注意:
本方法使用了tcpdump 和 sendip工具,具體的安裝和下載自己尋找教程
還是列出來吧:
sendip安裝
下載地址: http://www.earth.li/projectpurple/progs/sendip.html
tar zxvf sendip-2.5.tar.gz
cd sendip-2.5
make
make install
#########################################################################
如果make出現錯誤:操作如下,沒報錯直接跳過
cc1: warnings being treated as errors
ipv4.c: In function 'do_opt':
ipv4.c:212: warning: pointer targets inpassing argument 1 of 'sprintf' differ in signedness
ipv4.c:213: warning: pointer targets inpassing argument 1 of 'compact_string' differ in signedness
ipv4.c:240: warning: pointer targets inpassing argument 5 of 'addoption' differ in signedness
ipv4.c:355: warning: pointer targets inpassing argument 5 of 'addoption' differ in signedness
ipv4.c:380: warning: pointer targets inpassing argument 5 of 'addoption' differ in signedness
ipv4.c:402: warning: pointer targets inpassing argument 5 of 'addoption' differ in signedness
make: *** [ipv4.so] Error 1
提示上述warning被作為錯誤
我們打開ipv4.c文件,找到各行,如212行:sprintf(data,"0x%s",arg);
發現參數data在前面(207行)聲明為u_int8_t *類型,而sprintf的參數一般為(char *)而得到data的變量arg也是char *類型的,於是我們在212行將參數data顯示轉換為char *類型:sprintf((char *)data,"0x%s",arg);
再次make發現212行warning消失,於是其213幾行和同樣處理。
在240、355、380、402行方法'addoption'的data的參數是char *類型,但我們發現386行的addoption方法第5個參數為u_int8_t *類型,於是我們將上面幾行的data顯示轉換為u_int8_t *類型,如240行:addoption(0,0,7,len+2,(u_int8_t *)data,pack);
再次make發現ipv4.c中的warning已經消失,但是出現tcp.c文件中的若干warning:
cc1: warnings being treated as errors
tcp.c: In function 'do_opt':
tcp.c:207: warning: pointer targets inpassing argument 1 of 'sprintf' differ in signedness
tcp.c:208: warning: pointer targets inpassing argument 1 of 'compact_string' differ in signedness
tcp.c:239: warning: pointer targets inassignment differ in signedness
tcp.c:241: warning: pointer targets inpassing argument 1 of 'strchr' differ in signedness
tcp.c:241: warning: pointer targets inassignment differ in signedness
tcp.c:249: warning: pointer targets inassignment differ in signedness
tcp.c:252: warning: pointer targets inassignment differ in signedness
tcp.c:262: warning: pointer targets inassignment differ in signedness
tcp.c:264: warning: pointer targets inassignment differ in signedness
tcp.c:266: warning: pointer targets in assignmentdiffer in signedness
tcp.c:270: warning: pointer targets inassignment differ in signedness
make: *** [tcp.so] Error 1
我們以類似的方法找到各行,進行格式修改:
207行:sprintf((char*)data,"0x%s",arg);
208行:len =compact_string((char *)data);
239行:next=(unsigned char*)arg;
241行:next=(unsigned char*)strchr((char *)next,',');
249行:next=(unsigned char*)arg;
252行:next=(unsigned char*)strchr(arg, ':');
262行:arg=(char *)next;
264行:next=(unsigned char*)strchr(arg, ',');
266行:next=(unsigned char*)arg-1; /* Finito - next points to \0 */
270行:arg=(char *)next;
重新make通過
make install通過
安裝完成
###########################################################
tcpdump安裝
yum install tcpdump -y
如果你那邊不行,使用yum whatprovides tcpdump 查看哪個包支持tcpdump就安裝哪個包
環境
close wait主要發送RST包,讓close wait端釋放
先說我這邊的測試環境
close wait這端 是1.1.1.1 port 5000
client 端是 1.1.1.2 port 6000
在close wait這端執行 tcpdump -i eth0 port 5000 -vv //eth0 是網卡選項,-vv 還是 -vvv 具體要看你那邊的具體支持
如果也可以使用如下命令
tcpdump -i eth4 host 1.1.1.1 and tcp port 5000 -vvv 監控本機上IP:Port 的包的收發
下面分為2種情況:
1)tcpdump有輸出結果
格式如下:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:43:52.783330 IP (tos 0x0, ttl 64, id 49641, offset 0, flags [DF], proto TCP (6), length 52)
1.1.1.1.commplex-main > 1.1.1.2.x11: Flags [.], cksum 0x9e3c (incorrect -> 0x32b3), seq 563052345, ack 2475188477, win 227, options [nop,nop,TS val 3719261472 ecr 3619406398], length 0
在client端執行
#sendip -v -p ipv4 -id 1.1.1.1 -is 1.1.1.2 -p tcp -td 5000 -ts 6000 -tfr 1 -tfs 0 -tn 2475188477 -tw 0 1.1.1.1
2) tcpdump 長時間沒有輸出結果
在client端執行
#sendip -v -p ipv4 -id 1.1.1.1 -is 1.1.1.2 -p tcp -td 5000 -ts 6000 -d 123 1.1.1.1