tcpdump 分析 TCP 通信过程
2016-06-20 17:09
519 查看
step1: connect(client)
14:26:17.213856 IP 172.25.40.208.49040 > 172.25.40.208.9999: S 2796874307:2796874307(0) win 32767 <mss 16396,sackOK,timestamp 166610063 166607508,nop,wscale 2> 14:26:17.213876 IP 172.25.40.208.9999 > 172.25.40.208.49040: S 2805061524:2805061524(0) ack 2796874308 win 32767 <mss 16396,sackOK,timestamp 166610063 166610063,nop,wscale 2> 14:26:17.213887 IP 172.25.40.208.49040 > 172.25.40.208.9999: . ack 1 win 8192 <nop,nop,timestamp 166610063 166610063>
step2: send(client)
14:26:59.682802 IP 172.25.40.208.49040 > 172.25.40.208.9999: P 1:10(9) ack 1 win 8192 <nop,nop,timestamp 166620679 166610063> 14:26:59.682867 IP 172.25.40.208.9999 > 172.25.40.208.49040: . ack 10 win 8192 <nop,nop,timestamp 166620679 166620679>
step3: close(server)
14:28:16.448889 IP 172.25.40.208.9999 > 172.25.40.208.49040: F 1:1(0) ack 44 win 8192 <nop,nop,timestamp 166639869 166628957> 14:28:16.449045 IP 172.25.40.208.49040 > 172.25.40.208.9999: . ack 2 win 8192 <nop,nop,timestamp 166639870 166639869>
netstat
client: CLOSE_WAIT
server: FIN_WAIT2
step4: send(client)
14:45:24.783124 IP 172.25.40.208.37241 > 172.25.40.208.9999: P 8:13(5) ack 2 win 8192 <nop,nop,timestamp 166896937 166892750> 14:45:24.783142 IP 172.25.40.208.9999 > 172.25.40.208.37241: R 3992527880:3992527880(0) win 0
此时客户端依然可以发送数据(这里发送了 5 个字节),服务端已经关闭连接,所以内核回包为 “RESET”.
正常的连接断开
显然,上面的连接断开是非正常的连接断开,下面是正常的连接断开。client close, server read 0 and close
16:11:48.289783 IP 172.25.40.208.35642 > 172.25.40.208.9999: F 5:5(0) ack 1 win 8192 <nop,nop,timestamp 168192733 168190498> 16:11:48.289870 IP 172.25.40.208.9999 > 172.25.40.208.35642: F 1:1(0) ack 6 win 8192 <nop,nop,timestamp 168192733 168192733> 16:11:48.289879 IP 172.25.40.208.35642 > 172.25.40.208.9999: . ack 2 win 8192 <nop,nop,timestamp 168192733 168192733>
内核将连接断开的第 2 和 3 个包合并为一个包了。
client close, server read 0, sleep, then close
16:38:28.395910 IP 172.25.40.208.35219 > 172.25.40.208.9999: F 5:5(0) ack 1 win 8192 <nop,nop,timestamp 168592734 168591624> 16:38:28.433255 IP 172.25.40.208.9999 > 172.25.40.208.35219: . ack 6 win 8192 <nop,nop,timestamp 168592744 168592734> 16:38:29.397193 IP 172.25.40.208.9999 > 172.25.40.208.35219: F 1:1(0) ack 6 win 8192 <nop,nop,timestamp 168592985 168592734> 16:38:29.397215 IP 172.25.40.208.35219 > 172.25.40.208.9999: . ack 2 win 8192 <nop,nop,timestamp 168592985 168592985>
发现客户端关闭连接后,sleep 一下再 close 则第 2 和 3 个包不会合并。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 浅谈网络语音技术
- tcpdump
- TCP/IP五层与OSI七层
- PHP中9大缓存技术总结(转载 http://www.php100.com/html/php/lei/2015/0919/8969.html)
- Linux服务器上监控网络带宽的18个常用命令
- Android中发送网络请求时参数为中文,导致请求的结果不正确的解决方法
- http post request header is too large 问题
- tensorflow从0开始(6)——保存加载模型
- Android OkHttp实现HttpDns的最佳实践(非拦截器)
- Android Https
- Reachability 监测网络状态(第三方框架)
- java网络编程-利用datagramsocket和datagrampacket实现一台机器向另一台机器传文件
- ffmpeg 搭配ffserver输出http协议视频流
- PXE无人值守网络安装Ubuntu14.04
- C#中HttpWebRequest的用法详解
- 深入HTTP head的使用详解
- JavaScript---网络编程(9-2)--DHTML技术演示(2-2)-表格加强
- JavaScript---网络编程(9-2)--DHTML技术演示(2-2)-表格加强
- Android学习笔记之网络接口(Http接口,Apache接口,Android接口)
- android之OkHttp使用(网络请求,上传,下载)