帮我看看这两个数据包有什么区别 ?

mackon_jong

附件里有两个tcpdump抓的数据包ok.log是正常连接的, nook.log是不能正常连接的.

系统环境: linux-2.4.16, 两张网卡(eth0, eth1), eth0为内网卡,IP为192.168.1.1, eth1是ADSL拨号.

两次抓包的区别是:不能正常连接的数据包在SOCKET连接时多做了一个动作, bind内网地址(192.168.1.1),其他的都一样.

现在发现202.102.2.108在做了bind之后不能正常连接(其他网站都能正常连接).

各位高手这会是什么问题引起的呀.

[ 本帖最后由 mackon_jong 于 2007-5-17 13:26 编辑 ]

ssffzz1

愣没看懂。。。。。。。。。。。。。。。。。。。。。。。

蓝冰宝宝

不会。。。。

bingosek

你的log文件不是文本文件喔

mackon_jong

原帖由 bingosek 于 2007-5-17 15:39 发表于 4楼  
你的log文件不是文本文件喔

tcpdump 保存的本来就不是文本文件

platinum

确实奇怪
抛开 nook 暂且不谈，你的 ok 是用 wget 去连接的，经过第一个 SYN 和第二个 SYN/ACK 后，client 发出的第三个包竟然是 RST 标记

另外，我感觉 seq 有问题，具体还要查些资料才知道

mackon_jong

原帖由 platinum 于 2007-5-18 02:57 发表于 6楼  
确实奇怪
抛开 nook 暂且不谈，你的 ok 是用 wget 去连接的，经过第一个 SYN 和第二个 SYN/ACK 后，client 发出的第三个包竟然是 RST 标记

另外，我感觉 seq 有问题，具体还要查些资料才知道

谢谢platinum， 希望你能帮我解决这个问题

bingosek

我一般是这么用的：
[root@dns1 ~]# tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:30:38.506476 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: . ack 2499473838 win 16159
17:30:38.506549 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 1:148(147) ack 0 win 5840
17:30:38.541999 IP dhcp1.icecf.com.32768 > tempdns.guangzhou.gd.cn.domain:  15003+% [1au] PTR? 254.96.18.172.in-addr.arpa. (55)
17:30:38.707313 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: . ack 148 win 16012
17:30:38.803077 802.1d config 03e8.00:04:80:98:10:02.81c9 root 03e8.00:04:80:98:10:02 pathcost 0 age 0 max 20 hello 2 fdelay 15
17:30:38.804027 IP 172.20.1.1 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 80, prio 255, authtype none, intvl 1s, length 20
17:30:39.803994 IP 172.20.1.1 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 80, prio 255, authtype none, intvl 1s, length 20
17:30:40.543380 IP dhcp1.icecf.com.32768 > cache-a.guangzhou.gd.cn.domain:  46949+% [1au] PTR? 254.96.18.172.in-addr.arpa. (55)
17:30:40.545342 IP cache-a.guangzhou.gd.cn.domain > dhcp1.icecf.com.32768:  46949 NXDomain 0/0/1 (55)
17:30:40.548026 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 148:333(185) ack 0 win 5840
17:30:40.549866 IP dhcp1.icecf.com.32768 > tempdns.guangzhou.gd.cn.domain:  10069+% [1au] PTR? 100.56.144.61.in-addr.arpa. (55)
17:30:40.556777 IP tempdns.guangzhou.gd.cn.domain > dhcp1.icecf.com.32768:  10069 1/1/2 (126)
17:30:40.561078 IP dhcp1.icecf.com.32768 > tempdns.guangzhou.gd.cn.domain:  5885+% [1au] PTR? 18.0.0.224.in-addr.arpa. (52)
17:30:40.664287 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: . ack 333 win 15827
17:30:40.664339 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 333:677(344) ack 0 win 5840
17:30:40.803009 802.1d config 03e8.00:04:80:98:10:02.81c9 root 03e8.00:04:80:98:10:02 pathcost 0 age 0 max 20 hello 2 fdelay 15
17:30:40.803941 IP 172.20.1.1 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 80, prio 255, authtype none, intvl 1s, length 20
17:30:40.821847 IP tempdns.guangzhou.gd.cn.domain > dhcp1.icecf.com.32768:  5885 1/3/7 PTR[|domain]
17:30:40.825420 IP dhcp1.icecf.com.32768 > tempdns.guangzhou.gd.cn.domain:  2605+% [1au] PTR? 86.128.96.202.in-addr.arpa. (55)
17:30:40.880889 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: . ack 677 win 15483
17:30:40.880937 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 677:929(252) ack 0 win 5840
17:30:41.084850 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: . ack 929 win 15231
17:30:41.803871 IP 172.20.1.1 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 80, prio 255, authtype none, intvl 1s, length 20
17:30:42.802990 802.1d config 03e8.00:04:80:98:10:02.81c9 root 03e8.00:04:80:98:10:02 pathcost 0 age 0 max 20 hello 2 fdelay 15
17:30:42.803956 IP 172.20.1.1 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 80, prio 255, authtype none, intvl 1s, length 20
17:30:42.827391 IP dhcp1.icecf.com.32768 > cache-a.guangzhou.gd.cn.domain:  58692+% [1au] PTR? 86.128.96.202.in-addr.arpa. (55)
17:30:42.829329 IP cache-a.guangzhou.gd.cn.domain > dhcp1.icecf.com.32768:  58692 1/0/1 (92)
17:30:42.831267 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 929:1161(232) ack 0 win 5840
17:30:42.832601 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: . 1161:2621(1460) ack 0 win 5840
17:30:42.854269 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: . ack 2621 win 16384
17:30:42.854310 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 2621:3334(713) ack 0 win 5840
17:30:43.000307 IP dhcp1.icecf.com.efs > dns1.icecf.com.34209: P 143087382:143087394(12) ack 3862091243 win 8254 <nop,nop,timestamp 2176616065 2368912028>
17:30:43.000512 IP dns1.icecf.com.34209 > dhcp1.icecf.com.efs: . ack 12 win 32994 <nop,nop,timestamp 2368921574 2176616065>
17:30:43.057265 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: . ack 3334 win 15671
17:30:43.057314 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 3334:3798(464) ack 0 win 5840
17:30:43.260681 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: . ack 3798 win 15207
17:30:43.260720 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 3798:3981(183) ack 0 win 5840
17:30:43.452404 IP dns1.icecf.com.34209 > dhcp1.icecf.com.efs: P 1:13(12) ack 12 win 32994 <nop,nop,timestamp 2368922026 2176616065>
17:30:43.452455 IP dhcp1.icecf.com.efs > dns1.icecf.com.34209: . ack 13 win 8254 <nop,nop,timestamp 2176616517 2368922026>
17:30:43.464037 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: . ack 3981 win 15024
17:30:43.464081 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 3981:4422(441) ack 0 win 5840
17:30:43.538179 IP 172.18.96.254.1466 > dhcp1.icecf.com.telnet: P 0:1(1) ack 4422 win 16384
17:30:43.538230 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 4422:4605(183) ack 1 win 5840
17:30:43.538599 IP dhcp1.icecf.com.telnet > 172.18.96.254.1466: P 4605:4796(191) ack 1 win 5840 ur

bingosek

还是帮你念贴出来吧
###############################################################
[root@BenjmS tmp]# tcpdump -r ok.log
reading from file ok.log, link-type LINUX_SLL (Linux cooked)
18:49:35.377005 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: S 1959141275:1959141275(0) win 5808 <mss 1452,sackOK,timestamp 1
96357315 0,nop,wscale 2>
18:49:35.458852 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: S 1959141275:1959141275(0) ack 945088971 win 65535 <mss 1460,nop
,nop,sackOK>
18:49:35.458996 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: R 945088971:945088971(0) win 0
18:49:35.460824 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: S 2517119328:2517119328(0) ack 1959141276 win 5792 <mss 1460,sac
kOK,timestamp 117405803 196357315,nop,wscale 0>
18:49:35.460888 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: . ack 1 win 1452 <nop,nop,timestamp 196357336 117405803>
18:49:35.461118 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: P 1:79(78) ack 1 win 1452 <nop,nop,timestamp 196357336 117405803
>
18:49:35.517431 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: . ack 79 win 5792 <nop,nop,timestamp 117405810 196357336>
18:49:35.541149 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: P 1:207(206) ack 79 win 5792 <nop,nop,timestamp 117405811 196357
336>
18:49:35.541153 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: F 207:207(0) ack 79 win 5792 <nop,nop,timestamp 117405811 196357
336>
18:49:35.541240 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: . ack 207 win 1720 <nop,nop,timestamp 196357356 117405811>
18:49:35.578556 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: . ack 208 win 1720 <nop,nop,timestamp 196357366 117405811>
18:49:35.678570 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: F 79:79(0) ack 208 win 1720 <nop,nop,timestamp 196357391 1174058
11>
18:49:35.678715 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.
102.2.108.http: S 1960131503:1960131503(0) win 5808 <mss 1452,sackOK,timestamp 1
96357391 0,nop,wscale 2>
18:49:35.749345 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43326: S 1960131503:1960131503(0) ack 945285579 win 65535 <mss 1460,nop
,nop,sackOK>
18:49:35.749464 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.
102.2.108.http: R 945285579:945285579(0) win 0
18:49:35.751054 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43326: S 2514311233:2514311233(0) ack 1960131504 win 5792 <mss 1460,sac
kOK,timestamp 117405831 196357391,nop,wscale 0>
18:49:35.751110 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.
102.2.108.http: . ack 1 win 1452 <nop,nop,timestamp 196357409 117405831>
18:49:35.751058 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: . ack 80 win 5792 <nop,nop,timestamp 117405830 196357391>
18:49:35.751336 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.                   102.2.108.http: P 1:88(87) ack 1 win 1452 <nop,nop,timestamp 196357409 117405831                   >
18:49:35.806699 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: . ack 88 win 5792 <nop,nop,timestamp 117405840 196357409>
18:49:35.807238 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: P 1:233(232) ack 88 win 5792 <nop,nop,timestamp 117405840 196357                   409>
18:49:35.807283 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.                   102.2.108.http: . ack 233 win 1720 <nop,nop,timestamp 196357423 117405840>
18:49:35.809688 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: P 233:596(363) ack 88 win 5792 <nop,nop,timestamp 117405840 1963                   57409>
18:49:35.809697 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: F 596:596(0) ack 88 win 5792 <nop,nop,timestamp 117405840 196357                   409>
18:49:35.809813 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.                   102.2.108.http: . ack 596 win 1988 <nop,nop,timestamp 196357423 117405840>
18:49:35.811166 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.                   102.2.108.http: F 88:88(0) ack 597 win 1988 <nop,nop,timestamp 196357424 1174058                   40>
18:49:35.898318 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: . ack 89 win 5792 <nop,nop,timestamp 117405849 196357424>

[root@BenjmS tmp]# tcpdump -r nook.log
reading from file nook.log, link-type LINUX_SLL (Linux cooked)
18:48:42.222307 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: S 1876408499:1876408499(0) win 5808 <mss 1452,sackOK,timestamp 196344027 0,nop,wscale 2>
18:48:42.263284 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 1876408499:1876408499(0) ack 2135353803 win 65535 <mss 1460,nop,nop,sackOK>
18:48:42.263336 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 2135353803:2135353803(0) win 0
18:48:42.263290 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 2467461584:2467461584(0) ack 1876408500 win 5792 <mss 1460,sackOK,timestamp 117400485 196344027,nop,wscale 0>
18:48:42.263367 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 1876408500:1876408500(0) win 0
18:48:45.219451 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: S 1876408499:1876408499(0) win 5808 <mss 1452,sackOK,timestamp 196344777 0,nop,wscale 2>
18:48:45.261054 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 1876408499:1876408499(0) ack 2135353803 win 65535 <mss 1460,nop,nop,sackOK>
18:48:45.261143 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 2135353803:2135353803(0) win 0
18:48:45.262084 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 2470459125:2470459125(0) ack 1876408500 win 5792 <mss 1460,sackOK,timestamp 117400785 196344777,nop,wscale 0>
18:48:45.262111 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 1876408500:1876408500(0) win 0
18:48:51.219825 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: S 1876408499:1876408499(0) win 5808 <mss 1452,sackOK,timestamp 196346277 0,nop,wscale 2>
18:48:51.261060 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 1876408499:1876408499(0) ack 2135353803 win 65535 <mss 1460,nop,nop,sackOK>
18:48:51.261133 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 2135353803:2135353803(0) win 0
18:48:51.261066 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 2476459453:2476459453(0) ack 1876408500 win 5792 <mss 1460,sackOK,timestamp 117401385 196346277,nop,wscale 0>
18:48:51.261172 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 1876408500:1876408500(0) win 0

bingosek

稍微分析一下：
#######################################
[root@BenjmS tmp]# tcpdump -r ok.log
reading from file ok.log, link-type LINUX_SLL (Linux cooked)
18:49:35.377005 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: S 1959141275:1959141275(0) win 5808 <mss 1452,sackOK,timestamp 1
96357315 0,nop,wscale 2>
#三次握手的第一阶段，SYN包，seq=1959141275
18:49:35.458852 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: S 1959141275:1959141275(0) ack 945088971 win 65535 <mss 1460,nop
,nop,sackOK>
#三次握手的第二阶段，SYN ACK，seq=1959141275 ack=945088971
#这里就已经有问题了，应该是syn=一个新的序号，（这里变成第一阶段的SYN包的seq+1）,ack=第一阶段的SYN包的seq+1,1959141276，收到莫名其妙的syn ack，导致发起端，即http客户端向http服务器端发起RST，也就是下一个操作了
18:49:35.458996 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: R 945088971:945088971(0) win 0
#收到的SYN ACK错误，RST
18:49:35.460824 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: S 2517119328:2517119328(0) ack 1959141276 win 5792 <mss 1460,sac
kOK,timestamp 117405803 196357315,nop,wscale 0>
#再发一次SYN ACK，seq=2517119328 ack=1959141276
#这里的ack是第一阶段SYN包的seq+1，正确，进入下一步
18:49:35.460888 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: . ack 1 win 1452 <nop,nop,timestamp 196357336 117405803>
#三次握手的第三阶段，ack包，ack=1
18:49:35.461118 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: P 1:79(78) ack 1 win 1452 <nop,nop,timestamp 196357336 117405803
>
#push数据了
18:49:35.517431 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: . ack 79 win 5792 <nop,nop,timestamp 117405810 196357336>
18:49:35.541149 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: P 1:207(206) ack 79 win 5792 <nop,nop,timestamp 117405811 196357
336>
18:49:35.541153 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: F 207:207(0) ack 79 win 5792 <nop,nop,timestamp 117405811 196357
336>
18:49:35.541240 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: . ack 207 win 1720 <nop,nop,timestamp 196357356 117405811>
18:49:35.578556 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: . ack 208 win 1720 <nop,nop,timestamp 196357366 117405811>
18:49:35.678570 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43325 > 202.
102.2.108.http: F 79:79(0) ack 208 win 1720 <nop,nop,timestamp 196357391 1174058
11>
18:49:35.678715 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.
102.2.108.http: S 1960131503:1960131503(0) win 5808 <mss 1452,sackOK,timestamp 1
96357391 0,nop,wscale 2>
18:49:35.749345 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43326: S 1960131503:1960131503(0) ack 945285579 win 65535 <mss 1460,nop
,nop,sackOK>
18:49:35.749464 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.
102.2.108.http: R 945285579:945285579(0) win 0
18:49:35.751054 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43326: S 2514311233:2514311233(0) ack 1960131504 win 5792 <mss 1460,sac
kOK,timestamp 117405831 196357391,nop,wscale 0>
18:49:35.751110 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.
102.2.108.http: . ack 1 win 1452 <nop,nop,timestamp 196357409 117405831>
18:49:35.751058 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat
a.com.cn.43325: . ack 80 win 5792 <nop,nop,timestamp 117405830 196357391>
18:49:35.751336 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.                   102.2.108.http: P 1:88(87) ack 1 win 1452 <nop,nop,timestamp 196357409 117405831                   >
18:49:35.806699 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: . ack 88 win 5792 <nop,nop,timestamp 117405840 196357409>
18:49:35.807238 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: P 1:233(232) ack 88 win 5792 <nop,nop,timestamp 117405840 196357                   409>
18:49:35.807283 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.                   102.2.108.http: . ack 233 win 1720 <nop,nop,timestamp 196357423 117405840>
18:49:35.809688 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: P 233:596(363) ack 88 win 5792 <nop,nop,timestamp 117405840 1963                   57409>
18:49:35.809697 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: F 596:596(0) ack 88 win 5792 <nop,nop,timestamp 117405840 196357                   409>
18:49:35.809813 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.                   102.2.108.http: . ack 596 win 1988 <nop,nop,timestamp 196357423 117405840>
18:49:35.811166 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.43326 > 202.                   102.2.108.http: F 88:88(0) ack 597 win 1988 <nop,nop,timestamp 196357424 1174058                   40>
18:49:35.898318 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163dat                   a.com.cn.43326: . ack 89 win 5792 <nop,nop,timestamp 117405849 196357424>


[root@BenjmS tmp]# tcpdump -r nook.log
reading from file nook.log, link-type LINUX_SLL (Linux cooked)
18:48:42.222307 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: S 1876408499:1876408499(0) win 5808 <mss 1452,sackOK,timestamp 196344027 0,nop,wscale 2>
#三次握手的第一阶段，SYN包，seq=1876408499
18:48:42.263284 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 1876408499:1876408499(0) ack 2135353803 win 65535 <mss 1460,nop,nop,sackOK>
#三次握手的第二阶段，SYN ACK，seq=187640849 ack=945088971
#这里就已经有问题了，应该是syn=一个新的序号，（这里变成第一阶段的SYN包的seq+1）,ack=第一阶段的SYN包的seq+1(187640849),收到莫名其妙的syn ack，导致发起端，即http客户端向http服务器端发起RST，也就是下一个操作了
18:48:42.263336 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 2135353803:2135353803(0) win 0
#收到的SYN ACK错误，RST
18:48:42.263290 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 2467461584:2467461584(0) ack 1876408500 win 5792 <mss 1460,sackOK,timestamp 117400485 196344027,nop,wscale 0>
#再发一次SYN ACK，seq=2467461584 ack=1876408500
#seq=一个新的序号（2467461584），ack=1876408500（这个包的序号是对的，问什么客户端要RST？）
18:48:42.263367 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 1876408500:1876408500(0) win 0
#客户端认为不对，RST
18:48:45.219451 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: S 1876408499:1876408499(0) win 5808 <mss 1452,sackOK,timestamp 196344777 0,nop,wscale 2>
#重新进行三次握手，重复上面过程
18:48:45.261054 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 1876408499:1876408499(0) ack 2135353803 win 65535 <mss 1460,nop,nop,sackOK>
18:48:45.261143 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 2135353803:2135353803(0) win 0
18:48:45.262084 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 2470459125:2470459125(0) ack 1876408500 win 5792 <mss 1460,sackOK,timestamp 117400785 196344777,nop,wscale 0>
18:48:45.262111 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 1876408500:1876408500(0) win 0
18:48:51.219825 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: S 1876408499:1876408499(0) win 5808 <mss 1452,sackOK,timestamp 196346277 0,nop,wscale 2>
18:48:51.261060 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 1876408499:1876408499(0) ack 2135353803 win 65535 <mss 1460,nop,nop,sackOK>
18:48:51.261133 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 2135353803:2135353803(0) win 0
18:48:51.261066 IP 202.102.2.108.http > 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975: S 2476459453:2476459453(0) ack 1876408500 win 5792 <mss 1460,sackOK,timestamp 117401385 196346277,nop,wscale 0>
18:48:51.261172 IP 22.122.35.121.broad.sz.gd.dynamic.163data.com.cn.60975 > 202.102.2.108.http: R 1876408500:1876408500(0) win 0