local:192.168.0.1
server:192.168.0.120
server 上就一个空index.php页面
1、开启抓包
[root@centos~]# tcpdump tcp port 80 -S
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes
2、 浏览器请求192.168.0.120/index.php
3、观察 tcpdump 抓的包
连接建立
10:29:17.766775 IP 192.168.0.1.60011 > 192.168.0.120.http: Flags [S], seq 3600148388, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
local ⇒server seq =3600148388
10:29:17.766798 IP 192.168.0.120.http > 192.168.0.1.60011: Flags [S.], seq 2389633482, ack 3600148389, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
server ⇒local ack = seq + 1= 3600148389
10:29:17.767401 IP 192.168.0.1.60011 > 192.168.0.120.http: Flags [.], ack 2389633483, win 256, length 0
local ⇒server ack = seq +1 = 2389633483
数据传输
10:29:17.767705 IP 192.168.0.1.60011 > 192.168.0.120.http: Flags [P.], seq 3600148389:3600148740, ack 2389633483, win 256, length 351
10:29:17.767728 IP 192.168.0.120.http > 192.168.0.1.60011: Flags [.], ack 3600148740, win 245, length 0
10:29:17.769498 IP 192.168.0.120.http > 192.168.0.1.60011: Flags [P.], seq 2389633483:2389633805, ack 3600148740, win 245, length 322
连接关闭
10:29:17.769635 IP 192.168.0.120.http > 192.168.0.1.60011: Flags [F.], seq 2389633805, ack 3600148740, win 245, length 0
server ⇒local seq = 2389633805
服务端发起close ,进入FIN_wait
10:29:17.770412 IP 192.168.0.1.60011 > 192.168.0.120.http: Flags [.], ack 2389633806, win 255, length 0
local ⇒server ack = seq +1 = 2389633806
客户端回应
10:29:17.771512 IP 192.168.0.1.60011 > 192.168.0.120.http: Flags [F.], seq 3600148740, ack 2389633806, win 255, length 0
local ⇒server ack = seq +1 = 2389633806
服务端确认关闭
10:29:17.771520 IP 192.168.0.120.http > 192.168.0.1.60011: Flags [.], ack 3600148741, win 245, length 0
server ⇒local ack = seq+1 = 3600148741