Question

我正在使用tpc dumnp来收集两台服务器的网络统计信息。我需要帮助才能解码logs.There有许多页面解释我们可以传递的参数但是，我在哪里可以获得有关如何使用日志转储的详细信息。我从基本命令开始，我正在尝试回复我收到的消息。

设置： node01和node02是两台服务器; node02正在通过网络将文件复制到node01。

"tcpdump -i em2"
"14:36:40.102634 IP node01.ssh > node02.32769: Flags [P.], seq 44496:44532, ack 147123477, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 36
14:36:40.102718 IP node02.32769 > node01.ssh: Flags [.], seq 147123477:147140853, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 17376
14:36:40.102728 IP node01.ssh > node02.32769: Flags [.], ack 147140853, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.102867 IP node02.32769 > node01.ssh: Flags [.], seq 147140853:147158229, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 17376
14:36:40.102879 IP node01.ssh > node02.32769: Flags [.], ack 147158229, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.103013 IP node02.32769 > node01.ssh: Flags [.], seq 147158229:147175605, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 17376
14:36:40.103024 IP node01.ssh > node02.32769: Flags [.], ack 147175605, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.103160 IP node02.32769 > node01.ssh: Flags [.], seq 147175605:147185741, ack 44496, win 367, options [nop,nop,TS val 733137079 ecr 718312460], length 10136
14:36:40.103173 IP node01.ssh > node02.32769: Flags [.], ack 147185741, win 15023, options [nop,nop,TS val 718312461 ecr 733137079], length 0
14:36:40.103178 IP node02.32769 > node01.ssh: Flags [.], seq 147185741:147192981, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 7240
14:36:40.103185 IP node01.ssh > node02.32769: Flags [.], ack 147192981, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103309 IP node02.32769 > node01.ssh: Flags [.], seq 147192981:147210357, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103321 IP node01.ssh > node02.32769: Flags [.], ack 147210357, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103459 IP node02.32769 > node01.ssh: Flags [.], seq 147210357:147227733, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103471 IP node01.ssh > node02.32769: Flags [.], ack 147227733, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103604 IP node02.32769 > node01.ssh: Flags [.], seq 147227733:147245109, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103614 IP node01.ssh > node02.32769: Flags [.], ack 147245109, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103701 IP node01.ssh > node02.32769: Flags [P.], seq 44532:44568, ack 147245109, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 36
14:36:40.103752 IP node02.32769 > node01.ssh: Flags [.], seq 147245109:147262485, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103760 IP node01.ssh > node02.32769: Flags [.], ack 147262485, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.103900 IP node02.32769 > node01.ssh: Flags [.], seq 147262485:147279861, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.103911 IP node01.ssh > node02.32769: Flags [.], ack 147279861, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104048 IP node02.32769 > node01.ssh: Flags [.], seq 147279861:147297237, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104061 IP node01.ssh > node02.32769: Flags [.], ack 147297237, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104195 IP node02.32769 > node01.ssh: Flags [.], seq 147297237:147314613, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104210 IP node01.ssh > node02.32769: Flags [.], ack 147314613, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104339 IP node02.32769 > node01.ssh: Flags [.], seq 147314613:147316061, ack 44532, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 1448
14:36:40.104352 IP node02.32769 > node01.ssh: Flags [.], seq 147316061:147331989, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 15928
14:36:40.104362 IP node01.ssh > node02.32769: Flags [.], ack 147331989, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104490 IP node02.32769 > node01.ssh: Flags [.], seq 147331989:147349365, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104503 IP node01.ssh > node02.32769: Flags [.], ack 147349365, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104638 IP node02.32769 > node01.ssh: Flags [.], seq 147349365:147366741, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104651 IP node01.ssh > node02.32769: Flags [.], ack 147366741, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0
14:36:40.104785 IP node02.32769 > node01.ssh: Flags [.], seq 147366741:147384117, ack 44568, win 367, options [nop,nop,TS val 733137080 ecr 718312461], length 17376
14:36:40.104794 IP node01.ssh > node02.32769: Flags [.], ack 147384117, win 15023, options [nop,nop,TS val 718312461 ecr 733137080], length 0"

我看到了时间戳;然后是来源＆gt;目的地;但除此之外，我不了解其他信息什么是旗帜？以次？ ACK？赢得？选择？长度？在上面的日志转储？

感谢

Answer 1

要了解这些值，您需要阅读有关TCP的信息。您可以从这里开始：https://en.wikipedia.org/wiki/Transmission_Control_Protocol然后阅读TCP RFC。

标志：TCP标志（同步，推送，确认（点）等）
ACK，是被确认的序列号（预期的下一个序列号），SEQ被发送的第一个序列号
Win：发件人发布的窗口大小
长度：用于TCP有效负载
选项：TCP选项

从tpcdump中提取信息

1 个答案: