zoukankan      html  css  js  c++  java

  • RabbiMQ 数据包分析

    抓包分析

    1. 启动项目会提示,开启本地一个端口,通过该端口将数据发到 MQ (5672)
    2021-08-29 21:03:33.592  INFO 67718 --- [           main] o.s.a.r.c.CachingConnectionFactory       : Created new connection: rabbitConnectionFactory#4417af13:0/SimpleConnection@44e93c1f [delegate=amqp://rabbit@192.168.1.188:5672/, localPort= 60934]

Provider: helloSun Aug 29 21:03:58 CST 2021
Consumer: helloSun Aug 29 21:03:58 CST 202
    1. 使用 tcpdump 抓包分析
    seth:~ seth$ sudo tcpdump port 60934
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
21:03:58.060237 IP 192.168.1.188.amqp > 192.168.1.60.60934: Flags [P.], seq 1561319276:1561319292, ack 371193347, win 506, options [nop,nop,TS val 1505813439 ecr 729215406], length 16
21:03:58.064623 IP 192.168.1.188.amqp > 192.168.1.60.60934: Flags [P.], seq 16:168, ack 115, win 506, options [nop,nop,TS val 1505813443 ecr 729215409], length 152
21:03:58.119393 IP 192.168.1.188.amqp > 192.168.1.60.60934: Flags [.], ack 136, win 506, options [nop,nop,TS val 1505813498 ecr 729215421], length 0
21:04:03.591917 IP 192.168.1.188.amqp > 192.168.1.60.60934: Flags [P.], seq 168:176, ack 136, win 506, options [nop,nop,TS val 1505818970 ecr 729215421], length 8

    tcpdump + wireshark

    提示:-w参数可将抓包数据保存到文件(.cap)中,再用 wireshark 打开,这样分析会更方便快捷

    seth:tmp seth$ sudo tcpdump port 56428 -w mq.cap
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
^C8 packets captured
583 packets received by filter
0 packets dropped by kernel

    image-20210829212204307

    完整图片

    image-20210829213025355

    image-20210829213031361

    image-20210829213040972

    image-20210829213007307

    image-20210829235134352

    案例

    当启动了客户端之后,抓包的窗口中就已经显示了抓到的报文,如下:

    17:48:20.202499 IP 127.0.0.1.59466 > 127.0.0.1.8888: Flags [S], seq 3257142365, win 65495, options [mss 65495,sackOK,TS val 1604396091 ecr 0,nop,wscale 7], length 0
17:48:20.202511 IP 127.0.0.1.8888 > 127.0.0.1.59466: Flags [S.], seq 2103221418, ack 3257142366, win 65483, options [mss 65495,sackOK,TS val 1604396091 ecr 1604396091,nop,wscale 7], length 0
17:48:20.202520 IP 127.0.0.1.59466 > 127.0.0.1.8888: Flags [.], ack 1, win 512, options [nop,nop,TS val 1604396091 ecr 1604396091], length 0

    说明

    1. 21:03:58.060237 该数据报文被抓取的系统本地时间戳
    2. IP 网络层协议类型,这里是 IPv4,如果是 IPv6 协议,该字段值是 IP6
    3. 127.0.0.1.59466 > 127.0.0.1.8888 源IP:端口和目标IP:端口
    4. Flags [S] 这是报文的标志位,下文会用表格列出Flag与报文标志位的对应关系
    5. seq 3257142365 报文的序列号,可以看到这是一个随机数
    6. win 65495 发送方的窗口大小,窗口大小参考《计算机网络》这门课
    7. options [...] 这些是选项
    8. length 0 这是报文中数据部分的长度

    Flag与报文标志位的对应关系

    Flag 标志位
    S SYN
    . ACK
    F FIN
    P PSH
    R RST
  • 相关阅读:
    CentOs 安装 Mysql
    安装 CentOs 系统 及 Python 及 Scrapy 框架
    对IOC的理解
    SQL语句优化 -- 以Mysql为例
    探讨 java中 接口和对象的关系
    Java中组合 设计技巧 实例
    【题解】Arpa's letter-marked tree and Mehrdad's Dokhtar-kosh paths Codeforces 741D DSU on Tree
    【题解】Tree-String Problem Codeforces 291E AC自动机
    【题解】打地鼠 SDOI2011 模拟 行列无关
    【题解】新型城市化 HAOI2017 网络流 二分图最大匹配 强连通分量
  • 原文地址:https://www.cnblogs.com/sethxiong/p/15337850.html
Copyright © 2011-2022 走看看