zoukankan      html  css  js  c++  java

  • 使用tcpdump观察IPV4头部结构

    sudo tcpdump -nt -i lo  #抓取本地回路上的数据包

    先运行上面的命令,然后再另一个终端运行下图所示的命令;

    [root@linux 5]# sudo tcpdump -nt -i lo
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [S], seq 4121980321, win 32792, options [mss 16396,sackOK,TS val 19864133 ecr 0,nop,wscale 5], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [S.], seq 2207362318, ack 4121980322, win 32768, options [mss 16396,sackOK,TS val 19864133 ecr 19864133,nop,wscale 5], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 1, win 1025, options [nop,nop,TS val 19864133 ecr 19864133], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 1:28, ack 1, win 1025, options [nop,nop,TS val 19864159 ecr 19864133], length 27
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 28, win 1024, options [nop,nop,TS val 19864159 ecr 19864159], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 1:13, ack 28, win 1024, options [nop,nop,TS val 19864345 ecr 19864159], length 12
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 13, win 1025, options [nop,nop,TS val 19864345 ecr 19864345], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 13:52, ack 28, win 1024, options [nop,nop,TS val 19864346 ecr 19864345], length 39
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 52, win 1025, options [nop,nop,TS val 19864346 ecr 19864346], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 28:174, ack 52, win 1025, options [nop,nop,TS val 19864347 ecr 19864346], length 146
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 174, win 1058, options [nop,nop,TS val 19864347 ecr 19864347], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 52:55, ack 174, win 1058, options [nop,nop,TS val 19864348 ecr 19864347], length 3
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 174:177, ack 55, win 1025, options [nop,nop,TS val 19864348 ecr 19864348], length 3
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 55:153, ack 177, win 1058, options [nop,nop,TS val 19864350 ecr 19864348], length 98
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 177:180, ack 153, win 1025, options [nop,nop,TS val 19864350 ecr 19864350], length 3
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 180, win 1058, options [nop,nop,TS val 19864390 ecr 19864350], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.U], seq 153:154, ack 180, win 1058, urg 1, options [nop,nop,TS val 19864548 ecr 19864350], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 154:155, ack 180, win 1058, options [nop,nop,TS val 19864548 ecr 19864350], length 1
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 155, win 1025, options [nop,nop,TS val 19864549 ecr 19864548], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 155:162, ack 180, win 1058, options [nop,nop,TS val 19864587 ecr 19864549], length 7
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 162, win 1025, options [nop,nop,TS val 19864627 ecr 19864587], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 180:181, ack 162, win 1025, options [nop,nop,TS val 19897038 ecr 19864587], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 181, win 1058, options [nop,nop,TS val 19897038 ecr 19897038], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 162:163, ack 181, win 1058, options [nop,nop,TS val 19897040 ecr 19897038], length 1
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 163, win 1025, options [nop,nop,TS val 19897040 ecr 19897040], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 181:182, ack 163, win 1025, options [nop,nop,TS val 19897381 ecr 19897040], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 163:164, ack 182, win 1058, options [nop,nop,TS val 19897383 ecr 19897381], length 1
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 164, win 1025, options [nop,nop,TS val 19897383 ecr 19897383], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 182:183, ack 164, win 1025, options [nop,nop,TS val 19897526 ecr 19897383], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 164:165, ack 183, win 1058, options [nop,nop,TS val 19897528 ecr 19897526], length 1
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 165, win 1025, options [nop,nop,TS val 19897528 ecr 19897528], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 183:184, ack 165, win 1025, options [nop,nop,TS val 19897642 ecr 19897528], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 165:166, ack 184, win 1058, options [nop,nop,TS val 19897644 ecr 19897642], length 1
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 166, win 1025, options [nop,nop,TS val 19897644 ecr 19897644], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 184:186, ack 166, win 1025, options [nop,nop,TS val 19897965 ecr 19897644], length 2
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 166:168, ack 186, win 1058, options [nop,nop,TS val 19897968 ecr 19897965], length 2
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 168, win 1025, options [nop,nop,TS val 19897968 ecr 19897968], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 168:178, ack 186, win 1058, options [nop,nop,TS val 19898075 ecr 19897968], length 10
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 178, win 1025, options [nop,nop,TS val 19898075 ecr 19898075], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 186:187, ack 178, win 1025, options [nop,nop,TS val 19899974 ecr 19898075], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 187, win 1058, options [nop,nop,TS val 19900014 ecr 19899974], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 187:188, ack 178, win 1025, options [nop,nop,TS val 19900310 ecr 19900014], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 188, win 1058, options [nop,nop,TS val 19900310 ecr 19900310], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 188:189, ack 178, win 1025, options [nop,nop,TS val 19900606 ecr 19900310], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 189, win 1058, options [nop,nop,TS val 19900606 ecr 19900606], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 189:190, ack 178, win 1025, options [nop,nop,TS val 19900901 ecr 19900606], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 190, win 1058, options [nop,nop,TS val 19900901 ecr 19900901], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 190:191, ack 178, win 1025, options [nop,nop,TS val 19901206 ecr 19900901], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 191, win 1058, options [nop,nop,TS val 19901206 ecr 19901206], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 191:192, ack 178, win 1025, options [nop,nop,TS val 19901494 ecr 19901206], length 1
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 192, win 1058, options [nop,nop,TS val 19901494 ecr 19901494], length 0
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [P.], seq 192:194, ack 178, win 1025, options [nop,nop,TS val 19902125 ecr 19901494], length 2
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [.], ack 194, win 1058, options [nop,nop,TS val 19902125 ecr 19902125], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 178:180, ack 194, win 1058, options [nop,nop,TS val 19902127 ecr 19902125], length 2
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 180, win 1025, options [nop,nop,TS val 19902127 ecr 19902127], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 180:228, ack 194, win 1058, options [nop,nop,TS val 19902836 ecr 19902127], length 48
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 228, win 1025, options [nop,nop,TS val 19902836 ecr 19902836], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 228:245, ack 194, win 1058, options [nop,nop,TS val 19903150 ecr 19902836], length 17
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 245, win 1025, options [nop,nop,TS val 19903150 ecr 19903150], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 245:253, ack 194, win 1058, options [nop,nop,TS val 19903152 ecr 19903150], length 8
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 253, win 1025, options [nop,nop,TS val 19903152 ecr 19903152], length 0
    IP 127.0.0.1.telnet > 127.0.0.1.38508: Flags [P.], seq 253:269, ack 194, win 1058, options [nop,nop,TS val 19903154 ecr 19903152], length 16
    IP 127.0.0.1.38508 > 127.0.0.1.telnet: Flags [.], ack 269, win 1025, options [nop,nop,TS val 19903154 ecr 19903154], length 0

    该数据包描述的是一个ip数据包。

    由于我们使用telnet登录本机,所以ip数据包源端ip地址和目的ip地址都是“127.0.0.1”。telnet服务器程序使用的端口号是23(参见/etc/service文件),而telnet客户端

    程序使用临时端口号38508与服务器进行通信。关于临时端口,"Flags","seq"等描述的都是TCP头部信息,我们将在第三章写出!
  • 相关阅读:
    C语言和python分别计算文件的md5值
    C语言计算文件大小
    Linux内核源码下载
    Linux系统编程20_VFS虚拟文件系统
    Linux系统编程19_标准I/O
    C语言Review5_函数指针和数组指针
    C语言Review4_头文件引用符号的区别
    PDO之MySql持久化自动重连导致内存溢出
    小程序之app.json not found
    phpstorm之"Can not run PHP Code Sniffer"
  • 原文地址:https://www.cnblogs.com/leijiangtao/p/4442014.html
Copyright © 2011-2022 走看看