zoukankan      html  css  js  c++  java
  • tcpdump使用

    1. 在work帐号下,是没有 tcpdump的,需要到root帐号下,tcpdump已经装好了。

    2. 用另一台机器连接本机的redis服务。

    然后,在root下,使用

    # tcpdump -n -i xgbe0 host 10.117.146.16 and 10.117.146.17

    首先发现是有ack包用来维持连接(其中也有ARP,根据IP地址获取物理地址):

    18:39:58.489583 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 1, win 70, options [nop,nop,TS val 3307108132 ecr 3307091780], length 0
    18:39:58.489593 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 1, win 57, options [nop,nop,TS val 3307106780 ecr 3307033133], length 0
    18:40:03.489565 ARP, Request who-has 10.117.146.16 tell 10.117.146.17, length 46
    18:40:03.489574 ARP, Reply 10.117.146.16 is-at 6c:92:bf:28:c9:c0, length 28
    18:40:13.489538 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 1, win 70, options [nop,nop,TS val 3307123132 ecr 3307106780], length 0
    18:40:13.489555 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 1, win 57, options [nop,nop,TS val 3307121780 ecr 3307033133], length 0

    然后,客户端发起一个命令:

    10.117.146.16:6379> zrange page_rank 0 -1 
    1) "bing.com"
    2) "baidu.com"
    3) "google.com"

    发现,服务器出现了两次请求。之后,出现了3个ack。再之后,ack恢复到像之前那样的两个。

    18:46:52.290830 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [P.], seq 1:47, ack 1, win 70, options [nop,nop,TS val 3307521935 ecr 3307516378], length 46
    18:46:52.290843 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 47, win 57, options [nop,nop,TS val 3307520581 ecr 3307521935], length 0
    18:46:52.290867 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [P.], seq 1:51, ack 47, win 57, options [nop,nop,TS val 3307520581 ecr 3307521935], length 50
    18:46:52.290895 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 51, win 70, options [nop,nop,TS val 3307521935 ecr 3307520581], length 0
    18:47:07.290512 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 51, win 70, options [nop,nop,TS val 3307536935 ecr 3307520581], length 0
    18:47:07.290521 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 47, win 57, options [nop,nop,TS val 3307535581 ecr 3307521935], length 0

    用以下命令可以打印出包的内容,虽然没有解码看的不太清楚:

    tcpdump -n -i xgbe0 host 10.117.146.16 and 10.117.146.17 -X -nn

    内容如下:

    19:51:13.418725 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 1, win 70, options [nop,nop,TS val 3311383064 ecr 3311366709], length 0
            0x0000:  4500 0034 6a76 4000 4006 9742 0a75 9211  E..4jv@.@..B.u..
            0x0010:  0a75 9210 bd07 18eb bda4 dc02 6a58 4e41  .u..........jXNA
            0x0020:  8010 0046 662a 0000 0101 080a c55f b218  ...Ff*......._..
            0x0030:  c55f 7235                                ._r5
    19:51:13.418738 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 1, win 57, options [nop,nop,TS val 3311381709 ecr 3311113079], length 0
            0x0000:  4500 0034 a43b 4000 4006 5d7d 0a75 9210  E..4.;@.@.]}.u..
            0x0010:  0a75 9211 18eb bd07 6a58 4e41 bda4 dc03  .u......jXNA....
            0x0020:  8010 0039 4a43 0000 0101 080a c55f accd  ...9JC......._..
            0x0030:  c55b 9377                                .[.w
    19:51:15.050938 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [P.], seq 1:47, ack 1, win 70, options [nop,nop,TS val 3311384696 ecr 3311381709], length 46
            0x0000:  4500 0062 6a77 4000 4006 9713 0a75 9211  E..bjw@.@....u..
            0x0010:  0a75 9210 bd07 18eb bda4 dc03 6a58 4e41  .u..........jXNA
            0x0020:  8018 0046 7951 0000 0101 080a c55f b878  ...FyQ......._.x
            0x0030:  c55f accd 2a34 0d0a 2436 0d0a 7a72 616e  ._..*4..$6..zran
            0x0040:  6765 0d0a 2439 0d0a 7061 6765 5f72 616e  ge..$9..page_ran
            0x0050:  6b0d 0a24 310d 0a30 0d0a 2432 0d0a 2d31  k..$1..0..$2..-1
            0x0060:  0d0a                                     ..
    19:51:15.050951 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [.], ack 47, win 57, options [nop,nop,TS val 3311383341 ecr 3311384696], length 0
            0x0000:  4500 0034 a43c 4000 4006 5d7c 0a75 9210  E..4.<@.@.]|.u..
            0x0010:  0a75 9211 18eb bd07 6a58 4e41 bda4 dc31  .u......jXNA...1
            0x0020:  8010 0039 1eb0 0000 0101 080a c55f b32d  ...9........._.-
            0x0030:  c55f b878                                ._.x
    19:51:15.050973 IP 10.117.146.16.6379 > 10.117.146.17.48391: Flags [P.], seq 1:51, ack 47, win 57, options [nop,nop,TS val 3311383341 ecr 3311384696], length 50
            0x0000:  4500 0066 a43d 4000 4006 5d49 0a75 9210  E..f.=@.@.]I.u..
            0x0010:  0a75 9211 18eb bd07 6a58 4e41 bda4 dc31  .u......jXNA...1
            0x0020:  8018 0039 3964 0000 0101 080a c55f b32d  ...99d......._.-
            0x0030:  c55f b878 2a33 0d0a 2438 0d0a 6269 6e67  ._.x*3..$8..bing
            0x0040:  2e63 6f6d 0d0a 2439 0d0a 6261 6964 752e  .com..$9..baidu.
            0x0050:  636f 6d0d 0a24 3130 0d0a 676f 6f67 6c65  com..$10..google
            0x0060:  2e63 6f6d 0d0a                           .com..
    19:51:15.051002 IP 10.117.146.17.48391 > 10.117.146.16.6379: Flags [.], ack 51, win 70, options [nop,nop,TS val 3311384696 ecr 3311383341], length 0
            0x0000:  4500 0034 6a78 4000 4006 9740 0a75 9211  E..4jx@.@..@.u..
            0x0010:  0a75 9210 bd07 18eb bda4 dc31 6a58 4e73  .u.........1jXNs
            0x0020:  8010 0046 1e71 0000 0101 080a c55f b878  ...F.q......._.x
            0x0030:  c55f b32d                                ._.-

    从上面,可以看出来,虽然包是Sync,但是方向是反的,前面的Sync是17到16的,是发送请求,后面的Sync是16到17的,是返回结果。并且包里面的seq标号“seq 1:51”也增加了很多,说明包的长度比较大。

  • 相关阅读:
    python基础2
    python基础1
    25 CSS3盒子模型
    24 CSS3新增选择器
    23 html5新特性
    22 css初始化
    21 布局技巧
    20 溢出的文字显示省略号
    19 vertical-align 属性应用
    18 CSS三角 用户界面样式
  • 原文地址:https://www.cnblogs.com/charlesblc/p/5943568.html
Copyright © 2011-2022 走看看