19,612
社区成员
发帖
与我相关
我的任务
分享如何读懂这个tcpdump输出?
tcpdump host 192.168.1.100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:20:52.789742 IP localhost.37902 > d.root-servers.net.domain: 42429% [1au] DNSKEY? . (28)
11:20:52.789865 IP localhost.41693 > d.root-servers.net.domain: 18942% [1au] NS? . (28)
11:20:52.970349 IP d.root-servers.net.domain > localhost.37902: 42429*- 3/0/1 DNSKEY, DNSKEY, RRSIG (736)
11:20:52.977970 IP d.root-servers.net.domain > localhost.41693: 18942*- 14/0/25 NS h.root-servers.net., NS c.root-servers.net., NS f.root-servers.net., NS g.root-servers.net., NS m.root-servers.net., NS e.root-servers.net., NS k.root-servers.net., NS a.root-servers.net., NS j.root-servers.net., NS l.root-servers.net., NS d.root-servers.net., NS i.root-servers.net., NS b.root-servers.net., RRSIG (913)
11:20:53.262676 IP localhost.11242 > b.root-servers.net.domain: 20749% [1au] DNSKEY? . (28)
11:20:53.262749 IP localhost.58491 > b.root-servers.net.domain: 57315% [1au] NS? . (28)
11:20:53.670548 IP localhost.53771 > public1.alidns.com.domain: 23778+ PTR? 13.91.7.199.in-addr.arpa. (42)
请问:
如何理解d.root-servers.net.domain?
如何理解public1.alidns.com.domain?
ping public1.alidns.com
ping: unknown host public1.alidns.com
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:20:52.789742 IP localhost.37902 > d.root-servers.net.domain: 42429% [1au] DNSKEY? . (28)
11:20:52.789865 IP localhost.41693 > d.root-servers.net.domain: 18942% [1au] NS? . (28)
11:20:52.970349 IP d.root-servers.net.domain > localhost.37902: 42429*- 3/0/1 DNSKEY, DNSKEY, RRSIG (736)
11:20:52.977970 IP d.root-servers.net.domain > localhost.41693: 18942*- 14/0/25 NS h.root-servers.net., NS c.root-servers.net., NS f.root-servers.net., NS g.root-servers.net., NS m.root-servers.net., NS e.root-servers.net., NS k.root-servers.net., NS a.root-servers.net., NS j.root-servers.net., NS l.root-servers.net., NS d.root-servers.net., NS i.root-servers.net., NS b.root-servers.net., RRSIG (913)
11:20:53.262676 IP localhost.11242 > b.root-servers.net.domain: 20749% [1au] DNSKEY? . (28)
11:20:53.262749 IP localhost.58491 > b.root-servers.net.domain: 57315% [1au] NS? . (28)
11:20:53.670548 IP localhost.53771 > public1.alidns.com.domain: 23778+ PTR? 13.91.7.199.in-addr.arpa. (42)
请问:
如何理解d.root-servers.net.domain?
如何理解public1.alidns.com.domain?
ping public1.alidns.com
ping: unknown host public1.alidns.com
...全文
请发表友善的回复…
发表回复
jntcf 2015-08-27
- 打赏
- 举报
那个理解为一台服务器的标识(名)就行了
结果字段依次为
时间 协议 源IP,端口 目的IP,端口 {数据包的其他信息}
