how tcp connection works?

已于 2022-01-31 18:54:36 修改
阅读量121 收藏
点赞数
CC 4.0 BY-SA版权
文章标签: tcp/ip linux 网络协议
于 2022-01-30 19:05:05 首次发布
原文链接:https://www.howtouselinux.com/post/linux-5-ways-to-check-a-remote-port-is-open
本文介绍如何利用tcpdump工具观察Linux系统上TCP连接的建立与终止过程。通过nc和telnet工具创建TCP服务器和客户端,并使用netstat验证连接状态。文章详细展示了使用tcpdump捕获三次握手和四次挥手的数据包。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

This post describes how to see TCP connection establishment and termination as packets using tcpdump on linux.

Preparing
Install following commands on your linux.

  • tcpdump
  • nc
  • telnet
  • netstat

See TCP connection establishment

1. start TCP server

Start TCP server using nc command with l,k option.
$ nc -lk 12345

Open a Listening port on Linux

Open another terminal and verify 12345 port is listening using netstat command.
$ netstat -anp | grep 12345
tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN /nc

2. start TCP client and establish connection

Start TCP client using telnet to establish TCP connection with TCP server of step 1.
$ telnet 127.0.0.1 12345
Trying 127.0.0.1…
Connected to 127.0.0.1.
Escape character is ‘^]’.
Open another terminal and verify nc process and telnet are establishing connection using netstat command.

5 ways to Check a remote port is open in Linux

$ netstat -anp | grep 12345
tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN /nc
tcp 0 0 127.0.0.1: 127.0.0.1:12345 ESTABLISHED /telnet
tcp 0 0 127.0.0.1:12345 127.0.0.1: ESTABLISHED /nc
Terminate TCP client with type “Ctrl+[” and “quit” on telnet. Then Connection is close.
$ telnet 127.0.0.1 12345
Trying 127.0.0.1…
Connected to 127.0.0.1.
Escape character is ‘^]’.
^]
telnet> quit
Connection closed.
$
It’s ready to see TCP connection establishment with tcpdump.

3. See TCP 3-Way Handshake as TCP connection establishment

Verify TCP server that start at step 1 listen 12345 port.
$ netstat -anp | grep 12345
tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN /nc
Perform tcpdump with specify local interface and port 12345 as follows.
$ sudo tcpdump -i lo -nnn port 12345
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
Start TCP client using telnet to establish TCP connection with TCP server of step 1.
$ telnet 127.0.0.1 12345
Trying 127.0.0.1…
Connected to 127.0.0.1.
Escape character is ‘^]’.

Tcpdump: Filter Packets By Port
Verify tcpdump output as follows.
HH:mm:ss.SSSSSS IP 127.0.0.1. > 127.0.0.1.12345: Flags [S], seq …
HH:mm:ss.SSSSSS IP 127.0.0.1.12345 > 127.0.0.1.: Flags [S.], seq …
HH:mm:ss.SSSSSS IP 127.0.0.1. > 127.0.0.1.12345: Flags [.], ack …
The format is as follows
timestamp IP source IP.port destination > IP.port: flags
First line means a SYN packet as “[S]” flag that telnet sent to TCP server.
Second line means SYN + ACK packet as “[S.]” flag that TCP server sent to telnet.
Third line means ACK packet as “[.]” flag that TCP server sent to telnet.
Exploring Tcpdump Filters with Examples
Understanding TCP Socket With Examples

See TCP connection termination

Open another terminal and verify nc process and telnet are establishing connection using netstat command.
$ netstat -anp | grep 12345
tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN /nc
tcp 0 0 127.0.0.1: 127.0.0.1:12345 ESTABLISHED /telnet
tcp 0 0 127.0.0.1:12345 127.0.0.1: ESTABLISHED /nc

3. See terminate TCP connection establishment

Keep tcpdump, and terminate TCP client with type “Ctrl+[” and “quit” on telnet. Then Connection is close.
$ telnet 127.0.0.1 12345
Trying 127.0.0.1…
Connected to 127.0.0.1.
Escape character is ‘^]’.
^]
telnet> quit
Connection closed.
$
Verify tcpdump output as follows.

Understanding TCP Flags SYN ACK RST FIN URG PSH
HH:mm:ss.SSSSSS IP 127.0.0.1. > 127.0.0.1.12345: Flags [F.], seq 1,
HH:mm:ss.SSSSSS IP 127.0.0.1.12345 > 127.0.0.1.: Flags [F.], seq 1,
HH:mm:ss.SSSSSS IP 127.0.0.1. > 127.0.0.1.12345: Flags [.], ack 2,
First line means a FIN packet as “[F]” flag that telnet sent to TCP server.
Second line means FIN + ACK packet as “[F.]” flag that TCP server sent to telnet.
Third line means ACK packet as “[.]” flag that TCP server sent to telnet.

Tcpdump: Filter Packets with Tcp Flags
Understanding TCP Connection with Examples
Understanding TCP Sequence Number with Examples

曹大卫779
关注
How SSL Certificate Connection Works in Nginx Configuration
AI天才研究院
08-03 856
对于Web开发者来说,SSL(Secure Sockets Layer,安全套接层)证书是一种经过认证的数字证书,可以确保网站提供的服务是加密且安全的。一般情况下,当用户打开访问网站时,浏览器会首先检查网站的域名是否与服务器的域名匹配,如果不匹配则提示警告信息,用户确认后才可继续访问;若域名与服务器名匹配,则浏览器会向服务器发出请求,通过建立连接、发送握手协议并进行证书验证,确认双方身份后,就可以传输数据。
通信协议缓冲区管理全景:TCP、UDP、ZMQ、DBus、SSL、SOME/IP通讯协议的缓冲区解析...
探索C++编程的奥秘,分享深入的技术见解和实践,旨在激发读者创造力与解决问题的思维。
11-16 1120
通信协议,是指在网络中进行数据交换的一组规则或标准。它们就像人类语言一样,定义了消息应该如何被格式化、传输和接收。在技术的世界里,这些协议就像是沟通的桥梁,连接着不同的设备和应用。
tcp linger
紫云的博客
06-27 725
关于linger   http://blog.sina.com.cn/s/blog_4b37468f0101ftpt.html 服务器一般不主动关闭fd
TCP三次握手和四次挥手以及缺陷(详细)
热门推荐
hacker00011000的专栏
08-25 1万+
建立TCP需要三次握手才能建立,而断开连接则需要四次握手。整个过程如下图所示:1、TCP连接建立——三次握手几个概念: 【1】seq:序号,占4个字节,范围[0,4284967296],由于TCP是面向字节流的,在一个1个TCP连接中传送字节流中国的每一个字节都按照顺序编号,此外序号是循环使用的 【2】ACK: 仅当ACK=1时确认字段才有效,当ACK=0时确认字段无效,并且TCP规定,在连接建
HCIE-Security安全-TCP的RST复位攻击(适合搞舍友)
qq_44667101的博客
03-23 1127
文章目录TCP的RST复位攻击攻击原理实验环境 TCP的RST复位攻击 攻击原理 (1)当A与B正在进行数据传输通信(已建立TCP连接); (2)这时hacker伪装了一个由服务器B给A发送的复位报文并发送给A; (3)A收到该复位报文,则会立即释放连接并清空缓存; (4)hacker会一直监听被攻击者A是否发出TCP连接请求,一旦监听到该TCP请求报文,hacker则会立即向被攻击者A发送TC...
How TCP backlog works in Linux
zhouguoqionghai的博客
09-05 404
原文地址 http://veithen.github.io/2014/01/01/how-tcp-backlog-works-in-linux.html When an application puts a socket into LISTEN state using the listen syscall, it needs to specify a backlog for that socke...
How are Websockets implemented?
suiusoar
10-20 702
WebSocket 是如何实现的?
tcp connection
weixin_34274029的博客
03-06 153
三次握手与四次挥手的原因 https://yq.aliyun.com/articles/7435?spm=5176.8091938.0.0.N4v33a linux里的backlog详解 tcp connection setup的实现(一) linux内核中tcp连接的断开处理 tcp connection setup的实现(二) 关于tcp_v4_do_rcv()中对TCP_LIST...
how linux tmux works
qq_62784677的博客
04-18 813
【代码】how linux tmux works
TCP Connection Termination
yixiayizi的专栏
01-06 1734
Normal Connection Termination In the normal case, each side terminates its end of the connection by sending a special message with the FIN (finish) bit set. This message, sometimes called a FIN, se
How Tomcat Works 第一章 - 了解HTTP、Socket、ServerSocket构建简单的 Web 服务器
qq_43600166的博客
08-06 987
本章主要是对第一章内容进行归纳,了解一个简单的HTTP服务器是如何运行,以及尝试搭建一个简单的服务器,所需要java.net里面的Socket和类的基本运用。在了解Socket和之后,手动简单搭建一个最基础的HTTP服务器。
18-TCP Connection Establishment and Termination
gaoxiangnumber1——Gao Xiang's Blog
10-09 1849
Please indicate the source: http://blog.youkuaiyun.com/gaoxiangnumber1Welcome to my github: https://github.com/gaoxiangnumber118.1 Introduction18.2 Connection Establishment and Termination To see what happen
Chapter 8 - 12. Congestion Management in TCP Storage Networks
mounter625的专栏
02-16 966
需要记住的重要一点是,不能因为某些东西在较新(新建环境)中运行良好,就不需要监控拥塞症状。这些值还取决于交换机的类型,因为不同的交换机有不同的架构和缓冲区大小。(以及其他通过通知终端设备来防止拥塞的方法)可能并不有效,因为从检测到拥塞到采取预防措施之间存在延迟。不过,在生产存储网络中,成百上千台设备可能以多对一的流量模式连接到同一网络。之后,随着网络的发展和成熟,拥塞的情况和严重程度可能会增加,从而激活。速率降低的延迟,其队列可能会填满,最终导致数据包丢弃。标记的数据包,最后,源降低速率。
Chapter 8 - 4. Congestion Management in TCP Storage Networks
mounter625的专栏
01-31 1235
但是,如果接收方的缓冲区快满了,它就会减小窗口大小,以减慢发送方的速度。因此,发送方的发送速度与接收方的接收速度相同。,它只对收到的数据包进行选择性确认,因此只传输丢失的数据包,而不是在丢失数据包后重传所有数据包,从而提高了数据包丢失时的性能。接收方会记住已接收数据包的序列号,如果很快又收到相同的序列号,就会丢弃重复的数据包。接收窗口和拥塞窗口的另一个区别是,只有接收窗口是由接收方向发送方公布的,而拥塞窗口是由发送方本地计算的。发送方的发送速率就是其上层所期望的速率,也是接收方接收窗口所公布的接收能力。
软路由 + 代理 IP 实现多手机不同公网 IP 分配教程
q2669689953的博客
07-16 183
2.使每个手机连接不同的 WiFi,实现每个 WiFi 对应一个独立 IP,相互之间无关联,就如同每个 WiFi 都是一个遍布在全国各地的家庭路由器。2.代理 IP 服务选择:挑选可靠的代理 IP 服务提供商,如兔子 IP等,根据使用场景和预算选择动态 IP 代理或静态 IP 代理,以及相应的套餐。通过以上步骤,可高效实现多手机不同公网 IP 的分配,适用于多种场景。1.例如手游工作室,为避免游戏检测系统制裁,需要一台设备一个 IP,此时可通过实体机搭建 ROS 软路由,配合兔子 IP,
Tcpdump使用
weixin_43332972的博客
07-17 407
tcpdump抓包工具
实训十——路由器与TCP/IP模型
m0_68754495的博客
07-16 687
本文摘要: 网络通信过程分析:1)同网段设备通过ARP广播获取目标MAC地址,交换机通过MAC地址表或泛洪机制转发数据;2)不同网段通信需借助路由器,通过静态或动态路由选择路径;3)特殊场景下逻辑网段重复会导致负载均衡和丢包问题。文中还详细介绍了TCP/IP四层模型及各层主要协议的功能,包括应用层的HTTP/FTP/DNS、传输层的TCP/UDP、网络层的IP/ICMP/ARP等协议的工作机制和应用场景。
【Python】通过cmd的shell命令获取局域网内所有IP、MAC地址,通过主机名获取IP
最新发布
Mike Zhou的博客
07-17 593
摘要:本文介绍通过Python脚本结合cmd命令获取局域网设备信息的方法。关键技术包括:1)使用ipconfig/all和arp -a命令获取IP和MAC地址;2)多线程ping扫描加速设备发现;3)通过nbtstat命令解析IP对应主机名;4)socket获取当前网关信息。代码实现了局域网设备探测、主机名解析和结果可视化功能,支持快速扫描网络中的活跃设备并显示其IP、MAC和主机名信息。项目代码已开源在Gitee平台。
隐藏源IP的核心方案与高防实践
@云安全小杜
07-14 924
【代码】隐藏源IP的核心方案与高防实践。
iQ-R mudbus TCP
02-25
### iQ-R Series Modbus TCP Configuration and Usage For configuring the Mitsubishi iQ-R series PLC to use Modbus TCP, several key points must be considered based on available resources[^4]. The setup involves both hardware configuration through software tools provided by Mitsubishi and programming adjustments within the PLC. #### Hardware Setup via Software Tools The initial step is setting up the network parameters using GX Works2 or other compatible engineering workstations. This includes assigning an IP address to the CPU module (such as R04CPU), which will act as either a server or client depending on application requirements. Once configured correctly, this allows communication over Ethernet networks following standard Modbus TCP protocols. #### Programming Adjustments Within the PLC Programming for Modbus TCP can involve utilizing specific function blocks designed for handling data exchange according to Modbus protocol standards. These may include commands like `MBW` (for writing multiple registers) or `MBS` (to read coils). It's important that these instructions are properly integrated into ladder logic diagrams or structured text programs written in ST language used with the iQ-R series devices. Additionally, when implementing Modbus TCP communications between different systems connected via Ethernet, ensuring proper timing settings prevents issues such as timeouts during transactions[^1]. ```python # Example Python code snippet demonstrating how one might configure basic socket connections similar to what would occur internally within a PLC program. import socket def establish_connection(ip_address='192.168.1.1', port=502): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((ip_address, port)) return s except Exception as e: print(f"Connection failed: {e}") raise ConnectionError("Failed to connect") connection = establish_connection() if connection: print("Successfully established Modbus TCP connection.") else: print("Could not establish Modbus TCP connection.") ``` This example illustrates establishing a simple TCP/IP connection but does not cover all aspects of actual implementation inside a real-world industrial control system where more complex configurations apply.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值