登录
首页 >  数据库 >  MySQL

tcpdump抓包mysql建联验证TCP的三次握手

来源:SegmentFault

时间:2023-02-16 15:35:22 312浏览 收藏

来到golang学习网的大家,相信都是编程学习爱好者,希望在这里学习数据库相关编程知识。下面本篇文章就来带大家聊聊《tcpdump抓包mysql建联验证TCP的三次握手》,介绍一下MySQL、TCP、Linux、tcpdump、tcp抓包,希望对大家的知识积累有所帮助,助力实战开发!

$ tcpdump
# 如果没有安装
tcpdump: no suitable device found
# 如果已经安装,则当有网络请求时会出现许多的这种网络解析数据
21:44:14.109590 IP client.host > server.host: Flags [P.], seq 1031520:1031984, ack 1393, win 95, options [nop,nop,TS val 2242702304 ecr 3381086780], length 464

最新的

# 下载tcpdump文件
wget www.tcpdump.org/release/tcpdump-4.9.2.tar.gz

# 下载pcap文件
wget www.tcpdump.org/release/libpcap-1.9.0.tar.gz

# 安装libpcap,make install的时候可能需要root权限
tar -zxvf libpcap-1.9.0.tar.gz
cd libpcap-1.9.0.tar.gz
./configure
make
make install

# 安装tcpdump的过程
tar -zxvf tcpdump-4.9.2
cd tcpdump-4.9.2
./configure
make
make install

安装完成后跟上面一样输入

$ tcpdump

# 查看所有的参数内容
$ tcpdump --help
tcpdump version 4.9.2
libpcap version 1.9.0-PRE-GIT (with TPACKET_V2)
OpenSSL 1.0.0-fips 29 Mar 2010
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqStuUvxX#] [ -B size ] [ -c count ]
                [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
                [ -i interface ] [ -j tstamptype ] [ -M secret ] [ --number ]
                [ -Q in|out|inout ]
                [ -r file ] [ -s snaplen ] [ --time-stamp-precision precision ]
                [ --immediate-mode ] [ -T type ] [ --version ] [ -V file ]
                [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]
                [ -Z user ] [ expression ]

常用的参数含义:

  • # 只捕获指定IP的数据包
tcpdump host 10.10.13.15
# 捕获两个IP的数据包
tcpdump host 1010.13.15 and \(10.10.13.47\)
# 捕获指定端口和协议的数据包
tcpdump tcp port 21 and host 10.10.13.15

    实例测试

    这个实例是A机器
    # 三次握手,其中S代表Syn,.代表Ack,S.代表Syn, Ack
2018-08-19 22:52:42.768100 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [S], seq 864854527, win 14600, options [mss 1460,sackOK,TS val 2246810963 ecr 0,nop,wscale 8], length 0
2018-08-19 22:52:42.810055 IP 10.92.143.15.3306 > 10.119.124.24.45298: Flags [S.], seq 4288771247, ack 864854528, win 14480, options [mss 1460,sackOK,TS val 2062159250 ecr 2246810963,nop,wscale 8], length 0
2018-08-19 22:52:42.810065 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [.], ack 4288771248, win 58, options [nop,nop,TS val 2246811005 ecr 2062159250], length 0
# 登录校验,传输用户名和密码验证阶段,其中P代表Push,传输数据需要。这里包含登录验证和版本信息等元数据的交换
2018-08-19 22:52:42.852102 IP 10.92.143.15.3306 > 10.119.124.24.45298: Flags [P.], seq 4288771248:4288771308, ack 864854528, win 57, options [nop,nop,TS val 2062159292 ecr 2246811005], length 60
2018-08-19 22:52:42.852118 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [.], ack 4288771308, win 58, options [nop,nop,TS val 2246811047 ecr 2062159292], length 0
2018-08-19 22:52:42.853251 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [P.], seq 864854528:864854590, ack 4288771308, win 58, options [nop,nop,TS val 2246811048 ecr 2062159292], length 62
2018-08-19 22:52:42.895198 IP 10.92.143.15.3306 > 10.119.124.24.45298: Flags [.], ack 864854590, win 57, options [nop,nop,TS val 2062159335 ecr 2246811048], length 0
2018-08-19 22:52:42.895256 IP 10.92.143.15.3306 > 10.119.124.24.45298: Flags [P.], seq 4288771308:4288771319, ack 864854590, win 57, options [nop,nop,TS val 2062159335 ecr 2246811048], length 11
2018-08-19 22:52:42.895264 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [.], ack 4288771319, win 58, options [nop,nop,TS val 2246811090 ecr 2062159335], length 0
2018-08-19 22:52:42.895312 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [P.], seq 864854590:864854627, ack 4288771319, win 58, options [nop,nop,TS val 2246811090 ecr 2062159335], length 37
2018-08-19 22:52:42.937268 IP 10.92.143.15.3306 > 10.119.124.24.45298: Flags [.], ack 864854627, win 57, options [nop,nop,TS val 2062159377 ecr 2246811090], length 0
2018-08-19 22:52:42.937405 IP 10.92.143.15.3306 > 10.119.124.24.45298: Flags [P.], seq 4288771319:4288771409, ack 864854627, win 57, options [nop,nop,TS val 2062159377 ecr 2246811090], length 90
2018-08-19 22:52:42.937414 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [.], ack 4288771409, win 58, options [nop,nop,TS val 2246811132 ecr 2062159377], length 0
# 发送exit;正好5个字符
2018-08-19 22:52:44.366633 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [P.], seq 864854627:864854632, ack 4288771409, win 58, options [nop,nop,TS val 2246812561 ecr 2062159377], length 5
# 四次挥手,其中F代表FIN,完成数据发送
2018-08-19 22:52:44.366649 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [F.], seq 864854632, ack 4288771409, win 58, options [nop,nop,TS val 2246812561 ecr 2062159377], length 0
## 这个是exit的答复
2018-08-19 22:52:44.408575 IP 10.92.143.15.3306 > 10.119.124.24.45298: Flags [.], ack 864854632, win 57, options [nop,nop,TS val 2062160848 ecr 2246812561], length 0
2018-08-19 22:52:44.408618 IP 10.92.143.15.3306 > 10.119.124.24.45298: Flags [.], ack 864854633, win 57, options [nop,nop,TS val 2062160848 ecr 2246812561], length 0
2018-08-19 22:52:44.408652 IP 10.92.143.15.3306 > 10.119.124.24.45298: Flags [F.], seq 4288771409, ack 864854633, win 57, options [nop,nop,TS val 2062160848 ecr 2246812561], length 0
2018-08-19 22:52:44.408657 IP 10.119.124.24.45298 > 10.92.143.15.3306: Flags [.], ack 4288771410, win 58, options [nop,nop,TS val 2246812603 ecr 2062160848], length 0
    具体的
    mysql
    通信内容可以查看这篇文章:https://jin-yang.github.io/po...

    参考资料

    1. Tcpdump的安装和使用:https://blog.csdn.net/s_k_yli...
    2. Tcpdump(linux)下载、安装、使用说明:http://www.voidcn.com/article...
    3. 深度解析mysql登录原理:https://www.cnblogs.com/cchus...
    4. TCP/IP详解 卷1:协议 第18章 TCP连接的建立和终止
    5. Mysql通讯协议:https://jin-yang.github.io/po...

    到这里,我们也就讲完了《tcpdump抓包mysql建联验证TCP的三次握手》的内容了。个人认为,基础知识的学习和巩固,是为了更好的将其运用到项目中,欢迎关注golang学习网公众号,带你了解更多关于mysql的知识点!

mysql MySQL TCP Linux tcpdump tcp抓包
声明:本文转载于:SegmentFault 如有侵犯,请联系study_golang@163.com删除
相关阅读
更多>
最新阅读
更多>
课程推荐
更多>