Linux network packet capture

Packet capture analysis is usually required when debugging network programs in Linux. Tcpdump in Linux is good. By default, Ubuntu has been installed. The following is a practical example. for example, I have a C ++ program listening to the local port 8889, and another newlisp program communicating with it through TCP. First, you can check... Linux network packet capture debugging network programs, usually requires packet capture analysis. Tcpdump in Linux is good. By default, Ubuntu has been installed. The following is a practical example. for example, I have a C ++ program listening to the local port 8889, and another newlisp program communicating with it through TCP. First, check several network interfaces. [Plain] root @ dean-GA-MA790XT-UD4P :~ # Tcpdump-D 1. eth0 2.any (Pseudo-device that captures on all interfaces) 3.lo is run on the local machine and uses the lo interface. Therefore,-I 3 is used for subsequent parameters. -I 3 indicates monitoring the network interface lo. Start tcpdump [plain] tcpdump-I 3 tcp port 8889-v-XX to display network packet data in hexadecimal and ASCII text. [Plain] 21:19:40. 151304 IP (tos 0x0, ttl 64, id 37956, offset 0, flags [DF], proto TCP (6), length 56) localhost.8889> localhost.55131: flags [P.], cksum 0xfe2c (incorrect-> 0x8dc0), seq 41: 45, ack 117, win 342, options [nop, nop, TS val 728981 ecr 723761], length 4 0x0000: 0000 0000 0000 0000 0000 0000 0800 .............. e. 0x0010: 0038 9444 4000 4006 a879 7f00 0001 7f00. 8. D @. @.. y ...... 0x00 20: 0001 22b9 d75b 5a53 9f4c d8c4 bded 8018 .. ".. [ZS. L ...... 0x0030: 0156 fe2c 0000 0101 080a 000b 1f95 000b. V .,............ 0x0040: 0b31 0100 3355 first shows the time, and then you can see the data transmission direction, from the C ++-> newlisp program. We can also see that the number of bytes transmitted at the application layer is 4. at last we can see that 0100 3355 is the four bytes that are sent out. Many other bytes must be the data required by the TCP protocol.