2020-08-03 分类:Linux 作者:admin 阅读(23)
截取数据只是第一步,第二步就是理解这些数据,下面就解释一下 tcpdump 命令输出各部分的意义。
|
1 2 3 |
<span class="code-snippet_outer">21<span class="hljs-selector-pseudo">:27</span><span class="hljs-selector-pseudo">:06.995846</span> <span class="hljs-selector-tag">IP</span> (<span class="hljs-selector-tag">tos</span> 0<span class="hljs-selector-tag">x0</span>, <span class="hljs-selector-tag">ttl</span> 64, <span class="hljs-selector-tag">id</span> 45646, <span class="hljs-selector-tag">offset</span> 0, <span class="hljs-selector-tag">flags</span> <span class="hljs-selector-attr">[DF]</span>, <span class="hljs-selector-tag">proto</span> <span class="hljs-selector-tag">TCP</span> (6), <span class="hljs-selector-tag">length</span> 64)</span></code><code class="hljs css"><span class="code-snippet_outer"> 192<span class="hljs-selector-class">.168</span><span class="hljs-selector-class">.1</span><span class="hljs-selector-class">.106</span><span class="hljs-selector-class">.56166</span> > 124<span class="hljs-selector-class">.192</span><span class="hljs-selector-class">.132</span><span class="hljs-selector-class">.54</span><span class="hljs-selector-class">.80</span>: <span class="hljs-selector-tag">Flags</span> <span class="hljs-selector-attr">[S]</span>, <span class="hljs-selector-tag">cksum</span> 0<span class="hljs-selector-tag">xa730</span> (<span class="hljs-selector-tag">correct</span>), <span class="hljs-selector-tag">seq</span> 992042666, <span class="hljs-selector-tag">win</span> 65535, <span class="hljs-selector-tag">options</span> <span class="hljs-selector-attr">[mss 1460,nop,wscale 4,nop,nop,TS val 663433143 ecr 0,sackOK,eol]</span>, <span class="hljs-selector-tag">length</span> 0</span></code><code class="hljs"><span class="code-snippet_outer"> </span></code><code class="hljs css"><span class="code-snippet_outer">21<span class="hljs-selector-pseudo">:27</span><span class="hljs-selector-pseudo">:07.030487</span> <span class="hljs-selector-tag">IP</span> (<span class="hljs-selector-tag">tos</span> 0<span class="hljs-selector-tag">x0</span>, <span class="hljs-selector-tag">ttl</span> 51, <span class="hljs-selector-tag">id</span> 0, <span class="hljs-selector-tag">offset</span> 0, <span class="hljs-selector-tag">flags</span> <span class="hljs-selector-attr">[DF]</span>, <span class="hljs-selector-tag">proto</span> <span class="hljs-selector-tag">TCP</span> (6), <span class="hljs-selector-tag">length</span> 44)</span></code><code class="hljs css"><span class="code-snippet_outer"> 124<span class="hljs-selector-class">.192</span><span class="hljs-selector-class">.132</span><span class="hljs-selector-class">.54</span><span class="hljs-selector-class">.80</span> > 192<span class="hljs-selector-class">.168</span><span class="hljs-selector-class">.1</span><span class="hljs-selector-class">.106</span><span class="hljs-selector-class">.56166</span>: <span class="hljs-selector-tag">Flags</span> <span class="hljs-selector-attr">[S.]</span>, <span class="hljs-selector-tag">cksum</span> 0<span class="hljs-selector-tag">xedc0</span> (<span class="hljs-selector-tag">correct</span>), <span class="hljs-selector-tag">seq</span> 2147006684, <span class="hljs-selector-tag">ack</span> 992042667, <span class="hljs-selector-tag">win</span> 14600, <span class="hljs-selector-tag">options</span> <span class="hljs-selector-attr">[mss 1440]</span>, <span class="hljs-selector-tag">length</span> 0</span></code><code class="hljs"><span class="code-snippet_outer"> </span></code><code class="hljs css"><span class="code-snippet_outer">21<span class="hljs-selector-pseudo">:27</span><span class="hljs-selector-pseudo">:07.030527</span> <span class="hljs-selector-tag">IP</span> (<span class="hljs-selector-tag">tos</span> 0<span class="hljs-selector-tag">x0</span>, <span class="hljs-selector-tag">ttl</span> 64, <span class="hljs-selector-tag">id</span> 59119, <span class="hljs-selector-tag">offset</span> 0, <span class="hljs-selector-tag">flags</span> <span class="hljs-selector-attr">[DF]</span>, <span class="hljs-selector-tag">proto</span> <span class="hljs-selector-tag">TCP</span> (6), <span class="hljs-selector-tag">length</span> 40)</span></code><code class="hljs css"><span class="code-snippet_outer"> 192<span class="hljs-selector-class">.168</span><span class="hljs-selector-class">.1</span><span class="hljs-selector-class">.106</span><span class="hljs-selector-class">.56166</span> > 124<span class="hljs-selector-class">.192</span><span class="hljs-selector-class">.132</span><span class="hljs-selector-class">.54</span><span class="hljs-selector-class">.80</span>: <span class="hljs-selector-tag">Flags</span> <span class="hljs-selector-attr">[.]</span>, <span class="hljs-selector-tag">cksum</span> 0<span class="hljs-selector-tag">x3e72</span> (<span class="hljs-selector-tag">correct</span>), <span class="hljs-selector-tag">ack</span> 2147006685, <span class="hljs-selector-tag">win</span> 65535, <span class="hljs-selector-tag">length</span> 0</span> |
最基本也是最重要的信息就是数据包的源地址/端口和目的地址/端口,上面的例子第一条数据包中,源地址 ip 是 192.168.1.106,源端口是 56166,目的地址是 124.192.132.54,目的端口是 80。 > 符号代表数据的方向。
此外,上面的三条数据还是 tcp 协议的三次握手过程,第一条就是 SYN 报文,这个可以通过 Flags [S] 看出。下面是常见的 TCP 报文的 Flags:
•[S]: SYN(开始连接)
•[.]: 没有 Flag•[P]: PSH(推送数据)
•[F]: FIN (结束连接)
•[R]: RST(重置连接)
来源:https://blog.csdn.net/qq_25453065/article/details/89786943
https://www.cnblogs.com/pyng/p/9698723.html
「三年博客,如果觉得我的文章对您有用,请帮助本站成长」
上一篇:tcpdump
下一篇:linux 软件安装
分别用不同厚度的筏板定义,画图后这设置筏板变截面处理。 http://f.fwxgx.co...
评:新文章!分别用不同厚度的筏板定义,画图后这设置筏板变截面处理。 http://f.fwxgx.co...
评:新文章!新增一个框架图! http://biji.jinli.vip/wp-content/upl...
评:新文章!嗨,这是一条评论。 要开始审核、编辑及删除评论,请访问仪表盘的“评论”页面。 评论者头像来自...
评:世界,您好!
共有 0 - tcpdump报文的分析