tcpdump Flags 意思
tcpdump输出的时候,看到Flags[S],Flags[.],Flags[S.],Flags[P]
tcpdump -i lo tcp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
17:25:17.944030 IP localhost.http > localhost.39740: Flags [F.], seq 1095695913, ack 4186916696, win 512, options [nop,nop,TS val 932462 ecr 927461], length 0
17:25:17.944106 IP localhost.http > localhost.39738: Flags [F.], seq 2896031688, ack 35398580, win 512, options [nop,nop,TS val 932462 ecr 927458], length 0
17:25:17.987834 IP localhost.39738 > localhost.http: Flags [.], ack 1, win 1535, options [nop,nop,TS val 932506 ecr 932462], length 0
17:25:17.987860 IP localhost.39740 > localhost.http: Flags [.], ack 1, win 1535, options [nop,nop,TS val 932506 ecr 932462], length 0
17:25:18.542714 IP localhost.39738 > localhost.http: Flags [F.], seq 1, ack 1, win 1535, options [nop,nop,TS val 933061 ecr 932462], length 0
17:25:18.542754 IP localhost.http > localhost.39738: Flags [.], ack 2, win 512, options [nop,nop,TS val 933061 ecr 933061], length 0
17:25:18.542932 IP localhost.46984 > localhost.9614: Flags [S], seq 3512844352, win 65495, options [mss 65495,sackOK,TS val 933061 ecr 0,nop,wscale 7], length 0
17:25:18.542951 IP localhost.9614 > localhost.46984: Flags [R.], seq 0, ack 3512844353, win 0, length 0
Tcpflags are some combination of S (SYN), F (FIN), P (PUSH), R (RST), U (URG), W (ECN CWR), E
(ECN-Echo) or `.' (ACK), or `none' if no flags are set. Data-seqno describes the portion of sequence space covered by the data in this packet (see example be‐
Iptype, Src, dst, and flags are always present. The other fields depend on the contents of the packet's TCP protocol header and are output only if appropriate.
Some offsets and field values may be expressed as names rather than as numeric values. For example tcp[13] may be replaced with tcp[tcpflags]. The following TCP
tcpdump -i xl0 'tcp[tcpflags] & tcp-push != 0'
本文链接地址:https://const.net.cn/587.html