用tcpdump 分析如何建立与关闭tcp连接

最新推荐文章于 2024-06-10 12:04:41 发布

weixin_34416649

最新推荐文章于 2024-06-10 12:04:41 发布

阅读量222

点赞数

文章标签：网络 epoll

according to preview article 【并发服务器系列】3 epoll模型

I use tcpdump to analyze how tcp build up a connection, send a message ,and close the connection. (code are available in the preview article.)

client(172.18.70.159) use a random port 49538 to connection server(172.18.70.149:54321)

now I print out the client's captured:

1 sudo tcpdump port 54321

2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
3 listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
4
5
6 19: 29: 52.674854 IP bogon. 49538 > bogon. 54321: Flags [S], seq 2303324334, win 5840, options [mss 1460,sackOK,TS val 6717463 ecr 0,nop,wscale 5], length 0
7 19: 29: 52.675309 IP bogon. 54321 > bogon. 49538: Flags [S.], seq 2402310477, ack 2303324335, win 5792, options [mss 1460,sackOK,TS val 3494999994 ecr 6717463,nop,wscale 6], length 0
8 19: 29: 52.675351 IP bogon. 49538 > bogon. 54321: Flags [.], ack 1, win 183, options [nop,nop,TS val 6717464 ecr 3494999994], length 0
9

19: 29: 52.676059 IP bogon. 49538 > bogon. 54321: Flags [P.], seq 1: 34, ack 1, win 183, options [nop,nop,TS val 6717464 ecr 3494999994], length 33
10 19: 29: 52.676489 IP bogon. 54321 > bogon. 49538: Flags [.], ack 34, win 91, options [nop,nop,TS val 3494999995 ecr 6717464], length 0
11 19: 29: 52.676517 IP bogon. 54321 > bogon. 49538: Flags [P.], seq 1: 30, ack 34, win 91, options [nop,nop,TS val 3494999995 ecr 6717464], length 29

12 19: 29: 52.676526 IP bogon. 49538 > bogon. 54321: Flags [.], ack 30, win 183, options [nop,nop,TS val 6717464 ecr 3494999995], length 0
13 19: 29: 52.676591 IP bogon. 54321 > bogon. 49538: Flags [F.], seq 30, ack 34, win 91, options [nop,nop,TS val 3494999995 ecr 6717464], length 0
14 19: 29: 52.677302 IP bogon. 49538 > bogon. 54321: Flags [F.], seq 34, ack 31, win 183, options [nop,nop,TS val 6717464 ecr 3494999995], length 0
15 19: 29: 52.677641 IP bogon. 54321 > bogon. 49538: Flags [.], ack 35, win 91, options [nop,nop,TS val 3494999996 ecr 6717464], length 0

line 6,7,8(first 3 lines) is how the connection build (called three handshakes).

line 9,10,11 (middle 3 lines ) is how message send.

line 12,13,14,15 (last 4 lines) is how conncetion close.(called four handshakes)

here is server's capture:

1 19: 30: 49.882720 IP bogon. 49538 > bogon. 54321: Flags [S], seq 2303324334, win 5840, options [mss 1460,sackOK,TS val 6717463 ecr 0,nop,wscale 5], length 0
2 19: 30: 49.882771 IP bogon. 54321 > bogon. 49538: Flags [S.], seq 2402310477, ack 2303324335, win 5792, options [mss 1460,sackOK,TS val 3494999994 ecr 6717463,nop,wscale 6], length 0
3 19: 30: 49.883168 IP bogon. 49538 > bogon. 54321: Flags [.], ack 1, win 183, options [nop,nop,TS val 6717464 ecr 3494999994], length 0
4
5
6 19: 30: 49.883888 IP bogon. 49538 > bogon. 54321: Flags [P.], seq 1: 34, ack 1, win 183, options [nop,nop,TS val 6717464 ecr 3494999994], length 33
7 19: 30: 49.883917 IP bogon. 54321 > bogon. 49538: Flags [.], ack 34, win 91, options [nop,nop,TS val 3494999995 ecr 6717464], length 0
8 19: 30: 49.883986 IP bogon. 54321 > bogon. 49538: Flags [P.], seq 1: 30, ack 34, win 91, options [nop,nop,TS val 3494999995 ecr 6717464], length 29
9
10
11 19: 30: 49.884028 IP bogon. 54321 > bogon. 49538: Flags [F.], seq 30, ack 34, win 91, options [nop,nop,TS val 3494999995 ecr 6717464], length 0
12 19: 30: 49.884355 IP bogon. 49538 > bogon. 54321: Flags [.], ack 30, win 183, options [nop,nop,TS val 6717464 ecr 3494999995], length 0
13 19: 30: 49.885115 IP bogon. 49538 > bogon. 54321: Flags [F.], seq 34, ack 31, win 183, options [nop,nop,TS val 6717464 ecr 3494999995], length 0

14 19:30:49.885139 IP bogon.54321 > bogon.49538: Flags [.], ack 35, win 91, options [nop,nop,TS val 3494999996 ecr 6717464], length 0

what does S . P F mean ?

S SYN ---- sys number

F FIN ---- finished sending message

P PSH --- send message to app

R RST --- connection RST

. --- all above set 0

analyse:

three handshakes to build up a connection

client(172.18.70.159) send a SYN to server(172.18.70.149)'s port(54321)
server send another SYN to client , in the same time use ack+1 to confirm the client's SYN
client confirm back server SYN with ack+1

four handshakes to close a connection

server send to client a FIN
client confirm back server SYN with ack+1
client send to server a FIN
server confirm back client SYN with ack+1

from line 11 we can see server send the FIN to client (code:close(events[n].data.fd); //chat_server.cpp)

dengwei@dengwei-desktop:~/Desktop$ ./chat 172.18. 70.149
chat client start 172.18. 70.149
write finished msg:     hello, this is client
iwrite =   33
----> receive msg_content:     Hi this is server

ireadback = 29

message send and receive:

length 33 was sent by client ( a message struct with content: hello, this is client) --- first of middle 3 lines
a confim in the middle
length 29 was received from server to ( a message struct with content: Hi thi is server) --- last of middle 3 lines

Operating System:

[dengwei@localhost ~]$ uname -a

Linux localhost.localdomain 2.6.35.14-106.fc14.i686 #1 SMP Wed Nov 23 13:57:33 UTC 2011 i686 i686 i386 GNU/Linux

EOF

weixin_34416649

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
用tcpdump 分析如何建立与关闭tcp连接

according to preview article 【并发服务器系列】3 epoll模型I use tcpdump to analyze how tcp build up a connection, send a message ,and close the connection. (code are available in the preview article.) clien...
复制链接

扫一扫