我在尝试学习tcpdump。我运行了以下命令:-
tcpdump -i eth0 -lnXs1600 host google.com and port 80
并得到以下结果:-
2:23:45.781779 IP 10.16.30.28.42957 > 173.194.36.65.http: Flags [S], seq 3301439566, win 5840, options [mss 1460,sackOK,TS val 212804497 ecr 0,nop,wscale 5], length 0
0x0000: 4500 003c dbdf 4000 4006 64ad 0a10 1e1c E..<..@[email protected].....
0x0010: adc2 2441 a7cd 0050 c4c7 f84e 0000 0000 ..$A...P...N....
0x0020: a002 16d0 a18e 0000 0204 05b4 0402 080a ................
0x0030: 0caf 2391 0000 0000 0103 0305 ..#.........
12:23:45.782354 IP 173.194.36.65.http > 10.16.30.28.42957: Flags [S.], seq 3225093944, ack 3301439567, win 32768, options [mss 1460,nop,wscale 0,nop,nop,TS val 102501848 ecr 212804497,sackOK,eol], length 0
0x0000: 4500 0040 d258 4000 3f06 6f30 adc2 2441 [email protected]@.?.o0..$A
0x0010: 0a10 1e1c 0050 a7cd c03b 0738 c4c7 f84f .....P...;.8...O
0x0020: b012 8000 4be5 0000 0204 05b4 0103 0300 ....K...........
0x0030: 0101 080a 061c 0dd8 0caf 2391 0402 0000 ..........#.....
12:23:45.782513 IP 10.16.30.28.42957 > 173.194.36.65.http: Flags [.], ack 1, win 183, options [nop,nop,TS val 212804497 ecr 102501848], length 0
0x0000: 4500 0034 dbe0 4000 4006 64b4 0a10 1e1c E..4..@[email protected].....
0x0010: adc2 2441 a7cd 0050 c4c7 f84f c03b 0739 ..$A...P...O.;.9
0x0020: 8010 00b7 0af9 0000 0101 080a 0caf 2391 ..............#.
0x0030: 061c 0dd8 ....
12:23:45.783359 IP 10.16.30.28.42957 > 173.194.36.65.http: Flags [P.], seq 1:374, ack 1, win 183, options [nop,nop,TS val 212804498 ecr 102501848], length 373
0x0000: 4500 01a9 dbe1 4000 4006 633e 0a10 1e1c E.....@[email protected]>....
0x0010: adc2 2441 a7cd 0050 c4c7 f84f c03b 0739 ..$A...P...O.;.9
0x0020: 8018 00b7 2113 0000 0101 080a 0caf 2392 ....!.........#.
0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31 ....GET./.HTTP/1
0x0040: 2e31 0d0a 486f 7374 3a20 676f 6f67 6c65 .1..Host:.google
0x0050: 2e63 6f6d 0d0a 5573 6572 2d41 6765 6e74 .com..User-Agent
0x0060: 3a20 454c 696e 6b73 2f30 2e31 3270 7265 :.ELinks/0.12pre
0x0070: 3520 2874 6578 746d 6f64 653b 204c 696e 5.(textmode;.Lin
0x0080: 7578 3b20 3830 7832 342d 3229 0d0a 4163 ux;.80x24-2)..Ac
0x0090: 6365 7074 3a20 2a2f 2a0d 0a41 6363 6570 cept:.*/*..Accep
0x00a0: 742d 4c61 6e67 7561 6765 3a20 656e 0d0a t-Language:.en..
0x00b0: 436f 6e6e 6563 7469 6f6e 3a20 4b65 6570 Connection:.Keep
0x00c0: 2d41 6c69 7665 0d0a 436f 6f6b 6965 3a20 -Alive..Cookie:.
0x00d0: 5052 4546 3d49 443d 3066 3366 3864 3864 PREF=ID=0f3f8d8d
0x00e0: 3538 6535 6534 6333 3a46 463d 303a 544d 58e5e4c3:FF=0:TM
0x00f0: 3d31 3337 3234 3332 3939 373a 4c4d 3d31 =1372432997:LM=1
0x0100: 3337 3234 3332 3939 373a 533d 4e7a 776e 372432997:S=Nzwn
0x0110: 5a72 5a51 2d70 5f75 515a 666e 3b20 4e49 ZrZQ-p_uQZfn;.NI
0x0120: 443d 3637 3d52 5a7a 3556 3072 5f4e 7849 D=67=RZz5V0r_NxI
0x0130: 3470 3631 4875 354d 684a 7653 5235 5074 4p61Hu5MhJvSR5Pt
0x0140: 6149 4a4f 6d72 6c32 7844 5f42 356c 4c78 aIJOmrl2xD_B5lLx
0x0150: 6a65 756a 592d 4379 7562 4353 6b55 6a4c jeujY-CyubCSkUjL
0x0160: 656f 5a49 5757 5334 5f78 2d6d 5551 6e6e eoZIWWS4_x-mUQnn
0x0170: 3831 5067 586a 426e 7771 386f 365a 3775 81PgXjBnwq8o6Z7u
0x0180: 3953 6459 776e 5453 7155 706e 5946 7842 9SdYwnTSqUpnYFxB
0x0190: 347a 795a 3036 6e75 6355 5f47 582d 4e78 4zyZ06nucU_GX-Nx
0x01a0: 475f 6544 310d 0a0d 0a G_eD1....
我想知道0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31
该行代表什么0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31 ....GET./.HTTP/1
任何帮助将不胜感激。
答案1
0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31 stands for in the line 0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31
这是数据包中数据的十六进制表示形式,从字节号0x0030或开始48。 06是字节 48,1c是字节 49,依此类推。
....GET./.HTTP/1
是与上面相同的有效负载字符串的文本表示。