19.2 交互式输入
首先来观察在一个Rlogin连接上键入一个交互命令时所产生的数据流,
许多TCP/IP的初学者吃惊地发现通常每一个交互按键都会产生一个数据分组。
每次从客户传到服务器的是一个字节的按键(而不是每次一行)
tcpdump -i eth1 '((tcp) and ( host 192.168.137.3) and (port 22)'
输入date命令:
node2:/root#date
2020年 02月 19日 星期三 21:35:34 CST
node2:/root#
node1:/root#tcpdump -i eth1 '((tcp) and ( host 192.168.137.3) and (port 22))'
22:23:28.048761 IP node1.46774 > node2.ssh: Flags [P.], seq 2462:2510, ack 2406, win 307, options [nop,nop,TS val 18248727 ecr 17765473], length 48
22:23:28.051571 IP node2.ssh > node1.46774: Flags [P.], seq 2406:2454, ack 2510, win 204, options [nop,nop,TS val 17788921 ecr 18248727], length 48
22:23:28.051593 IP node1.46774 > node2.ssh: Flags [.], ack 2454, win 307, options [nop,nop,TS val 18248730 ecr 17788921], length 0
22:23:30.000975 IP 192.168.137.1.55166 > node2.ssh: Flags [P.], seq 2096030960:2096030996, ack 3442285024, win 16301, length 36
22:23:30.041769 IP node2.ssh > 192.168.137.1.55166: Flags [.], ack 36, win 145, length 0
每输入一个字母都会产生一个数据分组
输入d
22:30:05.629341 IP node1.33773 > node2.telnet: Flags [P.], seq 2780265996:2780265997, ack 2232007234, win 229, options [nop,nop,TS val 18646308 ecr 18179225], length 1
22:30:05.631458 IP node2.telnet > node1.33773: Flags [P.], seq 1:2, ack 1, win 114, options [nop,nop,TS val 18186500 ecr 18646308], length 1
22:30:05.631480 IP node1.33773 > node2.telnet: Flags [.], ack 2, win 229, options [nop,nop,TS val 18646310 ecr 18186500], length 0
输入a
22:30:22.264725 IP node1.33773 > node2.telnet: Flags [P.], seq 1:2, ack 2, win 229, options [nop,nop,TS val 18662943 ecr 18186500], length 1
22:30:22.271499 IP node2.telnet > node1.33773: Flags [P.], seq 2:3, ack 2, win 114, options [nop,nop,TS val 18203139 ecr 18662943], length 1
22:30:22.271535 IP node1.33773 > node2.telnet: Flags [.], ack 3, win 229, options [nop,nop,TS val 18662950 ecr 18203139], length 0