tcpdump application

Others 2022-05-17 00:03:03 views: 0
The server side queries the network tcp diary artifact tcpdump.
tcpdump is mainly used to record the specific situation of tcp requests.
1. Basic usage of
tcpdump tcpdump -i eth1 is used to query the network condition on eth1 on the Internet
tcpdump -i eth1 -w /mnt/test.cap Write the record in the /mnt/test.cap file
tcpdump -i eth1 -w /mnt/test.cap host 113.33.12.86 Record all requests through host
tcpdump -i eth1 -w /mnt/test.cap host 113.33.12.86 port 80 Record requests on port 80
tcpdump -i eth1 -w /mnt/test .cap src host 113.33.12.86 Record the request log where the source (outflow) is 113.33.12.86
tcpdump -i eth1 -w /mnt/test.cap dst host 113.33.12.86 Record the request log where the destination (flow) is 113.33.12.86 The

above can be

Solve 99% of
the problems ) client A, server B, initial sequence number seq, acknowledgment number ack initial state: B is in the listening state, A is in the open state








A -> B : seq = x (A sends a connection request segment to B, and A enters the synchronous sending state SYN-SENT)

B -> A : ack = x + 1, seq = y (B receives the segment, Send confirmation to A, B enters synchronous reception state SYN-RCVD)

A -> B : ack = y+1 (A receives confirmation from B, confirms again, and A enters the connection state ESTABLISHED) State

after connection: B receives After A's confirmation, it enters the connection state .

(2) TCP connection release (waves four times) A ​​-> B : seq = u (A sends a connection release segment and enters the termination waiting state FIN-WAIT-1) B -> A : ack = u + 1, seq = v (B receives the message segment, sends an acknowledgment, TCP is half-closed, B can also send data to A, and B enters the shutdown waiting state WAIT) B -> A : ack = u + 1, seq = w (B Repeatedly send the confirmation number, enter the final confirmation state LAST-ACK) A -> B : ack = w + 1, seq = u + 1 (A sends confirmation and enters the time waiting state TIME-WAIT) Elapsed time waits for the time set by the timer After 2MSL, A enters the CLOSED state. Why does A have to wait for 2MSL after entering TIME-WAIT to ensure that the last ACK segment sent by A can reach B to prevent invalid segments from appearing in the connection? Reference :
























http://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326615070&siteId=291194637
Recommended
Domestic cloud input method - only Huawei has no cloud data upload security issues
Open Source Daily | Industrial open source project OGG 1.0; Sister, do you want to configure Firefox with me? Apple AI is far behind? Fedora 40
Ranking
Deploy Tomcat (Web) services Comments
jquery: event mechanism bind() on()
The simple and easy-to-understand basic encapsulation module makes Web testing easier!
Oracle Database on Linux solutions Chinese garbled
Talk about the REST API of Eureka Server
Instructions for companies applying for ISO certification
Spring mvc framework adds encryption/decryption of messages
Transport layer protocol-introduction of TCP protocol and the process of three-way handshake and four-time disconnection, and the difference with UDP protocol
MockMvc and Mockito - java.lang.AssertionError: JSON path "$" Expected: a collection with size <2> but: collection size was <0>
Redis cluster creation
Daily
More
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)

Code World

© 2018 codetd.com