tcpdump 分析 TCP 通信过程
来源:互联网 发布:c语言在线编写 编辑:程序博客网 时间:2024/05/24 04:06
step1: connect(client)
14:26:17.213856 IP 172.25.40.208.49040 > 172.25.40.208.9999: S 2796874307:2796874307(0) win 32767 <mss 16396,sackOK,timestamp 166610063 166607508,nop,wscale 2>14:26:17.213876 IP 172.25.40.208.9999 > 172.25.40.208.49040: S 2805061524:2805061524(0) ack 2796874308 win 32767 <mss 16396,sackOK,timestamp 166610063 166610063,nop,wscale 2>14:26:17.213887 IP 172.25.40.208.49040 > 172.25.40.208.9999: . ack 1 win 8192 <nop,nop,timestamp 166610063 166610063>
step2: send(client)
14:26:59.682802 IP 172.25.40.208.49040 > 172.25.40.208.9999: P 1:10(9) ack 1 win 8192 <nop,nop,timestamp 166620679 166610063>14:26:59.682867 IP 172.25.40.208.9999 > 172.25.40.208.49040: . ack 10 win 8192 <nop,nop,timestamp 166620679 166620679>
step3: close(server)
14:28:16.448889 IP 172.25.40.208.9999 > 172.25.40.208.49040: F 1:1(0) ack 44 win 8192 <nop,nop,timestamp 166639869 166628957>14:28:16.449045 IP 172.25.40.208.49040 > 172.25.40.208.9999: . ack 2 win 8192 <nop,nop,timestamp 166639870 166639869>
- netstat
client: CLOSE_WAIT
server: FIN_WAIT2
step4: send(client)
14:45:24.783124 IP 172.25.40.208.37241 > 172.25.40.208.9999: P 8:13(5) ack 2 win 8192 <nop,nop,timestamp 166896937 166892750>14:45:24.783142 IP 172.25.40.208.9999 > 172.25.40.208.37241: R 3992527880:3992527880(0) win 0
此时客户端依然可以发送数据(这里发送了 5 个字节),服务端已经关闭连接,所以内核回包为 “RESET”.
正常的连接断开
显然,上面的连接断开是非正常的连接断开,下面是正常的连接断开。
client close, server read 0 and close
16:11:48.289783 IP 172.25.40.208.35642 > 172.25.40.208.9999: F 5:5(0) ack 1 win 8192 <nop,nop,timestamp 168192733 168190498>16:11:48.289870 IP 172.25.40.208.9999 > 172.25.40.208.35642: F 1:1(0) ack 6 win 8192 <nop,nop,timestamp 168192733 168192733>16:11:48.289879 IP 172.25.40.208.35642 > 172.25.40.208.9999: . ack 2 win 8192 <nop,nop,timestamp 168192733 168192733>
内核将连接断开的第 2 和 3 个包合并为一个包了。
client close, server read 0, sleep, then close
16:38:28.395910 IP 172.25.40.208.35219 > 172.25.40.208.9999: F 5:5(0) ack 1 win 8192 <nop,nop,timestamp 168592734 168591624>16:38:28.433255 IP 172.25.40.208.9999 > 172.25.40.208.35219: . ack 6 win 8192 <nop,nop,timestamp 168592744 168592734>16:38:29.397193 IP 172.25.40.208.9999 > 172.25.40.208.35219: F 1:1(0) ack 6 win 8192 <nop,nop,timestamp 168592985 168592734>16:38:29.397215 IP 172.25.40.208.35219 > 172.25.40.208.9999: . ack 2 win 8192 <nop,nop,timestamp 168592985 168592985>
发现客户端关闭连接后,sleep 一下再 close 则第 2 和 3 个包不会合并。
0 0
- tcpdump 分析 TCP 通信过程
- Tcpdump分析TCP协议三次握手过程
- tcpdump抓包分析TCP三次握手过程
- tcpdump抓包分析TCP三次握手过程
- tcpdump抓包分析TCP三次握手过程
- tcpdump抓包分析TCP三次握手过程
- tcpdump抓包分析TCP三次握手过程
- tcpdump抓包分析TCP三次握手过程
- tcpdump分析tcp三次握手
- TCP连接的建立以及利用tcpdump分析连接建立的过程
- Linux网络编程之tcpdump抓包分析TCP三次握手过程
- Linux网络编程之tcpdump抓包分析TCP三次握手过程
- Linux网络编程之tcpdump抓包分析TCP三次握手过程
- Linux网络编程之tcpdump抓包分析TCP三次握手过程
- 使用tcpdump观察DNS通信过程
- TCP通信过程
- TCP通信过程小结
- TCP通信过程(一)
- d3kit_timeline
- [Debian]Install VMware Workstation 12
- Spring:can't find referenced pointcut错误解决
- 页面跳转
- 装饰者模式
- tcpdump 分析 TCP 通信过程
- mybatis学习笔记
- HttpURLConnection(1):网络编程的最佳实践
- Easyui datebox单击文本框显示日期选择 eayui版本1.4.3
- leetcode_355 Design Twitter
- web前端开发必看的14本书!
- 的顶顶顶顶顶
- 文件阅读(1)
- ionic-myAppDemo项目分析