Previously in TCP Volume One, saw the use of tcpdump. At that time, not too much attention, especially its output format, because unfamiliar, more reluctant to use it. The development of this period of time, with more sockets. When encountering a problem, only from the return value of the socket API function, often see the essence of the problems.
Later, the laser to remind, just know tcpdump strong. I don't want to introduce the tcpdump option here, I just want to cite some examples to give myself a note.
Use the following command to listen for TCP connections on port 15001, X for 16, and S 0 to display the contents of the entire IP datagram (default 68bytes), but if too long, the tcpdump buffer may not be enough to cause lost packets:
$ Tcpdump ' Port 15001 and TCP '-x-s 0
For example, use Telnet to initiate a connection:
Yunkai@lsyp1002:~/tmp $ telnet 10.111.112.7 15001
Trying 10.111.112.7 ...
Connected to 10.111.112.7 (10.111.112.7).
Escape character is ' ^] '.
$W 2,53,100,200,057181932602,13656645563,85022088,#
$X 2,14,100,1,#^]
Telnet> quit
Connection closed.
The output of the tcpdump is as follows:
Root@lsyp1002:~ #/usr/sbin/tcpdump ' Port 15001 and TCP '-x-s 0
tcpdump:verbose output suppressed, use-v or-vv F or full protocol decode
listening on eth0, Link-type EN10MB (Ethernet), capture size 65535 bytes
13:37:07.448992 IP lsyp1002.xxx.xxxx.com.58939 > 10.111.112.7.15001:s 3188757698:3188757698 (0) win 5840 <mss 1460,sackOK,timestamp 870140741 0,nop,wscale 7>
0x0000: 4510 003c df87 4000 4006 e10b cbd1 E.. . @.@.......
0x0010: 3cbf 7307 e63b 3a99 be10 94c2 0000 0000 <.s .....
0x0020: a002 16d0 c44c 0000 0204 05b4 0402 080a ..... L .....
0x0030: 33dd 4b45 0000 0000 0103 0307 3.KE ..... Client (lsyp1002.xxx.xxxx.com.58939) sends a SYN to server (10.111.112.7.15001)
13:37:07.486678 IP 10.111.112.7.15001 > Lsyp1002.xxx.xxxx.com.58939:s 1646598539:1646598539 (0) Ack 3188757699 win 5792 <mss 1460,sackok,timestamp 3676470709 870140741,nop,wscale 7>
0x0000:& nbsp 4500 003c 0000 4000 3506 CBA3 3cbf 7307 E. . @.5...<.s.
0x0010: cbd1 fe80 3a99 e63b 6225 198b be10 94c3 ...; b% ...
0x0020: a012 16a0 efe2 0000 0204 05b4 0402 080a ........
0x0030: db22 7db5 33dd 4b45 0103 0307 . "}. 3.KE ..... server responds to client with one (Syn,ack)
13:37:07.486692 IP lsyp1002.xxx.xxxx.com.58939 > 10.111.112.7.15001:. Ack 1 win <nop,nop,timestamp 870140779 3676470709>
0x0000:4510 0034 df88 4000 4006 e112 cbd1 E.. 4..@.@ .....
0X0010:3CBF 7307 e63b 3a99 be10 94c3 6225 198c <.s..;:.....b%.
0x0020:8010 002e 34fb 0000 0101 080a 33DD 4b6b .... 4.......3.Kk
0x0030:db22 7db5. "}. The client responds to the server with an ACK, and thus the classic TCP three handshake is complete.
13:37:15.996335 IP lsyp1002.xxx.xxxx.com.58939 > 10.111.112.7.15001:p 1:53 (+) Ack 1 win <nop,nop,timestamp 8701 49289 3676470709>
0x0000:4510 0068 df89 4000 4006 e0dd cbd1 E.. H.. @.@.......
0X0010:3CBF 7307 e63b 3a99 be10 94c3 6225 198c <.s..;:.....b%.
0x0020:8018 002e 296c 0000 0101 080a 33DD 6ca9 ...) L ... 3.l.
0x0030:db22 7db5 2457 322c 3533 2c31 3030. "}. $W 2,53,100,2
0x0040:3030 2c30 3537 3138 3139 3332 3630 322c 00,057181932602,
0x0050:3133 3635 3636 3435 3536 332c 3835 3032 13656645563,8502
0x0060:3230 3838 2c23 0d0a 2088,#.client sends (PSH) data to server: $W 2,53,100,200,057181932602,13656645563,85022088,#
13:37:16.034003 IP 10.111.112.7.15001 > lsyp1002.xxx.xxxx.com.58939:. ACK-Win-<nop,nop,timestamp 3676479257 870149289>
0x0000:4500 0034 6457 4000 3506 6754 3CBF 7307 E. 4dw@.5.gt<.s.
0X0010:CBD1 fe80 3a99 e63b 6225 198c be10 ...:..; b% ...
0x0020:8010 002e f224 0000 0101 080a db22 9f19 ........
0X0030:33DD 6ca9 3.l. server responds with an ACK that indicates that the data was received and expects the data after the 53 serial number
13:37:16.186581 IP 10.111.112.7.15001 > Lsyp1002.xxx.xxxx.com.58939:p 1:15 () Ack-win-<nop,nop,tim Estamp 3676479410 870149289>
0x0000: 4500 0042 6458 4000 3506 6745 3CBF 7307 E. Bdx@.5.ge<.s.
0x0010: cbd1 fe80 3a99 e63b 6225 198c be10 94f7 ...; b% ...
0x0020: 8018 002e b507 0000 0101 080a db22 9fb2 ........
0x0030: 33dd 6ca9 2458 322c 3134 2c31 3030 2c31 3.l. $X 2,14,100,1
0x0040: 2c23 , # server responds to client, PSH data to client: $X 2,14,100,1,#
13:37:16.186591 IP lsyp1002.xxx.xxxx.com.58939 > 10.111.112.7.15001:. ACK win <nop,nop,timestamp 87 0149479 3676479410>
0x0000: 4510 0034 df8a 4000 4006 e110 cbd1 E.. 4..@.@ .....
0x0010: 3cbf 7307 e63b 3a99 be10 94f7 6225 199a <.s..;:.....b% ...
0x0020: 8010 002e f0bf 0000 0101 080a 33dd 6d67 ..... 3.MG
0x0030: db22 9fb2 . ". client receives server data, ACK acknowledgement
13:37:38.620338 IP lsyp1002.xxx.xxxx.com.58939 > 10.101.10.7.15001:f 53:53 (0) Ack-win-<nop,nop,timestamp 8 70171913 3676479410>
0x0000: 4510 0034 df8b 4000 4006 e10f cbd1 E.. 4..@.@ .....
0x0010: 3cbf 7307 e63b 3a99 be10 94f7 6225 199a <.s..;:.....b% ...
0x0020: 8011 002e 991c 0000 0101 080a 33dd c509 ..... 3.
0x0030: db22 9fb2 . ". when you send the Quit command to Telnet, Telnet actively shuts down and sends the fin end signal to the server
13:37:38.658459 IP 10.101.10.7.15001 > Lsyp1002.xxx.xxxx.com.58939:f 15:15 (0) Ack-win-<nop,nop,time Stamp 3676501883 870171913>
0x0000: 4500 0034 6459 4000 3506 6752 3CBF 7307 E. 4dy@.5.gr<.s.
0x0010: cbd1 fe80 3a99 e63b 6225 199a be10 94f8 ...; b% ...
0x0020: 8011 002e 4152 0000 0101 080a db22 f77b .... AR ... ". {
0x0030: 33dd c509 3 ... Server-side response (Fin,ack) information that indicates that a client's end signal has been received and that it will also close the server-side connection
13:37:38.658474 IP lsyp1002.xxx.xxxx.com.58939 > 10.101.10.7.15001:. ACK win <nop,nop,timestamp 870171951 3676501883>
0x0000:4510 0034 df8c 4000 4006 e10e cbd1 E.. 4..@.@ .....
0X0010:3CBF 7307 e63b 3a99 be10 94f8 6225 199b <.s..;:.....b%.
0x0020:8010 002e 412c 0000 0101 080a 33DD c52f .... A...... 3../
0x0030:db22 f77b. ". {The client confirms the fin signal for the server.}
This is the entire process from initiating a connection-> transferring data-> closing a connection.
The following analysis Tcpdume output data, take the following output as a sample:
13:37:15.996335 IP lsyp1002.xxx.xxxx.com.58939 > 10.101.10.7.15001:p 1:53 (i) ACK 1 win <nop,nop,timestamp 87 0149289 3676470709>
0x0000: 4510 0068 df89 4000 4006 e0dd cbd1 fe80 E.. H.. @.@.......
0x0010: 3cbf 7307 e63b 3a99 be10 94c3 6225 198c <.s..;:.....b%.
0x0020: 8018 002e 296c 0000 0101 080a 33DD 6ca9 ...) L ... 3.l.
0x0030: db22 7db5 2457 322c 3533 2c31 3030 2c32 . "}. $W 2,53,100,2
0x0040: 3030 2c30 3537 3138 3139 3332 3630 322c 00,057181932602,
; 0x0050: 3133 3635 3636 3435 3536 332c 3835 3032 13656645563,8502
0x0060:& nbsp 3230 3838 2c23 0d0a 2088,# ...
The red section is the header of the IP datagram, a total of 20 bytes.
The blue section, which is the header of the TCP datagram, 8*32bit=32 a total of bytes.
The gray section, which is the data portion of TCP.
TCP's header, no data length information, because the IP header already contains the total length of the entire IP packet, can be subtracted from the following to find the length of the data:
Length (TCP. DATA) = total length of IP packets-IP header Length-TCP First Minister degree