나는 배우려고 노력하고 있습니다 tcpdump
. 다음 명령을 실행했습니다.-
tcpdump -i eth0 -lnXs1600 host google.com and port 80
다음과 같은 결과를 얻었습니다.
2:23:45.781779 IP 10.16.30.28.42957 > 173.194.36.65.http: Flags [S], seq 3301439566, win 5840, options [mss 1460,sackOK,TS val 212804497 ecr 0,nop,wscale 5], length 0
0x0000: 4500 003c dbdf 4000 4006 64ad 0a10 1e1c E..<..@[email protected].....
0x0010: adc2 2441 a7cd 0050 c4c7 f84e 0000 0000 ..$A...P...N....
0x0020: a002 16d0 a18e 0000 0204 05b4 0402 080a ................
0x0030: 0caf 2391 0000 0000 0103 0305 ..#.........
12:23:45.782354 IP 173.194.36.65.http > 10.16.30.28.42957: Flags [S.], seq 3225093944, ack 3301439567, win 32768, options [mss 1460,nop,wscale 0,nop,nop,TS val 102501848 ecr 212804497,sackOK,eol], length 0
0x0000: 4500 0040 d258 4000 3f06 6f30 adc2 2441 [email protected]@.?.o0..$A
0x0010: 0a10 1e1c 0050 a7cd c03b 0738 c4c7 f84f .....P...;.8...O
0x0020: b012 8000 4be5 0000 0204 05b4 0103 0300 ....K...........
0x0030: 0101 080a 061c 0dd8 0caf 2391 0402 0000 ..........#.....
12:23:45.782513 IP 10.16.30.28.42957 > 173.194.36.65.http: Flags [.], ack 1, win 183, options [nop,nop,TS val 212804497 ecr 102501848], length 0
0x0000: 4500 0034 dbe0 4000 4006 64b4 0a10 1e1c E..4..@[email protected].....
0x0010: adc2 2441 a7cd 0050 c4c7 f84f c03b 0739 ..$A...P...O.;.9
0x0020: 8010 00b7 0af9 0000 0101 080a 0caf 2391 ..............#.
0x0030: 061c 0dd8 ....
12:23:45.783359 IP 10.16.30.28.42957 > 173.194.36.65.http: Flags [P.], seq 1:374, ack 1, win 183, options [nop,nop,TS val 212804498 ecr 102501848], length 373
0x0000: 4500 01a9 dbe1 4000 4006 633e 0a10 1e1c E.....@[email protected]>....
0x0010: adc2 2441 a7cd 0050 c4c7 f84f c03b 0739 ..$A...P...O.;.9
0x0020: 8018 00b7 2113 0000 0101 080a 0caf 2392 ....!.........#.
0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31 ....GET./.HTTP/1
0x0040: 2e31 0d0a 486f 7374 3a20 676f 6f67 6c65 .1..Host:.google
0x0050: 2e63 6f6d 0d0a 5573 6572 2d41 6765 6e74 .com..User-Agent
0x0060: 3a20 454c 696e 6b73 2f30 2e31 3270 7265 :.ELinks/0.12pre
0x0070: 3520 2874 6578 746d 6f64 653b 204c 696e 5.(textmode;.Lin
0x0080: 7578 3b20 3830 7832 342d 3229 0d0a 4163 ux;.80x24-2)..Ac
0x0090: 6365 7074 3a20 2a2f 2a0d 0a41 6363 6570 cept:.*/*..Accep
0x00a0: 742d 4c61 6e67 7561 6765 3a20 656e 0d0a t-Language:.en..
0x00b0: 436f 6e6e 6563 7469 6f6e 3a20 4b65 6570 Connection:.Keep
0x00c0: 2d41 6c69 7665 0d0a 436f 6f6b 6965 3a20 -Alive..Cookie:.
0x00d0: 5052 4546 3d49 443d 3066 3366 3864 3864 PREF=ID=0f3f8d8d
0x00e0: 3538 6535 6534 6333 3a46 463d 303a 544d 58e5e4c3:FF=0:TM
0x00f0: 3d31 3337 3234 3332 3939 373a 4c4d 3d31 =1372432997:LM=1
0x0100: 3337 3234 3332 3939 373a 533d 4e7a 776e 372432997:S=Nzwn
0x0110: 5a72 5a51 2d70 5f75 515a 666e 3b20 4e49 ZrZQ-p_uQZfn;.NI
0x0120: 443d 3637 3d52 5a7a 3556 3072 5f4e 7849 D=67=RZz5V0r_NxI
0x0130: 3470 3631 4875 354d 684a 7653 5235 5074 4p61Hu5MhJvSR5Pt
0x0140: 6149 4a4f 6d72 6c32 7844 5f42 356c 4c78 aIJOmrl2xD_B5lLx
0x0150: 6a65 756a 592d 4379 7562 4353 6b55 6a4c jeujY-CyubCSkUjL
0x0160: 656f 5a49 5757 5334 5f78 2d6d 5551 6e6e eoZIWWS4_x-mUQnn
0x0170: 3831 5067 586a 426e 7771 386f 365a 3775 81PgXjBnwq8o6Z7u
0x0180: 3953 6459 776e 5453 7155 706e 5946 7842 9SdYwnTSqUpnYFxB
0x0190: 347a 795a 3036 6e75 6355 5f47 582d 4e78 4zyZ06nucU_GX-Nx
0x01a0: 475f 6544 310d 0a0d 0a G_eD1....
0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31
행이 무엇을 의미하는지 알고 싶습니다.0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31 ....GET./.HTTP/1
어떤 도움이라도 대단히 감사하겠습니다.
답변1
0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31 stands for in the line 0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31
0x0030
이는 바이트 번호 또는 로 시작하는 패킷 데이터의 16진수 표현입니다 48
. 06
바이트 48, 1c
바이트 49 등입니다.
....GET./.HTTP/1
위와 동일한 페이로드 문자열을 텍스트로 표현한 것입니다.