当前位置: 技术问答>linux和unix
请问如何对网络数据进行会话重组啊?
来源: 互联网 发布时间:2015-10-18
本文导语: 用TCPDUMP抓到的网络数据是这样的格式,其中各个字段解释如下: 1time Converted to floating pt seconds ... hr*3600+min*60+secs 2addr and port The first two fields of the src and dest address make up the fake ...
用TCPDUMP抓到的网络数据是这样的格式,其中各个字段解释如下:
1time Converted to floating pt seconds ... hr*3600+min*60+secs
2addr and port The first two fields of the src and dest address make up the fake address, so the converted address was made as: x + y*256
(you may want to get rid of x.y.256.256.port)
3 sourceport
4 destip
5 destport
6flag Added a "U" for udp data (only has ulen) X - means packet was a DNS name server request or response. The ID# and rest of data is in the "op" field. (see tcpdump descrip.) XPE - means there were no ports... from "fragmented packets"
7seq1 The data sequence number of the packet
8seq2 The data sequence number of the data expected in return
9buf The number of bytes of receive buffer space available
10ack The sequence number of the next data expected from the other direction on this connection
11 win The number of bytes of receive buffer space available from the other direction on this connection
12 ulen The length, if a udp packet
13 op Optional info such as (df) ... do not fragment
部分数据如下:
38141.504694,1,7000,2,7001,U,,,,,,148,""
38141.510076,3,20,2,3421,.,1811081902,1811082414,366784001,9216,512,,""
38141.515159,3,20,2,3421,.,512,1024,1,9216,512,,""
38141.516172,4,80,2,2609,.,,,438528422,9112,,," (DF)"
38141.516647,5,25,2,1362,F,266688477,266688477,580609140,4096,0,,""
38141.517186,6,119,2,4305,P,1536324798,1536324811,1647611259,61440,13,,""
38141.517993,2,1362,5,25,.,,,1,4096,,,""
38141.534319,7,27383,2,1826,.,53897419,53897931,318976001,4096,512,,""
38141.535717,2,2611,8,80,.,,,786087235,16384,,,""
38141.535855,2,2593,9,80,.,,,1163562564,16384,,,""
38141.536404,2,1826,7,27383,.,,,0,16384,,,""
38141.539437,7,27383,2,1826,.,512,1024,1,4096,512,,""
38141.539562,4,80,2,2608,.,,,438464421,9112,,," (DF)"
38141.541234,2,4305,6,119,P,1,38,13,4096,37,,""
38141.542496,2,1826,7,27383,.,,,1024,16384,,,""
38141.545014,3,20,2,3421,.,1024,1536,1,9216,512,,""
38141.55006,3,20,2,3421,.,1536,2048,1,9216,512,,""
38141.552679,2,53,10,53,X,,,,,,,": 33259 [b2&3=0x30] (32)"
38141.555092,3,20,2,3421,.,2048,2560,1,9216,512,,""
38141.559418,2,2621,4,80,S,440192000,440192000,,16384,0,,""
38141.560334,7,27383,2,1826,.,1024,1536,1,4096,512,,""
38141.565375,7,27383,2,1826,.,1536,2048,1,4096,512,,""
38141.567891,2,1826,7,27383,.,,,2048,16384,,,""
38141.570495,7,27383,2,1826,.,2048,2560,1,4096,512,,""
38141.576677,11,80,2,2613,.,517245043,517245579,439232285,8292,536,," (DF)"
38141.577916,2,119,12,4803,.,,,806839108,23049,,,""
38141.581921,11,80,2,2613,.,536,1072,1,8292,536,," (DF)"
38141.582419,13,2845,2,25,P,1407111916,1407111962,581376195,9112,46,," (DF)"
38141.583895,2,25,13,2845,.,,,46,4096,,,""
38141.584516,2,2613,11,80,.,,,1072,16384,,,""
38141.587983,11,80,2,2613,.,1072,1608,1,8292,536,," (DF)"
38141.589276,1,7000,2,7001,U,,,,,,148,""
38141.590614,4,80,2,2620,P,953393175,953393278,439936419,9112,103,," (DF)"
38141.591044,4,80,2,2620,F,103,103,1,9112,0,," (DF)"
38141.593459,2,2620,4,80,.,,,104,16281,,,""
38141.59371,2,2620,4,80,F,1,1,104,16384,0,,""
38141.596652,11,80,2,2324,.,517348953,517349489,395584281,8296,536,," (DF)"
38141.601931,8,80,2,2611,.,1,537,0,8576,536,," (DF)"
38141.607175,8,80,2,2611,.,537,1073,0,8576,536,," (DF)"
38141.609822,2,2611,8,80,.,,,1073,16384,,,""
38141.612432,8,80,2,2611,.,1073,1609,0,8576,536,," (DF)"
38141.612554,6,119,2,4305,.,,,38,61440,,,""
38141.613019,6,119,2,4305,P,13,26,38,61440,13,,""
38141.618449,3,20,2,3421,.,2560,3072,1,9216,512,,""
38141.62348,3,20,2,3421,.,3072,3584,1,9216,512,,""
38141.623604,14,119,2,4233,P,715515024,715515029,1067704837,16384,5,,""
38141.629245,8,80,2,2611,.,1609,2145,0,8576,536,," (DF)"
38141.63191,2,2611,8,80,.,,,2145,16384,,,""
38141.634564,8,80,2,2611,.,2145,2681,0,8576,536,," (DF)"
38141.639542,3,20,2,3421,.,3584,4096,1,9216,512,,""
38141.644547,3,20,2,3421,.,4096,4608,1,9216,512,,""
38141.645677,2,2605,11,80,F,437632288,437632288,517245894,16384,0,,""
38141.649613,7,27383,2,1826,.,2560,3072,1,4096,512,,""
38141.653328,2,2622,4,80,S,440384000,440384000,,16384,0,,""
38141.6536,2,1826,7,27383,.,,,3072,16384,,,""
38141.654701,7,27383,2,1826,.,3072,3584,1,4096,512,,""
38141.659721,7,27383,2,1826,.,3584,4096,1,4096,512,,""
38141.66247,2,1826,7,27383,.,,,4096,16384,,,""
38141.664973,9,80,2,2593,.,1,537,0,9112,536,," (DF)"
38141.66622,9,80,2,2593,F,537,664,0,9112,127,," (DF)"
38141.667532,2,4346,15,119,P,186997960,186997997,2320196214,4096,37,,""
38141.667655,2,2593,9,80,.,,,665,15721,,,""
38141.667851,1,7000,2,7001,U,,,,,,148,""
38141.669523,10,53,2,53,X,,,,,,,": 33259* 2/2/2 (151)"
38141.669954,4,80,2,2621,S,953841174,953841174,440192001,9112,0,," (DF)"
38141.670133,2,2593,9,80,F,0,0,665,16384,0,,""
38141.671372,2,2621,4,80,.,,,1,16384,,,""
38141.675292,16,80,2,2566,.,1424427186,1424427698,432064315,8192,512,,""
38141.676081,2,2623,17,21,S,440448000,440448000,,16384,0,,""
38141.678149,2,2566,16,80,.,,,1024,16384,,,""
38141.680392,7,27383,2,1826,.,4096,4608,1,4096,512,,""
38141.682188,2,2621,4,80,P,1,415,1,16384,414,,""
38141.685508,7,27383,2,1826,.,4608,5120,1,4096,512,,""
38141.68908,2,1826,7,27383,.,,,5120,16384,,,""
38141.690652,7,27383,2,1826,.,5120,5632,1,4096,512,,""
38141.695864,3,20,2,3421,.,4608,5120,1,9216,512,,""
38141.700732,3,20,2,3421,.,5120,5632,1,9216,512,,""
38141.705759,18,22223,2,3706,P,510968765,510969277,1208256001,4096,512,,""
38141.705881,4,80,2,2620,.,,,2,9112,,," (DF)"
38141.711242,18,22223,2,1095,P,1982931821,1982932333,5504001,4096,512,,""
38141.713204,2,2624,19,80,S,440576000,440576000,,16384,0,,""
38141.716254,18,22223,2,3706,P,512,1024,1,4096,512,,""
38141.721266,18,22223,2,1095,P,512,1024,1,4096,512,,""
38141.723545,8,80,2,2611,FP,2681,2911,0,8576,230,," (DF)"
38141.725464,2,2625,4,80,S,440640000,440640000,,16384,0,,""
38141.725603,2,7001,20,7003,U,,,,,,32,""
1time Converted to floating pt seconds ... hr*3600+min*60+secs
2addr and port The first two fields of the src and dest address make up the fake address, so the converted address was made as: x + y*256
(you may want to get rid of x.y.256.256.port)
3 sourceport
4 destip
5 destport
6flag Added a "U" for udp data (only has ulen) X - means packet was a DNS name server request or response. The ID# and rest of data is in the "op" field. (see tcpdump descrip.) XPE - means there were no ports... from "fragmented packets"
7seq1 The data sequence number of the packet
8seq2 The data sequence number of the data expected in return
9buf The number of bytes of receive buffer space available
10ack The sequence number of the next data expected from the other direction on this connection
11 win The number of bytes of receive buffer space available from the other direction on this connection
12 ulen The length, if a udp packet
13 op Optional info such as (df) ... do not fragment
部分数据如下:
38141.504694,1,7000,2,7001,U,,,,,,148,""
38141.510076,3,20,2,3421,.,1811081902,1811082414,366784001,9216,512,,""
38141.515159,3,20,2,3421,.,512,1024,1,9216,512,,""
38141.516172,4,80,2,2609,.,,,438528422,9112,,," (DF)"
38141.516647,5,25,2,1362,F,266688477,266688477,580609140,4096,0,,""
38141.517186,6,119,2,4305,P,1536324798,1536324811,1647611259,61440,13,,""
38141.517993,2,1362,5,25,.,,,1,4096,,,""
38141.534319,7,27383,2,1826,.,53897419,53897931,318976001,4096,512,,""
38141.535717,2,2611,8,80,.,,,786087235,16384,,,""
38141.535855,2,2593,9,80,.,,,1163562564,16384,,,""
38141.536404,2,1826,7,27383,.,,,0,16384,,,""
38141.539437,7,27383,2,1826,.,512,1024,1,4096,512,,""
38141.539562,4,80,2,2608,.,,,438464421,9112,,," (DF)"
38141.541234,2,4305,6,119,P,1,38,13,4096,37,,""
38141.542496,2,1826,7,27383,.,,,1024,16384,,,""
38141.545014,3,20,2,3421,.,1024,1536,1,9216,512,,""
38141.55006,3,20,2,3421,.,1536,2048,1,9216,512,,""
38141.552679,2,53,10,53,X,,,,,,,": 33259 [b2&3=0x30] (32)"
38141.555092,3,20,2,3421,.,2048,2560,1,9216,512,,""
38141.559418,2,2621,4,80,S,440192000,440192000,,16384,0,,""
38141.560334,7,27383,2,1826,.,1024,1536,1,4096,512,,""
38141.565375,7,27383,2,1826,.,1536,2048,1,4096,512,,""
38141.567891,2,1826,7,27383,.,,,2048,16384,,,""
38141.570495,7,27383,2,1826,.,2048,2560,1,4096,512,,""
38141.576677,11,80,2,2613,.,517245043,517245579,439232285,8292,536,," (DF)"
38141.577916,2,119,12,4803,.,,,806839108,23049,,,""
38141.581921,11,80,2,2613,.,536,1072,1,8292,536,," (DF)"
38141.582419,13,2845,2,25,P,1407111916,1407111962,581376195,9112,46,," (DF)"
38141.583895,2,25,13,2845,.,,,46,4096,,,""
38141.584516,2,2613,11,80,.,,,1072,16384,,,""
38141.587983,11,80,2,2613,.,1072,1608,1,8292,536,," (DF)"
38141.589276,1,7000,2,7001,U,,,,,,148,""
38141.590614,4,80,2,2620,P,953393175,953393278,439936419,9112,103,," (DF)"
38141.591044,4,80,2,2620,F,103,103,1,9112,0,," (DF)"
38141.593459,2,2620,4,80,.,,,104,16281,,,""
38141.59371,2,2620,4,80,F,1,1,104,16384,0,,""
38141.596652,11,80,2,2324,.,517348953,517349489,395584281,8296,536,," (DF)"
38141.601931,8,80,2,2611,.,1,537,0,8576,536,," (DF)"
38141.607175,8,80,2,2611,.,537,1073,0,8576,536,," (DF)"
38141.609822,2,2611,8,80,.,,,1073,16384,,,""
38141.612432,8,80,2,2611,.,1073,1609,0,8576,536,," (DF)"
38141.612554,6,119,2,4305,.,,,38,61440,,,""
38141.613019,6,119,2,4305,P,13,26,38,61440,13,,""
38141.618449,3,20,2,3421,.,2560,3072,1,9216,512,,""
38141.62348,3,20,2,3421,.,3072,3584,1,9216,512,,""
38141.623604,14,119,2,4233,P,715515024,715515029,1067704837,16384,5,,""
38141.629245,8,80,2,2611,.,1609,2145,0,8576,536,," (DF)"
38141.63191,2,2611,8,80,.,,,2145,16384,,,""
38141.634564,8,80,2,2611,.,2145,2681,0,8576,536,," (DF)"
38141.639542,3,20,2,3421,.,3584,4096,1,9216,512,,""
38141.644547,3,20,2,3421,.,4096,4608,1,9216,512,,""
38141.645677,2,2605,11,80,F,437632288,437632288,517245894,16384,0,,""
38141.649613,7,27383,2,1826,.,2560,3072,1,4096,512,,""
38141.653328,2,2622,4,80,S,440384000,440384000,,16384,0,,""
38141.6536,2,1826,7,27383,.,,,3072,16384,,,""
38141.654701,7,27383,2,1826,.,3072,3584,1,4096,512,,""
38141.659721,7,27383,2,1826,.,3584,4096,1,4096,512,,""
38141.66247,2,1826,7,27383,.,,,4096,16384,,,""
38141.664973,9,80,2,2593,.,1,537,0,9112,536,," (DF)"
38141.66622,9,80,2,2593,F,537,664,0,9112,127,," (DF)"
38141.667532,2,4346,15,119,P,186997960,186997997,2320196214,4096,37,,""
38141.667655,2,2593,9,80,.,,,665,15721,,,""
38141.667851,1,7000,2,7001,U,,,,,,148,""
38141.669523,10,53,2,53,X,,,,,,,": 33259* 2/2/2 (151)"
38141.669954,4,80,2,2621,S,953841174,953841174,440192001,9112,0,," (DF)"
38141.670133,2,2593,9,80,F,0,0,665,16384,0,,""
38141.671372,2,2621,4,80,.,,,1,16384,,,""
38141.675292,16,80,2,2566,.,1424427186,1424427698,432064315,8192,512,,""
38141.676081,2,2623,17,21,S,440448000,440448000,,16384,0,,""
38141.678149,2,2566,16,80,.,,,1024,16384,,,""
38141.680392,7,27383,2,1826,.,4096,4608,1,4096,512,,""
38141.682188,2,2621,4,80,P,1,415,1,16384,414,,""
38141.685508,7,27383,2,1826,.,4608,5120,1,4096,512,,""
38141.68908,2,1826,7,27383,.,,,5120,16384,,,""
38141.690652,7,27383,2,1826,.,5120,5632,1,4096,512,,""
38141.695864,3,20,2,3421,.,4608,5120,1,9216,512,,""
38141.700732,3,20,2,3421,.,5120,5632,1,9216,512,,""
38141.705759,18,22223,2,3706,P,510968765,510969277,1208256001,4096,512,,""
38141.705881,4,80,2,2620,.,,,2,9112,,," (DF)"
38141.711242,18,22223,2,1095,P,1982931821,1982932333,5504001,4096,512,,""
38141.713204,2,2624,19,80,S,440576000,440576000,,16384,0,,""
38141.716254,18,22223,2,3706,P,512,1024,1,4096,512,,""
38141.721266,18,22223,2,1095,P,512,1024,1,4096,512,,""
38141.723545,8,80,2,2611,FP,2681,2911,0,8576,230,," (DF)"
38141.725464,2,2625,4,80,S,440640000,440640000,,16384,0,,""
38141.725603,2,7001,20,7003,U,,,,,,32,""
|
什么协议呢?
您可能感兴趣的文章:
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。