6f6d 0d0a                           .com..
19:51:15.051002 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 51, win 70, options [nop,nop,TS val 3311384696 ecr 3311383341], length 0
        0x0000:  4500 0034 6a78 4000 4006 9740 0a75 9211  E..4jx@.@..@.u..
        0x0010:  0a75 9210 bd07 18eb bda4 dc31 6a58 4e73  .u.........1jXNs
        0x0020:  8010 0046 1e71 0000 0101 080a c55f b878  ...F.q......._.x
        0x0030:  c55f b32d                                ._.-

    从上面,可以看出来,虽然包是Sync,但是方向是反的,前面的Sync是17到16的,是发送请求,后面的Sync是16到17的,是返回结果。并且包里面的seq标号“seq 1:51”也增加了很多,说明包的长度比较大。
  • 相关阅读:
    【郑轻邀请赛 G】密室逃脱
    【郑轻邀请赛 C】DOBRI
    【郑轻邀请赛 F】 Tmk吃汤饭
    【郑轻邀请赛 I】这里是天堂!
    【郑轻邀请赛 B】base64解密
    【郑轻邀请赛 A】tmk射气球
    【郑轻邀请赛 H】 维克兹的进制转换
    解决adb command not found以及sdk环境配置
    adb shell 命令详解,android, adb logcat
    Unexpected exception 'Cannot run program ... error=2, No such file or directory' ... adb'
  • 原文地址:https://www.cnblogs.com/charlesblc/p/5943568.html
Copyright © 2011-2022 走看看