抓了个IPv6包


        最近百度云发布了BCC服务器 IPv6支持,就试着搭起了一个,百度智能云IPv6搭建LNMP站点,刚好,最近在学习CentOS7 tcpdump抓包,参考IPv4抓包过程,写个这个IPv6抓包文档。您也可以查看这篇关于 IPv6 的文章:IPv6笔记

(一)IPv4的HTTP请求包

在抓 IPv6 包之前,先来抓个 IPv4 包,反正不要钱。

1.204.29.213.10484 > 172.17.27.211.http: Flags [P.], cksum 0x5580 (correct), seq 1:517, ack 1, win 258, length 516: HTTP, length: 516
GET /?plat=pc HTTP/1.1

0x0000:  4514 022c 1ddf 4000 7306 0054 01cc 1dd5  E..,..@.s..T....
0x0010:  ac11 1bd3 28f4 0050 fb41 fd3f 7716 0212  ....(..P.A.?w...
0x0020:  5018 0102 5580 0000 4745 5420 2f3f 706c  P...U...GET./?pl
0x0030:  6174 3d70 6320 4854 5450 2f31 2e31 0d0a  at=pc.HTTP/1.1..

(二)IPv6抓包

抓包命令

tcpdump -X -i eth0 -vvvv -n port 80

(1)第一段包:三次握手

18:33:03.960296 IP6 (hlim 236, next-header TCP (6) payload length: 40) 2409:896a:430:773c:2:1:a23d:5414.41535 > 240c:4082:0:1e03::5.http: Flags [S], cksum 0xdedb (correct), seq 1463932929, win 65535, options [mss 1350,sackOK,TS val 15594760 ecr 0,nop,wscale 6], length 0
	0x0000:  6000 0000 0028 06ec 2409 896a 0430 773c  `....(..$..j.0w<
	0x0010:  0002 0001 a23d 5414 240c 4082 0000 1e03  .....=T.$.@.....
	0x0020:  0000 0000 0000 0005 a23f 0050 5741 d801  .........?.PWA..
	0x0030:  0000 0000 a002 ffff dedb 0000 0204 0546  ...............F
	0x0040:  0402 080a 00ed f508 0000 0000 0103 0306  ................
18:33:03.960360 IP6 (hlim 64, next-header TCP (6) payload length: 40) 240c:4082:0:1e03::5.http > 2409:896a:430:773c:2:1:a23d:5414.41535: Flags [S.], cksum 0xa1f9 (incorrect -> 0x14ae), seq 398543506, ack 1463932930, win 28560, options [mss 1440,sackOK,TS val 6092673 ecr 15594760,nop,wscale 7], length 0
	0x0000:  6000 0000 0028 0640 240c 4082 0000 1e03  `....(.@$.@.....
	0x0010:  0000 0000 0000 0005 2409 896a 0430 773c  ........$..j.0w<
	0x0020:  0002 0001 a23d 5414 0050 a23f 17c1 4a92  .....=T..P.?..J.
	0x0030:  5741 d802 a012 6f90 a1f9 0000 0204 05a0  WA....o.........
	0x0040:  0402 080a 005c f781 00ed f508 0103 0307  .....\..........
18:33:04.029632 IP6 (hlim 236, next-header TCP (6) payload length: 32) 2409:896a:430:773c:2:1:a23d:5414.41535 > 240c:4082:0:1e03::5.http: Flags [.], cksum 0xadfd (correct), seq 1, ack 1, win 1266, options [nop,nop,TS val 15594767 ecr 6092673], length 0
	0x0000:  6000 0000 0020 06ec 2409 896a 0430 773c  `.......$..j.0w<
	0x0010:  0002 0001 a23d 5414 240c 4082 0000 1e03  .....=T.$.@.....
	0x0020:  0000 0000 0000 0005 a23f 0050 5741 d802  .........?.PWA..
	0x0030:  17c1 4a93 8010 04f2 adfd 0000 0101 080a  ..J.............
	0x0040:  00ed f50f 005c f781                      .....\..

(2)第二段包:HTTP请求

18:33:04.314851 IP6 (hlim 236, next-header TCP (6) payload length: 502) 2409:896a:430:773c:2:1:a23d:5414.41535 > 240c:4082:0:1e03::5.http: Flags [P.], cksum 0xafad (correct), seq 1:471, ack 1, win 1266, options [nop,nop,TS val 15594795 ecr 6092673], length 470: HTTP, length: 470
	GET /?t=4 HTTP/1.1
	Host: ipv6.ayouleyang.cn
	Connection: keep-alive
	Upgrade-Insecure-Requests: 1
	User-Agent: Mozilla/5.0 (Linux; Android 6.0; 1505-A01 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.97 Mobile Safari/537.36
	Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
	Accept-Encoding: gzip, deflate
	Accept-Language: zh-CN,en-US;q=0.9
	Cookie: _ga=GA1.2.142392291.1560353173

	0x0000:  6000 0000 01f6 06ec 2409 896a 0430 773c  `.......$..j.0w<
	0x0010:  0002 0001 a23d 5414 240c 4082 0000 1e03  .....=T.$.@.....
	0x0020:  0000 0000 0000 0005 a23f 0050 5741 d802  .........?.PWA..
	0x0030:  17c1 4a93 8018 04f2 afad 0000 0101 080a  ..J.............
	0x0040:  00ed f52b 005c f781 4745 5420 2f3f 743d  ...+.\..GET./?t=
	0x0050:  3420 4854 5450 2f31 2e31 0d0a 486f 7374  4.HTTP/1.1..Host
	0x0060:  3a20 6970 7636 2e61 796f 756c 6579 616e  :.ipv6.ayouleyan
	0x0070:  672e 636e 0d0a 436f 6e6e 6563 7469 6f6e  g.cn..Connection
	0x0080:  3a20 6b65 6570 2d61 6c69 7665 0d0a 5570  :.keep-alive..Up
	0x0090:  6772 6164 652d 496e 7365 6375 7265 2d52  grade-Insecure-R
	0x00a0:  6571 7565 7374 733a 2031 0d0a 5573 6572  equests:.1..User
	0x00b0:  2d41 6765 6e74 3a20 4d6f 7a69 6c6c 612f  -Agent:.Mozilla/
	0x00c0:  352e 3020 284c 696e 7578 3b20 416e 6472  5.0.(Linux;.Andr
	0x00d0:  6f69 6420 362e 303b 2031 3530 352d 4130  oid.6.0;.1505-A0
	0x00e0:  3120 4275 696c 642f 4d52 4135 384b 3b20  1.Build/MRA58K;.
	0x00f0:  7776 2920 4170 706c 6557 6562 4b69 742f  wv).AppleWebKit/
	0x0100:  3533 372e 3336 2028 4b48 544d 4c2c 206c  537.36.(KHTML,.l
	0x0110:  696b 6520 4765 636b 6f29 2056 6572 7369  ike.Gecko).Versi
	0x0120:  6f6e 2f34 2e30 2043 6872 6f6d 652f 3632  on/4.0.Chrome/62
	0x0130:  2e30 2e33 3230 322e 3937 204d 6f62 696c  .0.3202.97.Mobil
	0x0140:  6520 5361 6661 7269 2f35 3337 2e33 360d  e.Safari/537.36.
	0x0150:  0a41 6363 6570 743a 2074 6578 742f 6874  .Accept:.text/ht
	0x0160:  6d6c 2c61 7070 6c69 6361 7469 6f6e 2f78  ml,application/x
	0x0170:  6874 6d6c 2b78 6d6c 2c61 7070 6c69 6361  html+xml,applica
	0x0180:  7469 6f6e 2f78 6d6c 3b71 3d30 2e39 2c69  tion/xml;q=0.9,i
	0x0190:  6d61 6765 2f77 6562 702c 696d 6167 652f  mage/webp,image/
	0x01a0:  6170 6e67 2c2a 2f2a 3b71 3d30 2e38 0d0a  apng,*/*;q=0.8..
	0x01b0:  4163 6365 7074 2d45 6e63 6f64 696e 673a  Accept-Encoding:
	0x01c0:  2067 7a69 702c 2064 6566 6c61 7465 0d0a  .gzip,.deflate..
	0x01d0:  4163 6365 7074 2d4c 616e 6775 6167 653a  Accept-Language:
	0x01e0:  207a 682d 434e 2c65 6e2d 5553 3b71 3d30  .zh-CN,en-US;q=0
	0x01f0:  2e39 0d0a 436f 6f6b 6965 3a20 5f67 613d  .9..Cookie:._ga=
	0x0200:  4741 312e 322e 3134 3233 3932 3239 312e  GA1.2.142392291.
	0x0210:  3135 3630 3335 3331 3733 0d0a 0d0a       1560353173....

(3)第三段包:未知

18:33:04.314899 IP6 (hlim 64, next-header TCP (6) payload length: 32) 240c:4082:0:1e03::5.http > 2409:896a:430:773c:2:1:a23d:5414.41535: Flags [.], cksum 0xa1f1 (incorrect -> 0xaeb2), seq 1, ack 471, win 232, options [nop,nop,TS val 6093028 ecr 15594795], length 0
	0x0000:  6000 0000 0020 0640 240c 4082 0000 1e03  `......@$.@.....
	0x0010:  0000 0000 0000 0005 2409 896a 0430 773c  ........$..j.0w<
	0x0020:  0002 0001 a23d 5414 0050 a23f 17c1 4a93  .....=T..P.?..J.
	0x0030:  5741 d9d8 8010 00e8 a1f1 0000 0101 080a  WA..............
	0x0040:  005c f8e4 00ed f52b                      .\.....+

(4)第四段包:HTTP响应

18:33:04.315390 IP6 (hlim 64, next-header TCP (6) payload length: 641) 240c:4082:0:1e03::5.http > 2409:896a:430:773c:2:1:a23d:5414.41535: Flags [P.], cksum 0xa452 (incorrect -> 0x49f8), seq 1:610, ack 471, win 232, options [nop,nop,TS val 6093028 ecr 15594795], length 609: HTTP, length: 609
	HTTP/1.1 200 OK
	Server: nginx/1.12.2
	Date: Sat, 06 Jul 2019 10:33:04 GMT
	Content-Type: text/html
	Content-Length: 371
	Last-Modified: Sat, 06 Jul 2019 09:32:38 GMT
	Connection: keep-alive
	ETag: "5d206ab6-173"
	Accept-Ranges: bytes

	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<meta charset="utf-8">
	0x0000:  6000 0000 0281 0640 240c 4082 0000 1e03  `......@$.@.....
	0x0010:  0000 0000 0000 0005 2409 896a 0430 773c  ........$..j.0w<
	0x0020:  0002 0001 a23d 5414 0050 a23f 17c1 4a93  .....=T..P.?..J.
	0x0030:  5741 d9d8 8018 00e8 a452 0000 0101 080a  WA.......R......
	0x0040:  005c f8e4 00ed f52b 4854 5450 2f31 2e31  .\.....+HTTP/1.1
	0x0050:  2032 3030 204f 4b0d 0a53 6572 7665 723a  .200.OK..Server:
	0x0060:  206e 6769 6e78 2f31 2e31 322e 320d 0a44  .nginx/1.12.2..D
	0x0070:  6174 653a 2053 6174 2c20 3036 204a 756c  ate:.Sat,.06.Jul
	0x0080:  2032 3031 3920 3130 3a33 333a 3034 2047  .2019.10:33:04.G
	0x0090:  4d54 0d0a 436f 6e74 656e 742d 5479 7065  MT..Content-Type
	0x00a0:  3a20 7465 7874 2f68 746d 6c0d 0a43 6f6e  :.text/html..Con
	0x00b0:  7465 6e74 2d4c 656e 6774 683a 2033 3731  tent-Length:.371
	0x00c0:  0d0a 4c61 7374 2d4d 6f64 6966 6965 643a  ..Last-Modified:
	0x00d0:  2053 6174 2c20 3036 204a 756c 2032 3031  .Sat,.06.Jul.201
	0x00e0:  3920 3039 3a33 323a 3338 2047 4d54 0d0a  9.09:32:38.GMT..
	0x00f0:  436f 6e6e 6563 7469 6f6e 3a20 6b65 6570  Connection:.keep
	0x0100:  2d61 6c69 7665 0d0a 4554 6167 3a20 2235  -alive..ETag:."5
	0x0110:  6432 3036 6162 362d 3137 3322 0d0a 4163  d206ab6-173"..Ac
	0x0120:  6365 7074 2d52 616e 6765 733a 2062 7974  cept-Ranges:.byt
	0x0130:  6573 0d0a 0d0a 3c68 746d 6c20 786d 6c6e  es....<html.xmln
	0x0140:  733d 2268 7474 703a 2f2f 7777 772e 7733  s="http://www.w3
	0x0150:  2e6f 7267 2f31 3939 392f 7868 746d 6c22  .org/1999/xhtml"
	0x0160:  3e0a 3c68 6561 643e 0a3c 6d65 7461 2063  >.<head>.<meta.c
	0x0170:  6861 7273 6574 3d22 7574 662d 3822 3e0a  harset="utf-8">.
	0x0180:  3c74 6974 6c65 3ee7 bd91 e7ab 99e5 bbba  <title>.........
	0x0190:  e8ae bee4 b8ad 3c2f 7469 746c 653e 0a3c  ......</title>.<
	0x01a0:  6d65 7461 2068 7474 702d 6571 7569 763d  meta.http-equiv=
	0x01b0:  2258 2d55 412d 436f 6d70 6174 6962 6c65  "X-UA-Compatible
	0x01c0:  2220 636f 6e74 656e 743d 2249 453d 6564  ".content="IE=ed
	0x01d0:  6765 223e 0a3c 6d65 7461 206e 616d 653d  ge">.<meta.name=
	0x01e0:  2276 6965 7770 6f72 7422 2063 6f6e 7465  "viewport".conte
	0x01f0:  6e74 3d22 7769 6474 683d 6465 7669 6365  nt="width=device
	0x0200:  2d77 6964 7468 2c20 696e 6974 6961 6c2d  -width,.initial-
	0x0210:  7363 616c 653d 3122 3e0a 3c2f 6865 6164  scale=1">.</head
	0x0220:  3e0a 3c62 6f64 793e 0a3c 7020 616c 6967  >.<body>.<p.alig
	0x0230:  6e3d 2263 656e 7465 7222 2073 7479 6c65  n="center".style
	0x0240:  3d22 666f 6e74 2d73 697a 653a 3238 7078  ="font-size:28px
	0x0250:  3b20 666f 6e74 2d77 6569 6768 743a 626f  ;.font-weight:bo
	0x0260:  6c64 3b6d 6172 6769 6e2d 746f 703a 3530  ld;margin-top:50
	0x0270:  7078 3b22 3ee7 b3bb e7bb 9fe7 bbb4 e68a  px;">...........
	0x0280:  a4e4 b8ad 20e6 95ac e8af b7e6 9c9f e5be  ................
	0x0290:  85ef bc81 3c2f 703e 0a3c 2f62 6f64 793e  ....</p>.</body>
	0x02a0:  0a3c 2f68 746d 6c3e 0a                   .</html>.

附:服务器上 /index.html 的内容

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8">
<title>网站建设中</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<p align="center" style="font-size:28px; font-weight:bold;margin-top:50px;">系统维护中 敬请期待!</p>
</body>
</html>

第五段包:(未知,根据TCP协议,不是四次挥手)

18:33:04.389347 IP6 (hlim 236, next-header TCP (6) payload length: 32) 2409:896a:430:773c:2:1:a23d:5414.41535 > 240c:4082:0:1e03::5.http: Flags [.], cksum 0xa819 (correct), seq 471, ack 610, win 1304, options [nop,nop,TS val 15594803 ecr 6093028], length 0
	0x0000:  6000 0000 0020 06ec 2409 896a 0430 773c  `.......$..j.0w<
	0x0010:  0002 0001 a23d 5414 240c 4082 0000 1e03  .....=T.$.@.....
	0x0020:  0000 0000 0000 0005 a23f 0050 5741 d9d8  .........?.PWA..
	0x0030:  17c1 4cf4 8010 0518 a819 0000 0101 080a  ..L.............
	0x0040:  00ed f533 005c f8e4                      ...3.\..
18:33:04.729402 IP6 (hlim 236, next-header TCP (6) payload length: 40) 2409:896a:430:773c:2:1:a23d:5414.41534 > 240c:4082:0:1e03::5.http: Flags [S], cksum 0x6b12 (correct), seq 1812936370, win 65535, options [mss 1350,sackOK,TS val 15594836 ecr 0,nop,wscale 6], length 0
	0x0000:  6000 0000 0028 06ec 2409 896a 0430 773c  `....(..$..j.0w<
	0x0010:  0002 0001 a23d 5414 240c 4082 0000 1e03  .....=T.$.@.....
	0x0020:  0000 0000 0000 0005 a23e 0050 6c0f 36b2  .........>.Pl.6.
	0x0030:  0000 0000 a002 ffff 6b12 0000 0204 0546  ........k......F
	0x0040:  0402 080a 00ed f554 0000 0000 0103 0306  .......T........
18:33:04.729453 IP6 (hlim 64, next-header TCP (6) payload length: 40) 240c:4082:0:1e03::5.http > 2409:896a:430:773c:2:1:a23d:5414.41534: Flags [S.], cksum 0xa1f9 (incorrect -> 0xf40f), seq 3910738701, ack 1812936371, win 28560, options [mss 1440,sackOK,TS val 6093442 ecr 15594836,nop,wscale 7], length 0
	0x0000:  6000 0000 0028 0640 240c 4082 0000 1e03  `....(.@$.@.....
	0x0010:  0000 0000 0000 0005 2409 896a 0430 773c  ........$..j.0w<
	0x0020:  0002 0001 a23d 5414 0050 a23e e919 230d  .....=T..P.>..#.
	0x0030:  6c0f 36b3 a012 6f90 a1f9 0000 0204 05a0  l.6...o.........
	0x0040:  0402 080a 005c fa82 00ed f554 0103 0307  .....\.....T....
18:33:04.799463 IP6 (hlim 236, next-header TCP (6) payload length: 32) 2409:896a:430:773c:2:1:a23d:5414.41534 > 240c:4082:0:1e03::5.http: Flags [.], cksum 0x8d5e (correct), seq 1, ack 1, win 1266, options [nop,nop,TS val 15594844 ecr 6093442], length 0
	0x0000:  6000 0000 0020 06ec 2409 896a 0430 773c  `.......$..j.0w<
	0x0010:  0002 0001 a23d 5414 240c 4082 0000 1e03  .....=T.$.@.....
	0x0020:  0000 0000 0000 0005 a23e 0050 6c0f 36b3  .........>.Pl.6.
	0x0030:  e919 230e 8010 04f2 8d5e 0000 0101 080a  ..#......^......
	0x0040:  00ed f55c 005c fa82                      ...\.\..

第六段:HTTP其他请求

大家都知道,浏览器会默认发一个/favicon.ico的请求,用于获取网页的图标。(如果你不懂的话,你就当你已经懂了。)以下是为该文件的请求与响应。

18:33:05.634355 IP6 (hlim 236, next-header TCP (6) payload length: 474) 2409:896a:430:773c:2:1:a23d:5414.41535 > 240c:4082:0:1e03::5.http: Flags [P.], cksum 0x3606 (correct), seq 471:913, ack 610, win 1304, options [nop,nop,TS val 15594926 ecr 6093028], length 442: HTTP, length: 442
	GET /favicon.ico HTTP/1.1
	Host: ipv6.ayouleyang.cn
	Connection: keep-alive
	User-Agent: Mozilla/5.0 (Linux; Android 6.0; 1505-A01 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.97 Mobile Safari/537.36
	Accept: image/webp,image/apng,image/*,*/*;q=0.8
	Referer: http://ipv6.ayouleyang.cn/?t=4
	Accept-Encoding: gzip, deflate
	Accept-Language: zh-CN,en-US;q=0.9
	Cookie: _ga=GA1.2.142392291.1560353173

	0x0000:  6000 0000 01da 06ec 2409 896a 0430 773c  `.......$..j.0w<
	0x0010:  0002 0001 a23d 5414 240c 4082 0000 1e03  .....=T.$.@.....
	0x0020:  0000 0000 0000 0005 a23f 0050 5741 d9d8  .........?.PWA..
	0x0030:  17c1 4cf4 8018 0518 3606 0000 0101 080a  ..L.....6.......
	0x0040:  00ed f5ae 005c f8e4 4745 5420 2f66 6176  .....\..GET./fav
	0x0050:  6963 6f6e 2e69 636f 2048 5454 502f 312e  icon.ico.HTTP/1.
	0x0060:  310d 0a48 6f73 743a 2069 7076 362e 6179  1..Host:.ipv6.ay
	0x0070:  6f75 6c65 7961 6e67 2e63 6e0d 0a43 6f6e  ouleyang.cn..Con
	0x0080:  6e65 6374 696f 6e3a 206b 6565 702d 616c  nection:.keep-al
	0x0090:  6976 650d 0a55 7365 722d 4167 656e 743a  ive..User-Agent:
	0x00a0:  204d 6f7a 696c 6c61 2f35 2e30 2028 4c69  .Mozilla/5.0.(Li
	0x00b0:  6e75 783b 2041 6e64 726f 6964 2036 2e30  nux;.Android.6.0
	0x00c0:  3b20 3135 3035 2d41 3031 2042 7569 6c64  ;.1505-A01.Build
	0x00d0:  2f4d 5241 3538 4b3b 2077 7629 2041 7070  /MRA58K;.wv).App
	0x00e0:  6c65 5765 624b 6974 2f35 3337 2e33 3620  leWebKit/537.36.
	0x00f0:  284b 4854 4d4c 2c20 6c69 6b65 2047 6563  (KHTML,.like.Gec
	0x0100:  6b6f 2920 5665 7273 696f 6e2f 342e 3020  ko).Version/4.0.
	0x0110:  4368 726f 6d65 2f36 322e 302e 3332 3032  Chrome/62.0.3202
	0x0120:  2e39 3720 4d6f 6269 6c65 2053 6166 6172  .97.Mobile.Safar
	0x0130:  692f 3533 372e 3336 0d0a 4163 6365 7074  i/537.36..Accept
	0x0140:  3a20 696d 6167 652f 7765 6270 2c69 6d61  :.image/webp,ima
	0x0150:  6765 2f61 706e 672c 696d 6167 652f 2a2c  ge/apng,image/*,
	0x0160:  2a2f 2a3b 713d 302e 380d 0a52 6566 6572  */*;q=0.8..Refer
	0x0170:  6572 3a20 6874 7470 3a2f 2f69 7076 362e  er:.http://ipv6.
	0x0180:  6179 6f75 6c65 7961 6e67 2e63 6e2f 3f74  ayouleyang.cn/?t
	0x0190:  3d34 0d0a 4163 6365 7074 2d45 6e63 6f64  =4..Accept-Encod
	0x01a0:  696e 673a 2067 7a69 702c 2064 6566 6c61  ing:.gzip,.defla
	0x01b0:  7465 0d0a 4163 6365 7074 2d4c 616e 6775  te..Accept-Langu
	0x01c0:  6167 653a 207a 682d 434e 2c65 6e2d 5553  age:.zh-CN,en-US
	0x01d0:  3b71 3d30 2e39 0d0a 436f 6f6b 6965 3a20  ;q=0.9..Cookie:.
	0x01e0:  5f67 613d 4741 312e 322e 3134 3233 3932  _ga=GA1.2.142392
	0x01f0:  3239 312e 3135 3630 3335 3331 3733 0d0a  291.1560353173..
	0x0200:  0d0a                                     ..
18:33:05.634840 IP6 (hlim 64, next-header TCP (6) payload length: 527) 240c:4082:0:1e03::5.http > 2409:896a:430:773c:2:1:a23d:5414.41535: Flags [P.], cksum 0xa3e0 (incorrect -> 0xb5c5), seq 610:1105, ack 913, win 240, options [nop,nop,TS val 6094348 ecr 15594926], length 495: HTTP, length: 495
	HTTP/1.1 404 Not Found
	Server: nginx/1.12.2
	Date: Sat, 06 Jul 2019 10:33:05 GMT
	Content-Type: text/html
	Content-Length: 318
	Connection: keep-alive
	ETag: "5d2076a3-13e"

	<head>
	<meta charset="utf-8">
	<title>404</title>
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	</head>
	<body>
	0x0000:  6000 0000 020f 0640 240c 4082 0000 1e03  `......@$.@.....
	0x0010:  0000 0000 0000 0005 2409 896a 0430 773c  ........$..j.0w<
	0x0020:  0002 0001 a23d 5414 0050 a23f 17c1 4cf4  .....=T..P.?..L.
	0x0030:  5741 db92 8018 00f0 a3e0 0000 0101 080a  WA..............
	0x0040:  005c fe0c 00ed f5ae 4854 5450 2f31 2e31  .\......HTTP/1.1
	0x0050:  2034 3034 204e 6f74 2046 6f75 6e64 0d0a  .404.Not.Found..
	0x0060:  5365 7276 6572 3a20 6e67 696e 782f 312e  Server:.nginx/1.
	0x0070:  3132 2e32 0d0a 4461 7465 3a20 5361 742c  12.2..Date:.Sat,
	0x0080:  2030 3620 4a75 6c20 3230 3139 2031 303a  .06.Jul.2019.10:
	0x0090:  3333 3a30 3520 474d 540d 0a43 6f6e 7465  33:05.GMT..Conte
	0x00a0:  6e74 2d54 7970 653a 2074 6578 742f 6874  nt-Type:.text/ht
	0x00b0:  6d6c 0d0a 436f 6e74 656e 742d 4c65 6e67  ml..Content-Leng
	0x00c0:  7468 3a20 3331 380d 0a43 6f6e 6e65 6374  th:.318..Connect
	0x00d0:  696f 6e3a 206b 6565 702d 616c 6976 650d  ion:.keep-alive.
	0x00e0:  0a45 5461 673a 2022 3564 3230 3736 6133  .ETag:."5d2076a3
	0x00f0:  2d31 3365 220d 0a0d 0a3c 6865 6164 3e0a  -13e"....<head>.
	0x0100:  3c6d 6574 6120 6368 6172 7365 743d 2275  <meta.charset="u
	0x0110:  7466 2d38 223e 0a3c 7469 746c 653e 3430  tf-8">.<title>40
	0x0120:  343c 2f74 6974 6c65 3e0a 3c6d 6574 6120  4</title>.<meta.
	0x0130:  6874 7470 2d65 7175 6976 3d22 582d 5541  http-equiv="X-UA
	0x0140:  2d43 6f6d 7061 7469 626c 6522 2063 6f6e  -Compatible".con
	0x0150:  7465 6e74 3d22 4945 3d65 6467 6522 3e0a  tent="IE=edge">.
	0x0160:  3c6d 6574 6120 6e61 6d65 3d22 7669 6577  <meta.name="view
	0x0170:  706f 7274 2220 636f 6e74 656e 743d 2277  port".content="w
	0x0180:  6964 7468 3d64 6576 6963 652d 7769 6474  idth=device-widt
	0x0190:  682c 2069 6e69 7469 616c 2d73 6361 6c65  h,.initial-scale
	0x01a0:  3d31 223e 0a3c 2f68 6561 643e 0a3c 626f  =1">.</head>.<bo
	0x01b0:  6479 3e0a 3c70 2061 6c69 676e 3d22 6365  dy>.<p.align="ce
	0x01c0:  6e74 6572 2220 7374 796c 653d 2266 6f6e  nter".style="fon
	0x01d0:  742d 7369 7a65 3a32 3870 783b 2066 6f6e  t-size:28px;.fon
	0x01e0:  742d 7765 6967 6874 3a62 6f6c 643b 6d61  t-weight:bold;ma
	0x01f0:  7267 696e 2d74 6f70 3a35 3070 783b 223e  rgin-top:50px;">
	0x0200:  3430 342d e682 a8e8 aebf e997 aee7 9a84  404-............
	0x0210:  e8b5 84e6 ba90 e4b8 8de5 ad98 e59c a8e3  ................
	0x0220:  8082 3c2f 703e 0a3c 2f62 6f64 793e 0a3c  ..</p>.</body>.<
	0x0230:  2f68 746d 6c3e 0a                        /html>.

第七段包:

18:33:05.709495 IP6 (hlim 236, next-header TCP (6) payload length: 32) 2409:896a:430:773c:2:1:a23d:5414.41535 > 240c:4082:0:1e03::5.http: Flags [.], cksum 0x9e9e (correct), seq 913, ack 1105, win 1342, options [nop,nop,TS val 15594935 ecr 6094348], length 0
	0x0000:  6000 0000 0020 06ec 2409 896a 0430 773c  `.......$..j.0w<
	0x0010:  0002 0001 a23d 5414 240c 4082 0000 1e03  .....=T.$.@.....
	0x0020:  0000 0000 0000 0005 a23f 0050 5741 db92  .........?.PWA..
	0x0030:  17c1 4ee3 8010 053e 9e9e 0000 0101 080a  ..N....>........
	0x0040:  00ed f5b7 005c fe0c                      .....\..

第八段包:(啊呀!忘了抓HTTP四次挥手包了,下次补上)

总结:

(4)整个请求步骤分为TCP三次握手、HTTP请求与响应(多个)、TCP四次挥手。

(1)HTTP/1.1 使用一个连接可以传输多个文件,而HTTP/1.0不能,所以HTTP/1.0很快就被HTTP/1.1替代了。而HTTP2可以同一时间打开多个HTTP请求,而HTTP/1.1不能。

(2)猜想:keep-alive让这个TCP保持连接,等待下次请求再次使用这个连接。

(3)根据HTTP响应包,网站建设中对应的代码为e7 bd91 e7ab 99e5 bbba e8ae bee4 b8ad,该文字使用urlencode编码结果%e7%bd%91%e7%ab%99%e5%bb%ba%e8%ae%be%e4%b8%ad相匹配,可了解中文是如何编码传输的。(我记得以前说的中文占两个字节,到这里占的是3个字节,可以了解下Unicode编码和UTF-8编码)

(6)TCP的seq/ack/syn规则:

(7)SYN攻击则为客户端发送第一个握手包,并不发送第三个握手包,耗尽服务器的TCP资源。

(5)TCP(传输控制协议)作用


进制转换


参考文章:

30分钟掌握tcpdump

TCP报文格式详解

TCP报文段详解

TCP/IP 数据包报文格式

注释