tcpdump追查问题

最新推荐文章于 2025-03-05 15:21:31 发布

luohandsome

最新推荐文章于 2025-03-05 15:21:31 发布

阅读量1.5k

点赞数

分类专栏：技术文章标签：网络

本文链接：https://blog.youkuaiyun.com/luohandsome/article/details/48263547

版权

技术专栏收录该内容

29 篇文章

订阅专栏

本文通过分析tcpdump捕获的网络包，展示了TCP三次握手的正常过程，并提供了一个实例，说明当服务器发送RST包时，连接未能成功建立的原因，指出程序中将服务器绑定地址错误设置为本地主机而非'0.0.0.0'导致的问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

ubuntu@10-7-2-132:~$ sudo tcpdump tcp port 9000 -vv -i lo
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
23:00:44.637134 IP (tos 0×0, ttl 64, id 57090, offset 0, flags [DF], proto TCP (6), length 60)
localhost.47929 > localhost.9000: Flags [S], cksum 0xfe30 (incorrect -> 0xd0a7), seq 3699593286, win 43690, options [mss 65495,sackOK,TS val 974622532 ecr 0,nop,wscale 7], length 0
23:00:44.637148 IP (tos 0×0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
localhost.9000 > localhost.47929: Flags [S.], cksum 0xfe30 (incorrect -> 0×7295), seq 32215738, ack 3699593287, win 43690, options [mss 65495,sackOK,TS val 974622532 ecr 974622532,nop,wscale 7], length 0
23:00:44.637160 IP (tos 0×0, ttl 64, id 57091, offset 0, flags [DF], proto TCP (6), length 52)
localhost.47929 > localhost.9000: Flags [.], cksum 0xfe28 (incorrect -> 0x44da), seq 1, ack 1, win 342, options [nop,nop,TS val 974622532 ecr 974622532], length 0
23:00:44.638472 IP (tos 0×0, ttl 64, id 57092, offset 0, flags [DF], proto TCP (6), length 118)
localhost.47929 > localhost.9000: Flags [P.], cksum 0xfe6a (incorrect -> 0x65b1), seq 1:67, ack 1, win 342, options [nop,nop,TS val 974622532 ecr 974622532], length 66
23:00:44.638517 IP (tos 0×0, ttl 64, id 7679, offset 0, flags [DF], proto TCP (6), length 52)
localhost.9000 > localhost.47929: Flags [.], cksum 0xfe28 (incorrect -> 0×4498), seq 1, ack 67, win 342, options [nop,nop,TS val 974622532 ecr 974622532], length 0
23:00:44.638658 IP (tos 0×0, ttl 64, id 57093, offset 0, flags [DF], proto TCP (6), length 52)
localhost.47929 > localhost.9000: Flags [F.], cksum 0xfe28 (incorrect -> 0×4497), seq 67, ack 1, win 342, options [nop,nop,TS val 974622532 ecr 974622532], length 0
23:00:44.638736 IP (tos 0×0, ttl 64, id 7680, offset 0, flags [DF], proto TCP (6), length 52)
localhost.9000 > localhost.47929: Flags [F.], cksum 0xfe28 (incorrect -> 0×4496), seq 1, ack 68, win 342, options [nop,nop,TS val 974622532 ecr 974622532], length 0
23:00:44.638745 IP (tos 0×0, ttl 64, id 57094, offset 0, flags [DF], proto TCP (6), length 52)
localhost.47929 > localhost.9000: Flags [.], cksum 0xfe28 (incorrect -> 0×4496), seq 68, ack 2, win 342, options [nop,nop,TS val 974622532 ecr 974622532], length 0

1.客户端发syn包给服务器端
2.服务器发syn+ack包给客户端
3.客户端发ack包给服务器端，说明三次握手完成，连接建立
4.客户端发数据给服务器端
5.服务器端发ack给客户端
6.客户端发ack，之后主动close，发fin包给服务器端
7.服务器close，发ack + fin包给客户端
8.客户端发ack包，结束
这是正常流程

写一个测试程序监听9000端口，在另一台机器上连接这个端口，抓包之后的结果是这样的：
ubuntu@10-7-2-132:~$ sudo tcpdump tcp port 9000 -vv -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:14:53.996568 IP (tos 0×0, ttl 64, id 34033, offset 0, flags [DF], proto TCP (6), length 60)
slave2.54898 > 10-7-2-132.9000: Flags [S], cksum 0×2753 (incorrect -> 0xca1b), seq 164383188, win 14600, options [mss 1460,sackOK,TS val 56085797 ecr 0,nop,wscale 7], length 0
23:14:53.996693 IP (tos 0×0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
10-7-2-132.9000 > slave2.54898: Flags [R.], cksum 0x3b70 (correct), seq 0, ack 164383189, win 0, length 0

说明服务器端发reset包，连接没有建立起来。
实际上是因为程序有bug
不是
serversocket.bind((socket.gethostname(), port))
而是
serversocket.bind((’0.0.0.0′, port))