Tcpdump
tcpdump 中的“0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31”是什麼意思?
我正在努力學習
tcpdump。我執行了以下命令:-tcpdump -i eth0 -lnXs1600 host google.com and port 80並得到以下結果:-
2:23:45.781779 IP 10.16.30.28.42957 > 173.194.36.65.http: Flags [S], seq 3301439566, win 5840, options [mss 1460,sackOK,TS val 212804497 ecr 0,nop,wscale 5], length 0 0x0000: 4500 003c dbdf 4000 4006 64ad 0a10 1e1c E..<..@.@.d..... 0x0010: adc2 2441 a7cd 0050 c4c7 f84e 0000 0000 ..$A...P...N.... 0x0020: a002 16d0 a18e 0000 0204 05b4 0402 080a ................ 0x0030: 0caf 2391 0000 0000 0103 0305 ..#......... 12:23:45.782354 IP 173.194.36.65.http > 10.16.30.28.42957: Flags [S.], seq 3225093944, ack 3301439567, win 32768, options [mss 1460,nop,wscale 0,nop,nop,TS val 102501848 ecr 212804497,sackOK,eol], length 0 0x0000: 4500 0040 d258 4000 3f06 6f30 adc2 2441 E..@.X@.?.o0..$A 0x0010: 0a10 1e1c 0050 a7cd c03b 0738 c4c7 f84f .....P...;.8...O 0x0020: b012 8000 4be5 0000 0204 05b4 0103 0300 ....K........... 0x0030: 0101 080a 061c 0dd8 0caf 2391 0402 0000 ..........#..... 12:23:45.782513 IP 10.16.30.28.42957 > 173.194.36.65.http: Flags [.], ack 1, win 183, options [nop,nop,TS val 212804497 ecr 102501848], length 0 0x0000: 4500 0034 dbe0 4000 4006 64b4 0a10 1e1c E..4..@.@.d..... 0x0010: adc2 2441 a7cd 0050 c4c7 f84f c03b 0739 ..$A...P...O.;.9 0x0020: 8010 00b7 0af9 0000 0101 080a 0caf 2391 ..............#. 0x0030: 061c 0dd8 .... 12:23:45.783359 IP 10.16.30.28.42957 > 173.194.36.65.http: Flags [P.], seq 1:374, ack 1, win 183, options [nop,nop,TS val 212804498 ecr 102501848], length 373 0x0000: 4500 01a9 dbe1 4000 4006 633e 0a10 1e1c E.....@.@.c>.... 0x0010: adc2 2441 a7cd 0050 c4c7 f84f c03b 0739 ..$A...P...O.;.9 0x0020: 8018 00b7 2113 0000 0101 080a 0caf 2392 ....!.........#. 0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31 ....GET./.HTTP/1 0x0040: 2e31 0d0a 486f 7374 3a20 676f 6f67 6c65 .1..Host:.google 0x0050: 2e63 6f6d 0d0a 5573 6572 2d41 6765 6e74 .com..User-Agent 0x0060: 3a20 454c 696e 6b73 2f30 2e31 3270 7265 :.ELinks/0.12pre 0x0070: 3520 2874 6578 746d 6f64 653b 204c 696e 5.(textmode;.Lin 0x0080: 7578 3b20 3830 7832 342d 3229 0d0a 4163 ux;.80x24-2)..Ac 0x0090: 6365 7074 3a20 2a2f 2a0d 0a41 6363 6570 cept:.*/*..Accep 0x00a0: 742d 4c61 6e67 7561 6765 3a20 656e 0d0a t-Language:.en.. 0x00b0: 436f 6e6e 6563 7469 6f6e 3a20 4b65 6570 Connection:.Keep 0x00c0: 2d41 6c69 7665 0d0a 436f 6f6b 6965 3a20 -Alive..Cookie:. 0x00d0: 5052 4546 3d49 443d 3066 3366 3864 3864 PREF=ID=0f3f8d8d 0x00e0: 3538 6535 6534 6333 3a46 463d 303a 544d 58e5e4c3:FF=0:TM 0x00f0: 3d31 3337 3234 3332 3939 373a 4c4d 3d31 =1372432997:LM=1 0x0100: 3337 3234 3332 3939 373a 533d 4e7a 776e 372432997:S=Nzwn 0x0110: 5a72 5a51 2d70 5f75 515a 666e 3b20 4e49 ZrZQ-p_uQZfn;.NI 0x0120: 443d 3637 3d52 5a7a 3556 3072 5f4e 7849 D=67=RZz5V0r_NxI 0x0130: 3470 3631 4875 354d 684a 7653 5235 5074 4p61Hu5MhJvSR5Pt 0x0140: 6149 4a4f 6d72 6c32 7844 5f42 356c 4c78 aIJOmrl2xD_B5lLx 0x0150: 6a65 756a 592d 4379 7562 4353 6b55 6a4c jeujY-CyubCSkUjL 0x0160: 656f 5a49 5757 5334 5f78 2d6d 5551 6e6e eoZIWWS4_x-mUQnn 0x0170: 3831 5067 586a 426e 7771 386f 365a 3775 81PgXjBnwq8o6Z7u 0x0180: 3953 6459 776e 5453 7155 706e 5946 7842 9SdYwnTSqUpnYFxB 0x0190: 347a 795a 3036 6e75 6355 5f47 582d 4e78 4zyZ06nucU_GX-Nx 0x01a0: 475f 6544 310d 0a0d 0a G_eD1....我想知道這
0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31條線代表什麼0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31 ....GET./.HTTP/1任何幫助將不勝感激。
0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31 stands for in the line 0x0030: 061c 0dd8 4745 5420 2f20 4854 5450 2f31這是數據包中數據的十六進製表示,從字節數
0x0030或開始48。06是字節 48,1c是字節 49,依此類推。
....GET./.HTTP/1是與上面相同的有效負載字元串的文本表示。