- 论坛徽章:
- 0
|
本帖最后由 zavakid 于 2011-01-27 13:53 编辑
tcpdump 抓包 sudo tcpdump tcp -i 9 port 24100 or 3500 -n
结果如下:
13:43:33.156126 IP 10.19.14.128.60218 > 10.19.14.128.24100: Flags [S], seq 761883484, win 5840, options [mss 1460], length 0
13:43:33.156145 IP 10.19.14.129.3500 > 10.19.14.128.60218: Flags [S.], seq 749759732, ack 761883485, win 32792, options [mss 16396], length 0
13:43:33.156161 IP 10.19.14.128.60218 > 10.19.14.128.24100: Flags [.], ack 749759733, win 5840, length 0
13:43:33.156208 IP 10.19.14.128.60218 > 10.19.14.128.24100: Flags [P.], seq 0:548, ack 1, win 5840, length 548
13:43:33.156218 IP 10.19.14.129.3500 > 10.19.14.128.60218: Flags [.], ack 549, win 33428, length 0
13:43:33.165351 IP 10.19.14.129.3500 > 10.19.14.128.60218: Flags [P.], seq 1:759, ack 549, win 33428, length 758
13:43:33.165366 IP 10.19.14.128.60218 > 10.19.14.128.24100: Flags [.], ack 759, win 6822, length 0
13:43:33.165438 IP 10.19.14.129.3500 > 10.19.14.128.60218: Flags [P.], seq 759:887, ack 549, win 33428, length 128
13:43:33.165447 IP 10.19.14.128.60218 > 10.19.14.128.24100: Flags [.], ack 887, win 8338, length 0
13:43:33.165506 IP 10.19.14.129.3500 > 10.19.14.128.60218: Flags [F.], seq 887, ack 549, win 33428, length 0
13:43:33.165936 IP 10.19.14.128.60218 > 10.19.14.128.24100: Flags [F.], seq 548, ack 888, win 8338, length 0
13:43:33.165954 IP 10.19.14.129.3500 > 10.19.14.128.60218: Flags [.], ack 550, win 33428, length 0
看起来抓到的是iptables修改过的包。
对于TCP协议我不是很懂,但看起来,好像就是 10.19.14.128.24100 和 10.19.14.129.3500 就相当于同一个地址了? |
|