tcpdump need to use root
1. Listen to the 3306 port of this machine, you can get the data packet received and sent by the local port 3306
[sourcecode]tcpdump port 3306[/sourcecode]
Subcontracting results:
[sourcecode]# tcpdump tcp port 7012 and host 172.25.34.88 -ieth1 -ntcpdump: verbose output suppressed, use -v or -vv for Full protocol decodelistening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes1. 14:44:52.174122 IP 172.25.38.145.49563 > 172.25.34.88.7012: S 1986599379:1986599379(0) win 5840 <mss 1460,sackOK,timestamp 3824018401 0,nop,wscale 2>2. 14:44:52.174249 IP 172.25.34.88.7012 > 172.25.38.145.49563: S 4294961892:4294961892(0) ack 1986599380 win 5792 <mss 1460, Sackok, timestamp 1927787323 3824018401, nop, wscale 2 > 3. 14:44:52.174228 IP 172.25.38.145.49563 > 172.25.34.88.7012: . ack 1 win 1460 <nop,nop,timestamp 3824018401 1927787323>4. 14 :44:52.174433 IP 172.25.38.145.49563 > 172.25.34.88.7012: P 1:109(108) ack 1 Win 1460 <nop,nop,timestamp 3824018401 1927787323>5. 14:44:52.174443 IP 172.25.34.88.7012 > 172.25.38.145.49563: . ack 109 win 1448 <nop,nop,timestamp 1927787323 3824018401>6. 14:44:52.186891 IP 172.25.34.88.7012 > 172.25.38.145.49563: P 1:857(856) ack 109 win 1448 <nop,nop,timestamp 1927787326 3824018401>7. 14:44:52.186914 IP 172.25. 34.88.7012 > 172.25.38.145.49563: F 857:857(0) ack 109 win 1448 <nop,nop,timestamp 1927787326 3824018401>8. 14:44:52.187054 IP 172.25.38.145.49563 > 172.25.34.88 .7012: . ack 857 win 1888 <nop,nop,timestamp 3824018404 1927787326>9. 14:44:52.195347 IP 172.25.38.145.49563 > 172.25.34.88.7012: F 109:109(0) ack 858 win 1888 <nop,nop,timestamp 3824018406 1927787326>10. 14:44:52.195355 IP 172.25.34.88.7012 > 172.25.38.145.49563: . ack 110 win 1448 <nop,nop,timestamp 1927787328 3824018406> There is a flag carried by this package: S=SYN, which initiates the connection flag. P=PUSH, transfer data flag. F=FIN, close the connection flag. Ack indicates the confirmation package. RST=RESET, the connection is closed abnormally. Indicates that there are no signs. The above process of packet capture: Line 1: 14:44:52 this time, from 172.25.38.145 (client) temporary port 49563 to 172.25.34.88 (server) 7012 listening port to initiate a connection, the client initial package serial number is 1986599379 The sliding window size is 5840 bytes (the sliding window is the size of the tcp receiving buffer for tcp congestion control), and the mss size is 1460 (the maximum packet length that can be received, usually MTU minus 40 bytes, IP header and TCP headers are 20 bytes each). Line 2: The server responds to the connection, and takes the ack information of the first packet, adding 1 to the initial packet number of the client, ie 1986599380, that is, the next time the server waits to accept the packet sequence number for the tcp byte stream. The order control. The initial packet number on the server side is 4294496892, and the mss is also 1460. Line 3: The client reconfirms, and the tcp connection is completed three times. Line 4: The client sends a request packet with a packet length of 108 bytes. Line 5: The server responds with ack. Line 6: The server returns the packet with a packet length of 856 bytes. Line 7: The client responds with ack. Line 8: The client initiates a close connection request. Line 9: The server responds with ack and also sends the FIN flag to close. Line 10: The client responds with ack, and the four-way handshake to close the connection is completed. [/sourcecode]
2, 1, get 3306 received data packet
[sourcecode]tcpdump dst port 3306[/sourcecode]
2, get 3306 data Package
[sourcecode]tcpdump src port 3306[/sourcecode]tcpdump command options: -i: Specify the network card. -n: Display ip instead of hostname. -c: Specify how many packages to grab and exit. -A: Display package contents in ASCII format. This option is very useful for text format protocol packages. -s: Specifies that the capture packet displays the width of one line, and -s0 indicates that the complete package is displayed, often used with -A. -x/-xx/-X/-XX: Display the contents of the package in hexadecimal. There are only minor differences between the options. See the man page for details. -vv: Details. -r: Read from the file. -w: Export to the specified file. Monitor data from 172.25.38.145 to port 7012 and go to the specified file: tcpdump tcp dst port 7012 and src host 172.25.38.145 -vv –w output.dat Loads the listener data from the specified file: tcpdump -r output.dat listener NIC eth1 port 7012 data: tcpdump tcp port 7012 -ieth1 –n
#ls -l | Wc -l Note: The total usage also takes 1 row, so the statistics are 14 instead of 13 Other
6. Sfdisk & ndash; backup partition table If you install multiple systems, it can easily lead to
tcpdump is a commonly used capture tool under the Linux command line, record the usual way, the test
In the existing embedded LINUX system development process, all engineers are tired
How to Migrate Account Information Between Linux Servers
There are several ways to mount rootfs when Linux starts.
Neighbor subsystem of the linux protocol stack (overview 1)
Several thoughts and conclusions about the father and son processes under Linux
Vmware Server installation notes for Linux and Windows
Xshell configuration file backup tutorial
Talk about how to learn Linux system
Rm delete the file or directory at the beginning of the dash
Linux simple backup script tutorial
Linux desktop environment GNOME practical skills
Configure dual NIC routing table
The founder of the Linux kernel expects to have a language replacement C
Reinstalling Win 7 Five must-have settings
Easy copy without installing win7 as usual (2)
Win10 Explorer does not display the method of recent search records
Windows xp sharing problem setting method
Vista automatically clears virtual memory page
How to get Win10 system out of home user group