本文主要是介绍tcpdump抓取tcp的三次握手,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
tcpdump抓取tcp的三次握手
先要打开两个终端,打开root权限
输入 telnet www.baidu.com 80 查询一下IP号,然后输入ctrl+] 以及quit退出
administrator@ubuntu:~$ sudo su
[sudo] password for administrator:
root@ubuntu:/home/administrator# telnet www.baidu.com 80
Trying 119.75.218.77...
Connected to www.a.shifen.com.
Escape character is '^]'.
^]quittelnet> quit
Connection closed.
root@ubuntu:/home/administrator#
在另外一个端口监听这个IP号,并用tcpdump抓包
administrator@ubuntu:~$ sudo su
[sudo] password for administrator:
root@ubuntu:/home/administrator# tcpdump -i eth0 -S host 119.75.217.56
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
回来第一个终端再次链接
administrator@ubuntu:~$ sudo su
[sudo] password for administrator:
root@ubuntu:/home/administrator# telnet www.baidu.com 80
Trying 119.75.218.77...
Connected to www.a.shifen.com.
Escape character is '^]'.
^]quittelnet> quit
Connection closed.
root@ubuntu:/home/administrator# telnet www.baidu.com 80
Trying 119.75.218.77...
Connected to www.a.shifen.com.
Escape character is '^]'.
^]telnet> quit
Connection closed.
root@ubuntu:/home/administrator#
然后就看到了传说中的三次握手
13:25:12.233208 IP ubuntu.local.35149 > 119.75.218.77.www: Flags [S], seq 232095876, win 5840, options [mss 1460,sackOK,TS val 822811 ecr 0,nop,wscale 6], length 013:25:12.269141 IP 119.75.218.77.www > ubuntu.local.35149: Flags [S.], seq 1463900438, ack 232095877, win 5840, options [mss 1440,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 7], length 013:25:12.269172 IP ubuntu.local.35149 > 119.75.218.77.www: Flags [.], ack 1463900439, win 92, length 0
第一条的S表示发送建立链接,并给出一个序号seq=232095876,
服务器收到,发出S.表示确认链接,给出序号seq=1463900438,以及确认号ack=232095877=seq+1=232095876+1.
客户端再发送一个确认号ack=1463900439=seq+1=1463900438+1表示完成建立.
这篇关于tcpdump抓取tcp的三次握手的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
