注意:
本方法使用了tcpdump 和 sendip工具,具体的安装和下载自己寻找教程
还是列出来吧:
sendip安装
下载地址: http://www.earth.li/projectpurple/progs/sendip.html
tar zxvf sendip-2.5.tar.gz
cd sendip-2.5
make
make install
#########################################################################
如果make出现错误:操作如下,没报错直接跳过
cc1: warnings being treated as errors
ipv4.c: In function 'do_opt':
ipv4.c:212: warning: pointer targets inpassing argument 1 of 'sprintf' differ in signedness
ipv4.c:213: warning: pointer targets inpassing argument 1 of 'compact_string' differ in signedness
ipv4.c:240: warning: pointer targets inpassing argument 5 of 'addoption' differ in signedness
ipv4.c:355: warning: pointer targets inpassing argument 5 of 'addoption' differ in signedness
ipv4.c:380: warning: pointer targets inpassing argument 5 of 'addoption' differ in signedness
ipv4.c:402: warning: pointer targets inpassing argument 5 of 'addoption' differ in signedness
make: *** [ipv4.so] Error 1
提示上述warning被作为错误
我们打开ipv4.c文件,找到各行,如212行:sprintf(data,"0x%s",arg);
发现参数data在前面(207行)声明为u_int8_t *类型,而sprintf的参数一般为(char *)而得到data的变量arg也是char *类型的,于是我们在212行将参数data显示转换为char *类型:sprintf((char *)data,"0x%s",arg);
再次make发现212行warning消失,于是其213几行和同样处理。
在240、355、380、402行方法'addoption'的data的参数是char *类型,但我们发现386行的addoption方法第5个参数为u_int8_t *类型,于是我们将上面几行的data显示转换为u_int8_t *类型,如240行:addoption(0,0,7,len+2,(u_int8_t *)data,pack);
再次make发现ipv4.c中的warning已经消失,但是出现tcp.c文件中的若干warning:
cc1: warnings being treated as errors
tcp.c: In function 'do_opt':
tcp.c:207: warning: pointer targets inpassing argument 1 of 'sprintf' differ in signedness
tcp.c:208: warning: pointer targets inpassing argument 1 of 'compact_string' differ in signedness
tcp.c:239: warning: pointer targets inassignment differ in signedness
tcp.c:241: warning: pointer targets inpassing argument 1 of 'strchr' differ in signedness
tcp.c:241: warning: pointer targets inassignment differ in signedness
tcp.c:249: warning: pointer targets inassignment differ in signedness
tcp.c:252: warning: pointer targets inassignment differ in signedness
tcp.c:262: warning: pointer targets inassignment differ in signedness
tcp.c:264: warning: pointer targets inassignment differ in signedness
tcp.c:266: warning: pointer targets in assignmentdiffer in signedness
tcp.c:270: warning: pointer targets inassignment differ in signedness
make: *** [tcp.so] Error 1
我们以类似的方法找到各行,进行格式修改:
207行:sprintf((char*)data,"0x%s",arg);
208行:len =compact_string((char *)data);
239行:next=(unsigned char*)arg;
241行:next=(unsigned char*)strchr((char *)next,',');
249行:next=(unsigned char*)arg;
252行:next=(unsigned char*)strchr(arg, ':');
262行:arg=(char *)next;
264行:next=(unsigned char*)strchr(arg, ',');
266行:next=(unsigned char*)arg-1; /* Finito - next points to \0 */
270行:arg=(char *)next;
重新make通过
make install通过
安装完成
###########################################################
tcpdump安装
yum install tcpdump -y
如果你那边不行,使用yum whatprovides tcpdump 查看哪个包支持tcpdump就安装哪个包
环境
close wait主要发送RST包,让close wait端释放
先说我这边的测试环境
close wait这端 是1.1.1.1 port 5000
client 端是 1.1.1.2 port 6000
在close wait这端执行 tcpdump -i eth0 port 5000 -vv //eth0 是网卡选项,-vv 还是 -vvv 具体要看你那边的具体支持
如果也可以使用如下命令
tcpdump -i eth4 host 1.1.1.1 and tcp port 5000 -vvv 监控本机上IP:Port 的包的收发
下面分为2种情况:
1)tcpdump有输出结果
格式如下:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:43:52.783330 IP (tos 0x0, ttl 64, id 49641, offset 0, flags [DF], proto TCP (6), length 52)
1.1.1.1.commplex-main > 1.1.1.2.x11: Flags [.], cksum 0x9e3c (incorrect -> 0x32b3), seq 563052345, ack 2475188477, win 227, options [nop,nop,TS val 3719261472 ecr 3619406398], length 0
在client端执行
#sendip -v -p ipv4 -id 1.1.1.1 -is 1.1.1.2 -p tcp -td 5000 -ts 6000 -tfr 1 -tfs 0 -tn 2475188477 -tw 0 1.1.1.1
2) tcpdump 长时间没有输出结果
在client端执行
#sendip -v -p ipv4 -id 1.1.1.1 -is 1.1.1.2 -p tcp -td 5000 -ts 6000 -d 123 1.1.1.1