论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2007-05-28 12:05 |只看该作者 |倒序浏览

两个不同的IP地址对同一WWW服务器同一PHP页面的请求，使用TCPDUMP在WWW服务端做数据分析，情形如下

正常完成的IP数据
11:43:52.840642 IP 218.25.51.146.32805 > 218.61.33.124.http: S 3441207900:3441207900(0) win 5840 <mss 1460,sackOK,timestamp 91856289 0,nop,wscale 2>
11:43:52.840691 IP 218.61.33.124.http > 218.25.51.146.32805: S 2536181841:2536181841(0) ack 3441207901 win 5792 <mss 1460,sackOK,timestamp 2323652 91856289,nop,wscale 2>
11:43:52.849828 IP 218.25.51.146.32805 > 218.61.33.124.http: . ack 1 win 1460 <nop,nop,timestamp 91856299 2323652>
11:43:52.850044 IP 218.25.51.146.32805 > 218.61.33.124.http: P 1:239(23

ack 1 win 1460 <nop,nop,timestamp 91856299 2323652>
11:43:52.850081 IP 218.61.33.124.http > 218.25.51.146.32805: . ack 239 win 1716 <nop,nop,timestamp 2323661 91856299>
11:43:52.859260 IP 218.25.51.146.32805 > 218.61.33.124.http: P 239:261(22) ack 1 win 1460 <nop,nop,timestamp 91856308 2323661>
11:43:52.859273 IP 218.61.33.124.http > 218.25.51.146.32805: . ack 261 win 1716 <nop,nop,timestamp 2323670 91856308>
11:43:53.776500 IP 218.61.33.124.http > 218.25.51.146.32805: P 1:220(219) ack 261 win 1716 <nop,nop,timestamp 2324588 91856308>
11:43:53.776626 IP 218.61.33.124.http > 218.25.51.146.32805: F 220:220(0) ack 261 win 1716 <nop,nop,timestamp 2324588 91856308>
11:43:53.785766 IP 218.25.51.146.32805 > 218.61.33.124.http: . ack 220 win 1728 <nop,nop,timestamp 91857235 2324588>
11:43:53.788981 IP 218.25.51.146.32805 > 218.61.33.124.http: F 261:261(0) ack 221 win 1728 <nop,nop,timestamp 91857238 2324588>
11:43:53.789005 IP 218.61.33.124.http > 218.25.51.146.32805: . ack 262 win 1716 <nop,nop,timestamp 2324600 91857238>

未正常完成的数据
11:19:01.666073 IP 218.58.62.130.32794 > 218.61.33.124.http: S 1717778548:1717778548(0) win 5840 <mss 1460,sackOK,timestamp 151950165 0,nop,wscale 2>
11:19:01.666130 IP 218.61.33.124.http > 218.58.62.130.32794: S 968958669:968958669(0) ack 1717778549 win 5792 <mss 1460,sackOK,timestamp 832250 151950165,nop,wscale 2>
11:19:01.697188 IP 218.58.62.130.32794 > 218.61.33.124.http: . ack 1 win 1460 <nop,nop,timestamp 151950196 832250>
11:19:01.697323 IP 218.58.62.130.32794 > 218.61.33.124.http: P 1:240(239) ack 1 win 1460 <nop,nop,timestamp 151950196 832250>
11:19:01.697350 IP 218.61.33.124.http > 218.58.62.130.32794: . ack 240 win 1716 <nop,nop,timestamp 832282 151950196>
11:19:01.697372 IP 218.58.62.130.32794 > 218.61.33.124.http: R 1717778788:1717778788(0) win 0 <nop,nop,timestamp 151950196 832250>
11:19:01.728409 IP 218.58.62.130.32794 > 218.61.33.124.http: P 240:262(22) ack 1 win 1460 <nop,nop,timestamp 151950228 832282>
11:19:01.728444 IP 218.61.33.124.http > 218.58.62.130.32794: R 968958670:968958670(0) win 0
11:19:01.728466 IP 218.58.62.130.32794 > 218.61.33.124.http: R 1717778810:1717778810(0) win 0 <nop,nop,timestamp 151950228 832282>

可以看到第四行，P过来的数据有差异，未正常完成的就直接发了个R，不知道原因在哪里

文库|博客

返回列表

Chinaunix › 论坛 › IT运维 › 服务器应用 › 帮忙：tcpdump 对WWW服务同一请求不同结果的数据分析

帮忙：tcpdump 对WWW服务同一请求不同结果的数据分析 [复制链接]

浏览过的版块