Fatal编程技术网
  • networking/
  • Networking 从tpcdump中提取信息

Networking 从tpcdump中提取信息

networking tcp

Networking 从tpcdump中提取信息,networking,tcp,tcpdump,Networking,Tcp,Tcpdump,我正在使用tpc dumnp收集我的两台服务器的网络统计数据。我需要帮助来解码日志。有很多页面解释我们可以传递的参数,但是,我从哪里可以获得有关如何使用日志转储的详细信息。我从基本命令开始,我正在尝试包装我收到的消息 设立: node01和node02是两台服务器;node02正在通过网络将文件复制到node01,然后输出 "tcpdump -i em2" "14:36:40.102634 IP node01.ssh > node02.32769: Flags [P.], seq 4449

我正在使用tpc dumnp收集我的两台服务器的网络统计数据。我需要帮助来解码日志。有很多页面解释我们可以传递的参数,但是,我从哪里可以获得有关如何使用日志转储的详细信息。我从基本命令开始,我正在尝试包装我收到的消息

设立: node01和node02是两台服务器;node02正在通过网络将文件复制到node01,然后输出

"tcpdump -i em2"
"14:36:40.102634 IP node01.ssh > node02.32769: Flags [P.], seq 44496:44532, ack 147123477, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 36
14:36:40.102718 IP node02.32769 > node01.ssh: Flags [.], seq 147123477:147140853, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 17376
14:36:40.102728 IP node01.ssh > node02.32769: Flags [.], ack 147140853, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.102867 IP node02.32769 > node01.ssh: Flags [.], seq 147140853:147158229, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 17376
14:36:40.102879 IP node01.ssh > node02.32769: Flags [.], ack 147158229, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.103013 IP node02.32769 > node01.ssh: Flags [.], seq 147158229:147175605, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 17376
14:36:40.103024 IP node01.ssh > node02.32769: Flags [.], ack 147175605, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.103160 IP node02.32769 > node01.ssh: Flags [.], seq 147175605:147185741, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 10136
14:36:40.103173 IP node01.ssh > node02.32769: Flags [.], ack 147185741, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.103178 IP node02.32769 > node01.ssh: Flags [.], seq 147185741:147192981, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 7240
14:36:40.103185 IP node01.ssh > node02.32769: Flags [.], ack 147192981, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103309 IP node02.32769 > node01.ssh: Flags [.], seq 147192981:147210357, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103321 IP node01.ssh > node02.32769: Flags [.], ack 147210357, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103459 IP node02.32769 > node01.ssh: Flags [.], seq 147210357:147227733, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103471 IP node01.ssh > node02.32769: Flags [.], ack 147227733, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103604 IP node02.32769 > node01.ssh: Flags [.], seq 147227733:147245109, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103614 IP node01.ssh > node02.32769: Flags [.], ack 147245109, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103701 IP node01.ssh > node02.32769: Flags [P.], seq 44532:44568, ack 147245109, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 36
14:36:40.103752 IP node02.32769 > node01.ssh: Flags [.], seq 147245109:147262485, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103760 IP node01.ssh > node02.32769: Flags [.], ack 147262485, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103900 IP node02.32769 > node01.ssh: Flags [.], seq 147262485:147279861, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103911 IP node01.ssh > node02.32769: Flags [.], ack 147279861, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104048 IP node02.32769 > node01.ssh: Flags [.], seq 147279861:147297237, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104061 IP node01.ssh > node02.32769: Flags [.], ack 147297237, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104195 IP node02.32769 > node01.ssh: Flags [.], seq 147297237:147314613, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104210 IP node01.ssh > node02.32769: Flags [.], ack 147314613, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104339 IP node02.32769 > node01.ssh: Flags [.], seq 147314613:147316061, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 1448
14:36:40.104352 IP node02.32769 > node01.ssh: Flags [.], seq 147316061:147331989, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 15928
14:36:40.104362 IP node01.ssh > node02.32769: Flags [.], ack 147331989, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104490 IP node02.32769 > node01.ssh: Flags [.], seq 147331989:147349365, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104503 IP node01.ssh > node02.32769: Flags [.], ack 147349365, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104638 IP node02.32769 > node01.ssh: Flags [.], seq 147349365:147366741, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104651 IP node01.ssh > node02.32769: Flags [.], ack 147366741, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104785 IP node02.32769 > node01.ssh: Flags [.], seq 147366741:147384117, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104794 IP node01.ssh > node02.32769: Flags [.], ack 147384117, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0"
我看到时间戳;其次是来源>目的地;但除此之外,我不了解其他信息 什么是旗帜?顺序?阿克?赢选择?长度?在上面的日志转储中

感谢

要理解这些值,您需要阅读有关TCP的内容。您可以从这里开始:然后阅读TCP RFC

  • 标志:TCP标志(同步、推送、确认(点)等)
  • ACK,是正在确认的序列号(预期下一个序列号),SEQ是正在发送的第一个序列号
  • Win:发件人发布的窗口大小
  • 长度:用于TCP负载
  • 选项:TCP选项
      • 要理解这些值,您需要阅读有关TCP的内容。您可以从这里开始:然后阅读TCP RFC

      • 标志:TCP标志(同步、推送、确认(点)等)
      • ACK,是正在确认的序列号(预期下一个序列号),SEQ是正在发送的第一个序列号
      • Win:发件人发布的窗口大小
      • 长度:用于TCP负载
      • 选项:TCP选项
      使用wireshark帮助您解码所有这些。另外,请阅读TCP。以下是规范:您试图从该日志中了解什么?@immibis我想了解数据包/事务延迟如何随文件大小/接口带宽而变化。请使用wireshark帮助您解码所有这些。另外,请阅读TCP。以下是规范:您试图从该日志中了解什么?@immibis我想了解数据包/事务延迟如何随文件大小/接口带宽而变化。