1 在Ubuntu中输入获取网口信息命令:ifconfig
此网口为ens33
2 输入捕获端口信息命令:sudo tcpdump -nn -i ens33 port 80
3 新建终端窗口,输入连接百度服务器命令:nc www.baidu.com 80
4 原始抓包数据
curl www.baidu.com 80
00:03:49.168418 IP 192.168.0.106.38262 > 14.215.177.39.80: Flags [S], seq 1135265886, win 64240, options [mss 1460,sackOK,TS val 11213184 ecr 0,nop,wscale 7], length 0
00:03:49.190769 IP 14.215.177.39.80 > 192.168.0.106.38262: Flags [S.], seq 2774412702, ack 1135265887, win 8192, options [mss 1412,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 5], length 0
00:03:49.190833 IP 192.168.0.106.38262 > 14.215.177.39.80: Flags [.], ack 1, win 502, length 0
00:03:49.190927 IP 192.168.0.106.38262 > 14.215.177.39.80: Flags [P.], seq 1:78, ack 1, win 502, length 77: HTTP: GET / HTTP/1.1
00:03:49.212831 IP 14.215.177.39.80 > 192.168.0.106.38262: Flags [.], ack 78, win 908, length 0
00:03:49.212946 IP 14.215.177.39.80 > 192.168.0.106.38262: Flags [P.], seq 1:2782, ack 78, win 908, length 2781: HTTP: HTTP/1.1 200 OK
00:03:49.212958 IP 192.168.0.106.38262 > 14.215.177.39.80: Flags [.], ack 2782, win 496, length 0
00:03:49.218772 IP 192.168.0.106.38262 > 14.215.177.39.80: Flags [F.], seq 78, ack 2782, win 501, length 0
00:03:49.222950 IP 14.215.177.39.80 > 192.168.0.106.38262: Flags [P.], seq 1413:2782, ack 78, win 908, length 1369: HTTP
00:03:49.222977 IP 192.168.0.106.38262 > 14.215.177.39.80: Flags [.], ack 2782, win 501, options [nop,nop,sack 1 {
1413:2782}], length 0
00:03:49.244709 IP 14.215.177.39.80 > 192.168.0.106.38262: Flags [.], ack 79, win 908, length 0
00:03:49.244759 IP 14.215.177.39.80 > 192.168.0.106.38262: Flags [F.], seq 2782, ack 79, win 908, length 0
00:03:49.244782 IP 192.168.0.106.38262 > 14.215.177.39.80: Flags [.], ack 2783, win 501, length 0
5 常用命令
sudo tcpdump -nn -i ens33 port 80 or arp or icmp
6 截图
6.1 三次握手
6.2 四次分手
