tcpdump application

Others 2022-05-16 23:39:34 views: 0
The server side queries the network tcp diary artifact tcpdump.
tcpdump is mainly used to record the specific situation of tcp requests.
1. Basic usage of
tcpdump tcpdump -i eth1 is used to query the network situation on eth1 on the Internet
tcpdump -i eth1 -w /mnt/test.cap Write the record in the /mnt/test.cap file
tcpdump -i eth1 -w /mnt/test.cap host 113.33.12.86 Record all requests through host
tcpdump -i eth1 -w /mnt/test.cap host 113.33.12.86 port 80 Record requests on port 80
tcpdump -i eth1 -w /mnt/test .cap src host 113.33.12.86 Record the request log where the source (outflow) is 113.33.12.86
tcpdump -i eth1 -w /mnt/test.cap dst host 113.33.12.86 Record the request log where the destination (flow) is 113.33.12.86 The

above can be

Solve 99% of
the problems ) client A, server B, initial sequence number seq, acknowledgment number ack initial state: B is in the listening state, A is in the open state








A -> B : seq = x (A sends a connection request segment to B, and A enters the synchronous sending state SYN-SENT)

B -> A : ack = x + 1, seq = y (B receives the segment, Send confirmation to A, and B enters the synchronous reception state SYN-RCVD)

A -> B : ack = y+1 (After A receives the confirmation from B, it confirms again, and A enters the connection state ESTABLISHED)

The state after connection: B receives After A's confirmation, it enters the connection state ESTABLISHED.

Why does it take three handshakes to

prevent the invalid connection request from being suddenly transmitted to the server side, so that the server side mistakenly thinks that a connection is to be established.




(2) TCP connection release (waves four times)
A ​​-> B : seq = u (A sends a connection release segment and enters the termination waiting state FIN-WAIT-1)

B -> A : ack = u + 1, seq = v (B receives the message segment, sends an acknowledgment, TCP is half-closed, B can also send data to A, and B enters the shutdown waiting state WAIT)

B -> A : ack = u + 1, seq = w (B Repeatedly send the confirmation number, enter the last confirmation state LAST-ACK)

A -> B : ack = w + 1, seq = u + 1 (A sends confirmation, enters the time waiting state TIME-WAIT)

Elapsed time waits for the time set by the timer After 2MSL, A enters the CLOSED state.

Why does A have to wait for 2MSL after entering TIME-WAIT to

ensure that the last ACK segment sent by A can reach B
to prevent invalid segments from appearing in the connection?


Reference :
http://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326594017&siteId=291194637
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com