我正在使用 tpc dumnp 在我的两台服务器上收集网络统计信息。我需要帮助才能解码日志。有很多页面解释了我们可以传递的参数,但是我在哪里可以获得有关如何使用日志转储的详细信息。我从基本命令开始,我正在尝试环绕收到的消息。
设置: node01 和 node02 是两个服务器; node02 正在通过网络将文件复制到 node01 以下是输出。
"tcpdump -i em2"
"14:36:40.102634 IP node01.ssh > node02.32769: Flags [P.], seq 44496:44532, ack 147123477, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 36
14:36:40.102718 IP node02.32769 > node01.ssh: Flags [.], seq 147123477:147140853, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 17376
14:36:40.102728 IP node01.ssh > node02.32769: Flags [.], ack 147140853, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.102867 IP node02.32769 > node01.ssh: Flags [.], seq 147140853:147158229, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 17376
14:36:40.102879 IP node01.ssh > node02.32769: Flags [.], ack 147158229, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.103013 IP node02.32769 > node01.ssh: Flags [.], seq 147158229:147175605, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 17376
14:36:40.103024 IP node01.ssh > node02.32769: Flags [.], ack 147175605, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.103160 IP node02.32769 > node01.ssh: Flags [.], seq 147175605:147185741, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 10136
14:36:40.103173 IP node01.ssh > node02.32769: Flags [.], ack 147185741, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.103178 IP node02.32769 > node01.ssh: Flags [.], seq 147185741:147192981, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 7240
14:36:40.103185 IP node01.ssh > node02.32769: Flags [.], ack 147192981, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103309 IP node02.32769 > node01.ssh: Flags [.], seq 147192981:147210357, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103321 IP node01.ssh > node02.32769: Flags [.], ack 147210357, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103459 IP node02.32769 > node01.ssh: Flags [.], seq 147210357:147227733, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103471 IP node01.ssh > node02.32769: Flags [.], ack 147227733, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103604 IP node02.32769 > node01.ssh: Flags [.], seq 147227733:147245109, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103614 IP node01.ssh > node02.32769: Flags [.], ack 147245109, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103701 IP node01.ssh > node02.32769: Flags [P.], seq 44532:44568, ack 147245109, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 36
14:36:40.103752 IP node02.32769 > node01.ssh: Flags [.], seq 147245109:147262485, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103760 IP node01.ssh > node02.32769: Flags [.], ack 147262485, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103900 IP node02.32769 > node01.ssh: Flags [.], seq 147262485:147279861, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103911 IP node01.ssh > node02.32769: Flags [.], ack 147279861, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104048 IP node02.32769 > node01.ssh: Flags [.], seq 147279861:147297237, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104061 IP node01.ssh > node02.32769: Flags [.], ack 147297237, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104195 IP node02.32769 > node01.ssh: Flags [.], seq 147297237:147314613, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104210 IP node01.ssh > node02.32769: Flags [.], ack 147314613, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104339 IP node02.32769 > node01.ssh: Flags [.], seq 147314613:147316061, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 1448
14:36:40.104352 IP node02.32769 > node01.ssh: Flags [.], seq 147316061:147331989, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 15928
14:36:40.104362 IP node01.ssh > node02.32769: Flags [.], ack 147331989, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104490 IP node02.32769 > node01.ssh: Flags [.], seq 147331989:147349365, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104503 IP node01.ssh > node02.32769: Flags [.], ack 147349365, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104638 IP node02.32769 > node01.ssh: Flags [.], seq 147349365:147366741, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104651 IP node01.ssh > node02.32769: Flags [.], ack 147366741, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104785 IP node02.32769 > node01.ssh: Flags [.], seq 147366741:147384117, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104794 IP node01.ssh > node02.32769: Flags [.], ack 147384117, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0"
我看到了时间戳;其次是来源 > 目的地;但除此之外我不了解其他信息 什么是旗帜?顺序?确认?赢?选项?长度?在上面的日志转储中?
谢谢
最佳答案
要了解这些值,您需要阅读有关 TCP 的内容。您可以从这里开始:https://en.wikipedia.org/wiki/Transmission_Control_Protocol然后阅读 TCP RFC。
- 标志:TCP 标志(Sync、Push、Ack(点)等)
- ACK,是被确认的序列号(预期的下一个序列号),SEQ 是发送的第一个序列号
- Win:发送者发布的窗口大小
- 长度:用于 TCP 负载
- 选项:TCP 选项
关于networking - 从 tcpdump 中提取信息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39715738/