美文网首页
tcpdump抓包

tcpdump抓包

作者: Magic11 | 来源:发表于2019-04-30 11:20 被阅读0次

一、三次握手和四次挥手
1、进入root模式 root@ubuntu:~# tcpdump -i any tcp -n
2、运行 /home/liuhaobo/work/demo_socket 目录下的client端和server端
1)运行server

haobo@ubuntu:~/work/demo_socket$ ./server
======waiting for client's request======
======begin to accept======
======after accept, begin to recv fd = 4======
recv msg from client: 123456789

2)运行client

liuhaobo@ubuntu:~/work/demo_socket$ ./client 127.0.0.1
begin to connect 
send msg to server: 
123456789
send msg to server: 
^C
liuhaobo@ubuntu:~/work/demo_socket$
root@ubuntu:~# tcpdump -i any tcp -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
//三次握手
19:52:19.299016 IP 127.0.0.1.49114 > 127.0.0.1.6666: Flags [S], seq 1482734049, win 43690, options [mss 65495,sackOK,TS val 1086375 ecr 0,nop,wscale 7], length 0
19:52:19.299026 IP 127.0.0.1.6666 > 127.0.0.1.49114: Flags [S.], seq 4183285287, ack 1482734050, win 43690, options [mss 65495,sackOK,TS val 1086375 ecr 1086375,nop,wscale 7], length 0
19:52:19.299047 IP 127.0.0.1.49114 > 127.0.0.1.6666: Flags [.], ack 1, win 342, options [nop,nop,TS val 1086375 ecr 1086375], length 0
//发送数据
19:52:42.730515 IP 127.0.0.1.49114 > 127.0.0.1.6666: Flags [P.], seq 1:9, ack 1, win 342, options [nop,nop,TS val 1092233 ecr 1086375], length 8
19:52:42.730577 IP 127.0.0.1.6666 > 127.0.0.1.49114: Flags [.], ack 9, win 342, options [nop,nop,TS val 1092233 ecr 1092233], length 0
//四次挥手
19:52:42.730593 IP 127.0.0.1.6666 > 127.0.0.1.49114: Flags [F.], seq 1, ack 9, win 342, options [nop,nop,TS val 1092233 ecr 1092233], length 0
19:52:42.732611 IP 127.0.0.1.49114 > 127.0.0.1.6666: Flags [.], ack 2, win 342, options [nop,nop,TS val 1092234 ecr 1092233], length 0
19:52:47.818590 IP 127.0.0.1.49114 > 127.0.0.1.6666: Flags [F.], seq 9, ack 2, win 342, options [nop,nop,TS val 1093505 ecr 1092233], length 0
19:52:47.818600 IP 127.0.0.1.6666 > 127.0.0.1.49114: Flags [.], ack 10, win 342, options [nop,nop,TS val 1093505 ecr 1093505], length 0

https://blog.csdn.net/xnlay/article/details/79048508
https://blog.csdn.net/nanyun2010/article/details/23445223
http://blog.jobbole.com/91631/

tcpdump使用时tcp三次握手抓包,ack置1的一些说明
https://blog.csdn.net/qq_32503701/article/details/53559759

序号不使用相对值:

root@ubuntu:~# tcpdump -i any tcp -n -S
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
//三次握手
20:24:42.066323 IP 127.0.0.1.49266 > 127.0.0.1.6666: Flags [S], seq 3681515304, win 43690, options [mss 65495,sackOK,TS val 1572067 ecr 0,nop,wscale 7], length 0
20:24:42.066330 IP 127.0.0.1.6666 > 127.0.0.1.49266: Flags [S.], seq 398913298, ack 3681515305, win 43690, options [mss 65495,sackOK,TS val 1572067 ecr 1572067,nop,wscale 7], length 0
20:24:42.066336 IP 127.0.0.1.49266 > 127.0.0.1.6666: Flags [.], ack 398913299, win 342, options [nop,nop,TS val 1572067 ecr 1572067], length 0
//发送数据
20:25:09.537544 IP 127.0.0.1.49266 > 127.0.0.1.6666: Flags [P.], seq 3681515305:3681515315, ack 398913299, win 342, options [nop,nop,TS val 1578935 ecr 1572067], length 10
20:25:09.537564 IP 127.0.0.1.6666 > 127.0.0.1.49266: Flags [.], ack 3681515315, win 342, options [nop,nop,TS val 1578935 ecr 1578935], length 0
//四次挥手
20:25:09.537579 IP 127.0.0.1.6666 > 127.0.0.1.49266: Flags [F.], seq 398913299, ack 3681515315, win 342, options [nop,nop,TS val 1578935 ecr 1578935], length 0
20:25:09.540481 IP 127.0.0.1.49266 > 127.0.0.1.6666: Flags [.], ack 398913300, win 342, options [nop,nop,TS val 1578936 ecr 1578935], length 0
20:25:16.600947 IP 127.0.0.1.49266 > 127.0.0.1.6666: Flags [F.], seq 3681515315, ack 398913300, win 342, options [nop,nop,TS val 1580700 ecr 1578935], length 0
20:25:16.600957 IP 127.0.0.1.6666 > 127.0.0.1.49266: Flags [.], ack 3681515316, win 342, options [nop,nop,TS val 1580700 ecr 1580700], length 0

3、server代码:

//服务器端

#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<errno.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<unistd.h>

#define MAXLINE 4096

int main(int argc, char** argv)
{
    int    listenfd, connfd;
    struct sockaddr_in     servaddr;
    char    buff[4096];
    int     n;

    if( (listenfd = socket(AF_INET, SOCK_STREAM, 0)) == -1 ){
    printf("create socket error: %s(errno: %d)\n",strerror(errno),errno);
    exit(0);
    }

    memset(&servaddr, 0, sizeof(servaddr));
    servaddr.sin_family = AF_INET;
    servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
    servaddr.sin_port = htons(6666);

    if( bind(listenfd, (struct sockaddr*)&servaddr, sizeof(servaddr)) == -1){
    printf("bind socket error: %s(errno: %d)\n",strerror(errno),errno);
    exit(0);
    }

    if( listen(listenfd, 10) == -1){
    printf("listen socket error: %s(errno: %d)\n",strerror(errno),errno);
    exit(0);
    }

    printf("======waiting for client's request======\n");
    while(1){
    printf("======begin to accept======\n");
    if( (connfd = accept(listenfd, (struct sockaddr*)NULL, NULL)) == -1){
        printf("accept socket error: %s(errno: %d)",strerror(errno),errno);
        continue;
    }
    printf("======after accept, begin to recv fd = %d======\n", connfd);
    n = recv(connfd, buff, MAXLINE, 0);
    buff[n] = '\0';
    printf("recv msg from client: %s\n", buff);
    close(connfd);
    printf("======close======fd = %d\n", connfd);
    }

    close(listenfd);
}

4、client代码:

//客户端

#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<errno.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<unistd.h>
#include <arpa/inet.h>

#define MAXLINE 4096

int main(int argc, char** argv)
{
    int    sockfd, n;
    char    recvline[4096], sendline[4096];
    struct sockaddr_in    servaddr;

    if( argc != 2){
    printf("usage: ./client <ipaddress>\n");
    exit(0);
    }

    if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0){
    printf("create socket error: %s(errno: %d)\n", strerror(errno),errno);
    exit(0);
    }

    memset(&servaddr, 0, sizeof(servaddr));
    servaddr.sin_family = AF_INET;
    servaddr.sin_port = htons(6666);
    if( inet_pton(AF_INET, argv[1], &servaddr.sin_addr) <= 0){
    printf("inet_pton error for %s\n",argv[1]);
    exit(0);
    }
    printf("begin to connect \n");
    if( connect(sockfd, (struct sockaddr*)&servaddr, sizeof(servaddr)) < 0){
    printf("connect error: %s(errno: %d)\n",strerror(errno),errno);
    exit(0);
    }
    int i = 0;
    while(i < 10) {
    printf("send msg to server: \n");
        fgets(sendline, 4096, stdin);
        if( send(sockfd, sendline, strlen(sendline), 0) < 0)
        {
            printf("send msg error: %s(errno: %d)\n", strerror(errno), errno);
            exit(0);
         }
    }

   

    close(sockfd);
    exit(0);
}

相关文章

  • 应用抓包之Fiddler抓包

    抓包前准备 tcpdump抓包:应用抓包之tcpdump命令抓包 原料 1.抓包工具Fiddler(Windows...

  • tcpdump命令

    1. tcpdump用途 抓包 2. tcpdump用法 tcpdump [option] expression...

  • tcpdump

    tcpdump 是后台开发抓包必备命名 格式: tcpdump 选项 表达式 tcpdump[ -AbdDefh...

  • 抓包工具tcpdump ngrep

    tcpdump -lnA dst port 11700 -c 10 http抓包 tcpdump -lnX ds...

  • tcpdump抓包

    #which tcpdump看有没有这个工具! tcpdump -i igb1 host 192.168.1.31...

  • tcpdump抓包

    tcpdump linux unix下的抓包工具。 默认只抓68个字节 tcpdump -i eth0 -s 0 ...

  • TCPDUMP 抓包

    tcpdump - dump traffic on a network command options -D ...

  • tcpdump 抓包

    linux 抓包方法 安装net-tools 这步很关键,如果不安装的话无法使用 ifconfig 命令查看网卡 ...

  • tcpdump抓包

    一、三次握手和四次挥手1、进入root模式 root@ubuntu:~# tcpdump -i any tcp...

  • tcpdump抓包

    tcpdump顾名思义,是linux/unix上的tcp抓包工具。 确定网卡 电脑可能有多个网卡,所以首先确定要抓...

网友评论

      本文标题:tcpdump抓包

      本文链接:https://www.haomeiwen.com/subject/qgymnqtx.html