hfcrwx

hfcrwx@163.com

Home

HPLSP

Published Jul 24, 2021

TCP/IP协议族

https://zh.wikipedia.org/zh-hans/RFC 请求评论

/etc/services 应用层协议

使用tcpdump观察ARP通信过程

172.29.233.89:

yum install telnet-server
yum install xinetd

systemctl enable xinetd.service
systemctl enable telnet.socket

systemctl start telnet.socket
systemctl start xinetd

//开启echo服务
vim /etc/xinetd.d/echo-stream
	disable         = no
systemctl restart xinetd

172.29.233.88:

arp -a
arp -d 172.29.233.89
tcpdump -i eth0 -ent '(dst 172.29.233.89 and src 172.29.233.88) or (dst 172.29.233.88 and src 172.29.233.89)'

yum install telnet
telnet 172.29.233.89 echo

[root@iZ2ze7qslbwa07f03lfmehZ ~]# tcpdump -i eth0 -ent '(dst 172.29.233.89 and src 172.29.233.88) or (dst 172.29.233.88 and src 172.29.233.89)'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:16:3e:06:4c:30 > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 172.29.233.89 tell 172.29.233.88, length 28
ee:ff:ff:ff:ff:ff > 00:16:3e:06:4c:30, ethertype ARP (0x0806), length 42: Reply 172.29.233.89 is-at ee:ff:ff:ff:ff:ff, length 28

使用tcpdump观察DNS通信过程

[root@iZ2ze7qslbwa07f03lfmehZ ~]# cat /etc/resolv.conf 
options timeout:2 attempts:3 rotate single-request-reopen
; generated by /usr/sbin/dhclient-script
nameserver 100.100.2.136
nameserver 100.100.2.138

yum install bind-utils
host -t A www.baidu.com

[root@iZ2ze7qslbwa07f03lfmehZ ~]# tcpdump -i eth0 -nt -s 500 port domain
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 500 bytes
IP 172.29.233.88.60188 > 100.100.2.136.domain: 31998+ A? www.baidu.com. (31)
IP 100.100.2.136.domain > 172.29.233.88.60188: 31998 3/0/0 CNAME www.a.shifen.com., A 110.242.68.3, A 110.242.68.4 (93)

[root@iZ2ze7qslbwa07f03lfmehZ ~]# tcpdump -i eth0 -nt -s 500 port domain -X
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 500 bytes
IP 172.29.233.88.56218 > 100.100.2.136.domain: 11405+ A? www.baidu.com. (31)
	0x0000:  4500 003b 3823 0000 4011 462d ac1d e958  E..;8#..@.F-...X
	0x0010:  6464 0288 db9a 0035 0027 fc9a 2c8d 0100  dd.....5.'..,...
	0x0020:  0001 0000 0000 0000 0377 7777 0562 6169  .........www.bai
	0x0030:  6475 0363 6f6d 0000 0100 01              du.com.....
IP 100.100.2.136.domain > 172.29.233.88.56218: 11405 3/0/0 CNAME www.a.shifen.com., A 110.242.68.3, A 110.242.68.4 (93)
	0x0000:  4500 0079 3823 0000 8011 05ef 6464 0288  E..y8#......dd..
	0x0010:  ac1d e958 0035 db9a 0065 0000 2c8d 8180  ...X.5...e..,...
	0x0020:  0001 0003 0000 0000 0377 7777 0562 6169  .........www.bai
	0x0030:  6475 0363 6f6d 0000 0100 01c0 0c00 0500  du.com..........
	0x0040:  0100 0000 f800 1203 7777 7701 6106 7368  ........www.a.sh
	0x0050:  6966 656e 0363 6f6d 00c0 2b00 0100 0100  ifen.com..+.....
	0x0060:  0000 0800 046e f244 03c0 2b00 0100 0100  .....n.D..+.....
	0x0070:  0000 0800 046e f244 04                   .....n.D.

IP协议详解

/etc/protocols

traceroute

使用tcpdump观察IPv4头部结构

telnet 127.0.0.1

[root@iZ2ze7qslbwa07f03lfmehZ ~]# tcpdump -ntx -i lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 127.0.0.1.45930 > 127.0.0.1.telnet: Flags [S], seq 3069050128, win 43690, options [mss 65495,sackOK,TS val 2810427262 ecr 0,nop,wscale 7], length 0
	0x0000:  4510 003c 4a6e 4000 4006 f23b 7f00 0001
	0x0010:  7f00 0001 b36a 0017 b6ed fd10 0000 0000
	0x0020:  a002 aaaa fe30 0000 0204 ffd7 0402 080a
	0x0030:  a783 b77e 0000 0000 0103 0307

IP分片

ping 172.29.233.89 -s 1473

[root@iZ2ze7qslbwa07f03lfmehZ ~]# tcpdump -ntv -i eth0 icmp
...
IP (tos 0x0, ttl 64, id 39471, offset 0, flags [+], proto ICMP (1), length 1500)
    172.29.233.88 > 172.29.233.89: ICMP echo request, id 24197, seq 1, length 1480
IP (tos 0x0, ttl 64, id 39471, offset 1480, flags [none], proto ICMP (1), length 21)
    172.29.233.88 > 172.29.233.89: ip-proto-1

springsnail

yum install bind-utils

[root@iZ2ze7qslbwa07f03lfmegZ 14]# nslookup music.163.com
Server:		100.100.2.136
Address:	100.100.2.136#53

Non-authoritative answer:
music.163.com	canonical name = music.ntes53.netease.com.
music.ntes53.netease.com	canonical name = bgpv4.music.ntes53.netease.com.
Name:	bgpv4.music.ntes53.netease.com
Address: 59.111.160.195
Name:	bgpv4.music.ntes53.netease.com
Address: 59.111.160.197

./springsnail -f config.xml

yum install nmap-ncat
nc localhost 12345