一次关于tcpdump的使用心得
公司出现我们service 错误,我之前一直是用wireshark 比较多的。
但是linux 只有tcpdump,于是我就使用tcpdump
我们的user-service是8810,于是我输入
sudo tcpdump -vv -i eth1 src port 8810||dst port 8810 tcp
-i 是网卡
src port 是源端口
dst port 是目的端口
但是这时候没有数据 于是我又加了-A
sudo tcpdump -A -vv -i eth1 src port 8810||dst port 8810 tcp
出现了数据
12:40:09.764585 IP (tos 0x0, ttl 64, id 61424, offset 0, flags [DF], proto TCP (6), length 148)
testvm-102.8810 > 192.168.255.101.52028: Flags [P.], cksum 0x80a4 (incorrect -> 0x5c44), seq 2707:2803, ack 647, win 294, options [nop,nop,TS val 181844277 ecr 2681762457], length 96
E.....@[email protected]"j.<]$...r.g...&.......
..5..r....P........-f.W{"errno":0,"data":{"code":0,"data":{"username":"16621086246","uid":"10002614"}}}
12:40:09.786272 IP (tos 0x0, ttl 64, id 61425, offset 0, flags [DF], proto TCP (6), length 1344)
testvm-102.8810 > 192.168.255.101.52028: Flags [P.], cksum 0x8550 (incorrect -> 0xeb49), seq 2803:4095, ack 790, win 302, options [nop,nop,TS val 181844282 ecr 2681762462], length 1292
E..@..@[email protected]"j.<]$...r.......P.....
..:..r...............xW{"errno":0,"data":"{\"code\":1,\"uid\":\"10002614\",\"nick\":\"da\",\"avatar\":\"http:\\\/\\\/picture.eclicks.cn\\\/g2\\\/l\\\/2019\\\/02\\\/12\\\/4656bcaf2046f703_640_640.jpg\",\"reg_ip\":\"0\",\"reg_time\":\"1540366703\",\"reg_openid\":\"\",\"type\":\"2\",\"identity\":\"0\",\"admires\":\"0\",\"gold\":\"36295\",\"topics\":\"592\",\"posts\":\"211\",\"kernels\":\"32\",\"gods\":\"0\",\"favorites\":\"0\",\"imgs\":\"0\",\"forums\":\"8\",\"exp\":\"6825\",\"sex\":\"1\",\"sign\":\"\u6d4b\u8bd5\",\"phone\":\"16621086246\",\"last_topic_time\":\"1574330566\",\"unread_notifies\":\"4\",\"unread_reminds\":\"4\",\"unread_admire\":\"0\",\"cartype\":\"158\",\"cityid\":\"90\",\"driving_years\":\"2017\",\"wallpaper\":\"\",\"last_login_day\":\"1544716800\",\"admin_type\":\"1\",\"continue_login_days\":\"2\",\"change_carnum\":\"2\",\"app_source\":\"1\",\"last_login_app\":\"1\",\"following_total\":\"8\",\"follower_total\":\"56\",\"ignore_total\":\"0\",\"mtime\":\"1571037245\",\"birthday\":\"475473600\",\"disable_stranger_tip\":\"0\",\"level\":7,\"level_up_percent\":\"94%\",\"need_exp\":7000,\"user_identity\":{\"title\":\"\u5b98\u65b9\",\"type\":1,\"level\":1,\"pic\":\"http:\\\/\\\/picture.eclicks.cn\\\/g2\\\/l\\\/2019\\\/12\\\/06\\\/16648000e57451c1_210_53.png\"},\"data\":[]}"}
12:40:09.802541 IP (tos 0x0, ttl 64, id 61426, offset 0, flags [DF], proto TCP (6), length 1316)
testvm-102.8810 > 192.168.255.101.52028: Flags [P.], cksum 0x8534 (incorrect -> 0x6798), seq 4095:5359, ack 951, win 310, options [nop,nop,TS val 181844286 ecr 2681762464], length 1264
E..$..@[email protected]"j.<]$...r.....6.4.....
..>..r.................{"errno":0,"data":{"code":0,"data":{"uid":"10002614","nick":"da","avatar":"http:\/\/picture.eclicks.cn\/g2\/l\/2019\/02\/12\/4656bcaf2046f703_640_640.jpg","reg_time":"1540366703","type":"2","gold":"36295","topics":"592","posts":"211","kernels":"32","gods":"0","favorites":"0","admires":"0","imgs":"0","exp":"6825","sex":"1","sign":"\u6d4b\u8bd5","forums":"8","last_topic_time":"1574330566","wallpaper":"","driving_years":2,"cartype":"158","cityid":"90","admin_type":"1","change_carnum":"2","continue_login_days":"2","following_total":"8","follower_total":"56","last_login_day":"1544716800","birthday":"475473600","app_source":"1","unread_admire":"0","unread_reminds":"4","unread_notifies":"4","reg_openid":"","last_login_app":"1","user_identity":{"title":"\u5b98\u65b9","type":1,"level":1,"pic":"http:\/\/picture.eclicks.cn\/g2\/l\/2019\/12\/06\/16648000e57451c1_210_53.png"},"small_logo_h":"44","small_logo_w":"34","small_logo":"http:\/\/picture.eclicks.cn\/2014\/01\/17\/588263c808183139_34_44.png","car_name":"\u4fdd\u65f6\u6377 \u4fdd\u65f6\u6377911","vip":0,"vip_expire":"","big_player":1,"white_status":"1","user_title":[],"if_honorForumManager":0,"is_receive_wheel_children":"1","level":7,"need_exp":7000,"level_up_percent":"94%","auth":0}}}