[Debugging Tool] tcpdump

Original address: tcpdump grab package tool use
tcpdump is a necessary tool for debugging network communication programs.tcpdump is powerful and you can see every detail of the network communication.For example, TCP, you can see three handshakes, PUSH/ACK data push, close four waves, all details.Include bytes per network packet, time, etc.

The simplest example of use:
sudo tcpdump -i any tcp port 11211

  • The -i parameter establishes the network card, any means all network cards

  • TCP specifies that only TCP protocol is listened on

  • Port sets the port to listen on

tcpdump requires root privileges. You need to see the data content of the communication by adding the -Xnlps0 parameter. For more parameters, see the article on the Web

Demonstrates a memcache connection, assigns values, takes values, and closes the connection process

Execute command:

telnet 10.8.34.27 11211

Run result:

15:14:34.336031 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [S], seq 3049437196, win 14480, options [mss 1460,sackOK,TS val 910488745 ecr 4129152319,nop,wscale 7], length 0
15:14:34.336057 IP 10.8.34.27.memcache > 10.8.34.13.46103: Flags [S.], seq 3663074357, ack 3049437197, win 14480, options [mss 1460,sackOK,TS val 4129152433 ecr 910488745,nop,wscale 7], length 0
15:14:34.336159 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [.], ack 1, win 114, options [nop,nop,TS val 910488745 ecr 4129152433], length 0

Execute command:

get userId

Run result:

15:23:40.025373 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [P.], seq 15:27, ack 6, win 114, options [nop,nop,TS val 911034453 ecr 4129686634], length 12
15:23:40.025571 IP 10.8.34.27.memcache > 10.8.34.13.46103: Flags [P.], seq 6:35, ack 27, win 114, options [nop,nop,TS val 4129698122 ecr 911034453], length 29
15:23:40.025768 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [.], ack 35, win 114, options [nop,nop,TS val 911034453 ecr 4129698122], length 0

Execute command:

set username 0 0 4

Run result:

15:27:45.985897 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [P.], seq 153:173, ack 160, win 114, options [nop,nop,TS val 911280417 ecr 4129926755], length 20
15:27:46.025059 IP 10.8.34.27.memcache > 10.8.34.13.46103: Flags [.], ack 173, win 114, options [nop,nop,TS val 4129944122 ecr 911280417], length 0

Run the command:

nick

Run result:

15:28:47.625886 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [P.], seq 173:179, ack 160, win 114, options [nop,nop,TS val 911342058 ecr 4129944122], length 6
15:28:47.625910 IP 10.8.34.27.memcache > 10.8.34.13.46103: Flags [.], ack 179, win 114, options [nop,nop,TS val 4130005722 ecr 911342058], length 0
15:28:47.626046 IP 10.8.34.27.memcache > 10.8.34.13.46103: Flags [P.], seq 160:168, ack 179, win 114, options [nop,nop,TS val 4130005723 ecr 911342058], length 8
15:28:47.626204 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [.], ack 168, win 114, options [nop,nop,TS val 911342058 ecr 4130005723], length 0

Execute command:

get username

Run result:

15:29:59.978653 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [P.], seq 179:193, ack 168, win 114, options [nop,nop,TS val 911414421 ecr 4130005723], length 14
15:29:59.978743 IP 10.8.34.27.memcache > 10.8.34.13.46103: Flags [P.], seq 168:199, ack 193, win 114, options [nop,nop,TS val 4130078075 ecr 911414421], length 31
15:29:59.978867 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [.], ack 199, win 114, options [nop,nop,TS val 911414421 ecr 4130078075], length 0

Execute command:

quit

Run result:

15:30:52.755257 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [P.], seq 193:199, ack 199, win 114, options [nop,nop,TS val 911467215 ecr 4130078075], length 6
15:30:52.755534 IP 10.8.34.27.memcache > 10.8.34.13.46103: Flags [F.], seq 199, ack 199, win 114, options [nop,nop,TS val 4130130852 ecr 911467215], length 0
15:30:52.755843 IP 10.8.34.13.46103 > 10.8.34.27.memcache: Flags [F.], seq 199, ack 200, win 114, options [nop,nop,TS val 911467215 ecr 4130130852], length 0
15:30:52.755865 IP 10.8.34.27.memcache > 10.8.34.13.46103: Flags [.], ack 200, win 114, options [nop,nop,TS val 4130130852 ecr 911467215], length 0

  • 15:30:52.755865 time with precision to subtlety

  • 10.8.34.13.36686 > 10.8.34.27.memcache indicates the direction of communication, 36686 is the client, and Memcache is the server

  • [S] means this is a SYN request

  • [.] means this is an ACK confirmation package, (client) SYN-> (server) SYN-> (client) ACK is a three-time handshake process

  • [P] means this is a data push, either from the server to the client or from the client to the server

  • [F] indicates that this is a FIN package and that the connection is closed and that both client/server may initiate

  • [R] indicates that this is an RST package and works the same as an F package, but RST indicates that there is still data unprocessed when the connection is closed.Can be understood as forcing disconnection

  • win 342 is the size of the sliding window

  • length 12 is the size of the packet

Keywords: Linux network sudo

Added by trilbyfish on Mon, 24 Jun 2019 19:02:10 +0300

Popular Keywords

©2024 Programming VIP