tcpdump實驗分析

2021-09-22 12:36:14 字數 2062 閱讀 2378

安裝nc工具:yum install nc

監聽本地網絡卡流量:tcpdump -i lo -n -nn tcp port 8888

建立tcp/udp連線:nc -p 1234 10.96.78.213 8888

//建立tcp連線


14:07:53.220954 ip 10.96.78.213.1234 > 10.96.78.213.8888: flags [s], seq 1057661546, win 43690, options [mss 65495,sackok,ts val 1879360564 ecr 0,nop,wscale 7], length 0


14:01:06.103599 ip 10.96.78.213.8888 > 10.96.78.213.1234: flags [s.], seq 2496367938, ack 1057661547, win 43690, options [mss 65495,sackok,ts val 1879360564 ecr 1879360564,nop,wscale 7], length 0


14:07:53.221003 ip 10.96.78.213.1234 > 10.96.78.213.8888: flags [.], ack 1, win 342, options [nop,nop,ts val 1879360564 ecr 1879360564], length 0


//客戶端傳送請求


14:08:18.802016 ip 10.96.78.213.1234 > 10.96.78.213.8888: flags [p.], seq 1:7, ack 1, win 342, options [nop,nop,ts val 1879386145 ecr 1879360564], length 6


14:08:18.802041 ip 10.96.78.213.8888 > 10.96.78.213.1234: flags [.], ack 7, win 342, options [nop,nop,ts val 1879386145 ecr 1879386145], length 0


//服務端傳送響應


14:08:18.802683 ip 10.96.78.213.8888 > 10.96.78.213.1234: flags [p.], seq 1:107, ack 7, win 342, options [nop,nop,ts val 1879386146 ecr 1879386145], length 106


14:08:18.802695 ip 10.96.78.213.1234 > 10.96.78.213.8888: flags [.], ack 107, win 342, options [nop,nop,ts val 1879386146 ecr 1879386146], length 0


//服務端主動關閉連線


14:08:18.802800 ip 10.96.78.213.8888 > 10.96.78.213.1234: flags [f.], seq 107, ack 7, win 342, options [nop,nop,ts val 1879386146 ecr 1879386146], length 0


14:08:18.842051 ip 10.96.78.213.1234 > 10.96.78.213.8888: flags [.], ack 108, win 342, options [nop,nop,ts val 1879386186 ecr 1879386146], length 0


//客戶端主動關閉連線


14:20:49.874086 ip 10.96.78.213.1234 > 10.96.78.213.8888: flags [f.], seq 7, ack 108, win 342, options [nop,nop,ts val 1880137218 ecr 1879386146], length 0


//客戶端強制關閉連線


14:20:49.874107 ip 10.96.78.213.8888 > 10.96.78.213.1234: flags [r], seq 2496368046, win 0, length 0
參考:

nc使用:記錄/2017/12/12/netcat-usage/

Tcpdump例項分析

常用用法 這裡用sudo因為當前帳號無權使用tcpdump,這裡僅以乙個tcp的例子來說明 sudo usr sbin tcpdump tcp port 80 and host 172.23.1.69 ieth1 n 每一行中間都有這個包所攜帶的標誌 s syn,發起連線標誌 p push,傳送資料...

tcpdump 抓包與分析

tcpdump 抓包與分析 tcpdump抓的包內容可以用wireshark進行解析,如 tcpdump c1000 w tmp tcpdump.test.cap wireshark是開源軟體windows和linux下都可以執行,我在windows下測試的,用wireshark開啟 tcpdump...

網路包分析利器tcpdump

tcpdump addefllnnopqrstuuvxx c count c file size f file i inte ce m module m secret r file s snaplen t type w file w filecount e spi ipaddr algo secre...