18.6.3 FIN_WAIT_2 状态
在FIN_WAIT_2 状态我们已经发出了FIN,并且另一端也对它进行确认。除非我们在实行半关闭,
否则将等待另一端的应用层意识到它已收到一个文件结束符说明
这意味着我们这端可能永远保持这个状态,另一端也将处于CLOSE_WAIT状态,
并一直保持这个状态直到应用层决定进行关闭
tcpdump -i eth1 '((tcp) and ((tcp port 9090) and ( host 192.168.137.2)))'
监视指定主机的数据包,例如所有进入或离开node1的数据包
tcpdump -i ens33 host node1
#协议为tcp,目标端口或源端口为80
tcpdump -nni ens33 -w packets.pcap 'tcp port 80'
Last login: Wed Feb 19 12:52:23 2020 from 192.168.137.1
node2:/root# tcpdump -i eth1 '((tcp) and ((tcp port 9090) and ( host 192.168.137.2)))'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
14:19:59.208717 IP node2.46779 > node1.websm: Flags [S], seq 882198537, win 14600, options [mss 1460,sackOK,TS val 108351644 ecr 0,nop,wscale 7], length 0
14:19:59.209050 IP node1.websm > node2.46779: Flags [S.], seq 3646064921, ack 882198538, win 14480, options [mss 1460,sackOK,TS val 4257384 ecr 108351644,nop,wscale 6], length 0
14:19:59.209202 IP node2.46779 > node1.websm: Flags [.], ack 1, win 115, options [nop,nop,TS val 108351646 ecr 4257384], length 0
14:19
:59.209300 IP node2.46779 > node1.websm: Flags [F.], seq 1, ack 1, win 115, options [nop,nop,TS val 108351646 ecr 4257384], length 0
14:19:59.209482 IP node1.websm > node2.46779: Flags [.], ack 2, win 227, options [nop,nop,TS val 4257384 ecr 108351646], length 0
Wed Feb 19 14:20:15 CST 2020
tcp 0 0 192.168.137.3:46779 192.168.137.2:9090 FIN_WAIT2
Wed Feb 19 14:20:15 CST 2020
node1:/root/test#netstat -na | grep 9090
tcp 0 0 0.0.0.0:9090 0.0.0.0:* LISTEN
tcp 1 0 192.168.137.2:9090 192.168.137.3:46779 CLOSE_WAIT
tcp 1 0 192.168.137.2:9090 192.168.137.2:49785 CLOSE_WAIT
node1:/root/test#