• tcpdump抓包以及port查看的一些操作


    1.tcpdump。

          nginx开启后会占用80端口,此时运行命令:tcpdump tcp port 80 

             结果例如以下:

    [syswj@host ~]$ sudo tcpdump tcp port 80
    [sudo] password for syswj: 
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on Auto_eth0, link-type EN10MB (Ethernet), capture size 65535 bytes


      採用tcpdump抓到大包会显示到屏幕上:

    1.在windows上通过telnet     ip    port号  来连接linux上80port执行的nginxserver

          

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on Auto_eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    14:14:23.406697 IP 192.168.137.1.7352 > 192.168.137.128.http: Flags [S], seq 322176964, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    14:14:23.406740 IP 192.168.137.128.http > 192.168.137.1.7352: Flags [S.], seq 300095102, ack 322176965, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
    14:14:23.406992 IP 192.168.137.1.7352 > 192.168.137.128.http: Flags [.], ack 1, win 256, length 0

    这就是tcp的3次握手经过

    2.退出windows上的telnet后:

    14:16:37.910069 IP 192.168.137.1.7360 > 192.168.137.128.http: Flags [F.], seq 1, ack 1, win 256, length 0
    14:16:37.910194 IP 192.168.137.128.http > 192.168.137.1.7360: Flags [F.], seq 1, ack 2, win 229, length 0
    14:16:37.910854 IP 192.168.137.1.7360 > 192.168.137.128.http: Flags [.], ack 2, win 256, length 0

    client跟server发送一个FIN结束报文,server收到后。


    3.在网页上(windows)进入http:192.168.137.128

      进入的时候:

    [sudo] password for syswj: 
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on Auto_eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    14:23:09.504575 IP 192.168.137.1.rtps-dd-mt > 192.168.137.128.http: Flags [S], seq 4063271087, win 65535, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    14:23:09.504610 IP 192.168.137.128.http > 192.168.137.1.rtps-dd-mt: Flags [S.], seq 1526809447, ack 4063271088, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
    14:23:09.504867 IP 192.168.137.1.rtps-dd-mt > 192.168.137.128.http: Flags [.], ack 1, win 1024, length 0

      也是和上面一样的3次握手

     关闭页面,等待一段时间后:

    14:24:09.565990 IP 192.168.137.128.http > 192.168.137.1.rtps-dd-mt: Flags [F.], seq 1, ack 1, win 229, length 0
    14:24:09.566290 IP 192.168.137.1.rtps-dd-mt > 192.168.137.128.http: Flags [.], ack 2, win 1024, length 0

     再等待一段时间后: 

    14:25:32.242143 IP 192.168.137.1.rtps-dd-mt > 192.168.137.128.http: Flags [F.], seq 1, ack 2, win 1024, length 0
    14:25:32.242248 IP 192.168.137.128.http > 192.168.137.1.rtps-dd-mt: Flags [R], seq 1526809449, win 0, length 0

    --由于超时的原因server已经关闭了这个连接,此时client再向server发送信息,server根本不识别这个client,所以返回一个RST报文


    关于port的一些命令:

    lsof  -i  :port号    ----查看port进程信息

    关闭某个port的进程:

      先用lsof -i:port号 查出这个port的进程,找出pid,然后kill -9 pid。关闭进程

      或者 直接: fuser -k 80/tcp     

    查看port进程:

      netstat -anp | grep 80



     

       



     

             


    
  • 相关阅读:
    什么是数据产品经理?需要什么能力?有哪些相关书籍可以读?
    Elasticsearch 文章合集
    大数据面试汇总
    产品经理要掌握的数据知识:数据的基本概念、术语、指标,基本技术和分析方法
    产品经理面试6个层面:做狐狸or刺猬?
    HDFS文章合集
    AppleApp(1):TextMate苹果中媲美Notepad++的文本编辑器
    Flex同Java通信BlazeDS入门图文详解(上)
    flex&java通信错误之一:Server.resource.unavailable
    cellForRowAtIndexPath不被执行的原因
  • 原文地址:https://www.cnblogs.com/zfyouxi/p/5303516.html
Copyright © 2020-2023  润新知