tcpdump tcp and host 172.16.10.59 and 172.16.10.58 and port 9998 -vvv -nn -A

tcpdump tcp dst port 3306 -x
tcpdump dst port 3306 -x
tcpdump src port 3306 -x

http://www.cnblogs.com/maifengqiang/p/3863168.html


tcpdump tcp and  host 172.16.10.58 and 172.16.128.68 and port 80 -XX


tcpdump tcp and host 172.16.10.59 and 172.16.10.58 and port 9998 -vvv -nn -A

tcpdump tcp and host 172.16.10.59 and 172.16.10.58 and port 9998 -vvv -nn -A -x
tcpdump tcp and host 172.16.10.59 and 172.16.10.58 and port 9998 -vvv -nn -A -xx
tcpdump tcp and host 172.16.10.59 and 172.16.10.58 and port 9998 -vvv -nn -A -X
tcpdump tcp and host 172.16.10.59 and 172.16.10.58 and port 9998 -vvv -nn -A -XX


14:42:03.976737 IP (tos 0x10, ttl 64, id 46723, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.10.58.59622 > 172.16.10.59.9998: Flags [S], cksum 0x7222 (correct), seq 3134231872, win 14600, options [mss 1460,sackOK,TS val 2893423555 ecr 0,nop,wscale 7], length 0
E..<..@.@.....
:..
;..'....@......9.r".........
.v#.........
14:42:03.976811 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.10.59.9998 > 172.16.10.58.59622: Flags [S.], cksum 0xa82d (correct), seq 287805977, ack 3134231873, win 14480, options [mss 1460,sackOK,TS val 3073929186 ecr 2893423555,nop,wscale 7], length 0
E..<..@.@..&..
;..
:'....'.....A..8..-.........
.8o..v#.....
14:42:03.977295 IP (tos 0x10, ttl 64, id 46724, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.10.58.59622 > 172.16.10.59.9998: Flags [.], cksum 0x0f17 (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 2893423555 ecr 3073929186], length 0
E..4..@.@.....
:..
;..'....A.'.....s.......
.v#..8o.






14:43:27.602789 IP (tos 0x10, ttl 64, id 46725, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.10.58.59622 > 172.16.10.59.9998: Flags [F.], cksum 0xc867 (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 2893507184 ecr 3073929186], length 0
E..4..@.@.....
:..
;..'....A.'.....s.g.....
.wjp.8o.
14:43:27.602915 IP (tos 0x0, ttl 64, id 65017, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.10.59.9998 > 172.16.10.58.59622: Flags [F.], cksum 0x81bb (correct), seq 1, ack 2, win 114, options [nop,nop,TS val 3074012813 ecr 2893507184], length 0
E..4..@.@..4..
;..
:'....'.....B...r.......
.9...wjp
14:43:27.604108 IP (tos 0x10, ttl 64, id 46726, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.10.58.59622 > 172.16.10.59.9998: Flags [.], cksum 0x81b9 (correct), seq 2, ack 2, win 115, options [nop,nop,TS val 2893507185 ecr 3074012813], length 0
E..4..@.@.....
:..
;..'....B.'.....s.......
.wjq.9..

注：
Flags [.] ack
Flags [F] fin
Flags [S] syn
Flags [S.] syn+ack

TCP包的输出信息

用TCPDUMP捕获的TCP包的一般输出信息是：

src > dst: flags data-seqno ack window urgent options
src> dst:表明从源地址到目的地址, flags是TCP包中的标志信息,S 是SYN标志, F (FIN), P (PUSH) , R(RST) "." (没有标记); data-seqno是数据包中的数据的顺序号, ack是下次期望的顺序号,window是接收缓存的窗口大小, urgent表明数据包中是否有紧急指针. Options是选项.

UDP包的输出信息

    用TCPDUMP捕获的UDP包的一般输出信息是：

route.port1 > ice.port2: udp lenth
UDP十分简单，上面的输出行表明从主机ROUTE的port1端口发出的一个UDP数据包到主机ICE的port2端口，类型是UDP， 包的长度是lenth