Shulou(Shulou.com)06/02 Report--

This article mainly introduces the method of grabbing the most original interactive data when an exception occurs when the source server accesses the target server. The article is very detailed and has a certain reference value. Interested friends must finish reading it!

Operation instructions for grabbing packets when the network is abnormal

If there is an exception when the source server accesses the target server, you can grab the package to obtain the most original interactive data, and then report back to Aliyun for troubleshooting and analysis. This paper introduces the commonly used package grabbing tools and briefly explains the package grabbing steps.

Note: it is recommended that you first refer to the documentation for port availability detection when ping is accessible but the port is not available, and refer to the link test instructions for packet loss or failure for analysis.

Introduction of commonly used bag grabbing tools

The following describes the package grabbing tools commonly used in Linux and Windows environments respectively:

Package grabbing tool in Linux Environment

Package grabbing tool in Windows Environment

Package grabbing tool in Linux Environment

In Linux environment, tcpdump is usually used for packet capture and analysis. It is a packet crawling and analysis tool pre-installed with almost all Linux distributions. For information on how to obtain and install tcpdump tools, refer to the official tcpdump documentation.

Example of tcpdump usage

Tcpdump [- AbdDefhHIJKlLnNOpqStuUvxX#] [- B buffer_size] [- c count] [- C file_size] [- G rotate_seconds] [- F file] [- I interface] [- j tstamp_type] [- m module] [- M secret] [--number] [- Q in | out | inout] [- r file] [- V file] [- s snaplen] [- T type] [- w file] [- W filecount] [- E spi@ipaddr algo:secret] ...] [- y datalinktype] [- z postrotate-command] [- Z user] [--time-stamp-precision=tstamp_precision] [--immediate-mode] [--version] [expression]

Description of common parameters (case sensitive)

-s is used to set the packet crawl length. If-s is 0, it automatically selects the appropriate length to grab the packet.

-w is used to export the package capture results to a file instead of analyzing and printout in the console.

-I is used to specify the interface (network card) that needs to be monitored.

-vvv is used to output detailed interactive data.

Expression is a regular expression used to filter messages. It mainly includes the following categories:

Keywords of the specified type: including host (host), net (network), and port (port).

Keywords that specify the direction of transmission: src (source), dst (destination), dst or src (source or destination), and dst and src (source and destination).

Specify the keywords of the protocol: including icmp, ip, arp, rarp, tcp, udp and other protocol types.

For more information on parameter description and usage, please see tcpdump's Manpage.

Common usage and sample output

Grab the interactive data of the specified port of the specified network card.

Operation instructions:

Tcpdump-s 0-I eth0 port 22

Sample output:

Tcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes20:24:59.414951 IP 172.16.2.226.ssh > 42.120.74.107.43414: Flags [P.], seq 442372 ack 442536, ack 53, win 141, length 16420 24 ack 59.415002 IP 172.16.2.226.ssh > 42.120.74.107.43414: Flags [P.], seq 442536 VR 442700, ack 53, win 141 Length 16420 IP 172.16.2.226.ssh > 42.120.74.107.43414: Flags [P.], seq 442700 seq 442864, ack 53, win 141, length 16420 14415 103 IP 172.16.2.226.ssh > 42.120.74.107.43414: Flags [P.], seq 442864 seq 443028, ack 53, win 141, length 16434

Grab the interactive data sent by the designated network card to the specified port on the specified IP, and output detailed interactive information on the console.

Operation instructions:

Tcpdump-s 0-I eth2-vvv port 22

Sample output:

Tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes20:24:20.991006 IP (tos 0x10, ttl 64, id 22747, offset 0, flags [DF], proto TCP (6), length 316) 172.16.2.226.ssh > 42.120.74.107.43414: Flags [P.], cksum 0x2504 (incorrect-> 0x270d), seq 13362414 133900, ack 1, win 141, length 27620 2420.991033 IP (tos 0x0, ttl 53, id 2348, offset 0, flags [DF], proto TCP (6) Length 92) 42.120.74.107.43414 > 172.16.2.226.ssh: Flags [P.], cksum 0x4759 (correct), seq 1:53, ack 129036, win 15472, length 5220 ttl 2420.991130 IP (tos 0x10, ttl 64, id 22748, offset 0, flags [DF], proto TCP (6), length 540) 172.16.2.226.ssh > 42.120.74.107.43414: Flags [P.], cksum 0x25e4 (incorrect-> 0x5e78), seq 133900pur134400, ack 53, win 141 Length 50020 tos 0x0 2420.991162 IP (tos 0x0, ttl 53, id 2349, offset 0, flags [DF], proto TCP (6), length 40) 42.120.74.107.43414 > 172.16.2.226.ssh: Flags [.], cksum 0xf39e (correct), seq 53, ack 129812, win 15278, length 0

Grab the ping interactive data sent to the specified IP and output detailed interactive data in the console.

Operation instructions:

Tcpdump-s 0-I eth2-vvv dst 223.5.5.5 and icmp

Sample output:

Tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes20:26:00.368958 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 172.16.2.226 > public1.alidns.com: ICMP echo request, id 55097, seq 341, length 6420 26purge 01.369996 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 172.16.2.226 > public1.alidns.com ICMP echo request: Id 55097, seq 342, length 6420 IP 26 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 172.16.2.226 > public1.alidns.com: ICMP echo request, id 55097, seq 343, length 6420 IP 03.372181 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 172.16.2.226 > public1.alidns.com: ICMP echo request, id 55097, seq 344, length 64

Grab all interface data in the system and save it to the specified file.

Operation instructions:

Tcpdump-I any-s 0-w test.cap

Sample output:

Tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

Package grabbing tool in Windows Environment

In Windows environment, Wireshark, a free open source tool, is usually used for package capture and analysis. It is the most popular packet crawling and analysis tool in Windows environment. Please visit the official Wireshark website to obtain and install Wireshark tools.

Wireshark packet capture steps

Install and open Wireshark.

Select the capture > option.

In the WireShark capture interface, select the network card that needs to capture the packet according to the interface name or the corresponding IP address, and then click start.

After fetching a sufficient number of packets, select capture > stop.

Select File > Save to save the package capture results to the specified file.

For information about the use of Wireshark tools and data analysis methods, please refer to the official Wireshark documentation.

Grab the package and submit the work order process

When an exception occurs, you can grab the data packet and send it to Aliyun after-sales technical support. When grabbing the package, make sure to operate concurrently from the source server and the target server at the same time, so that the after-sales technical support can be compared and analyzed. The steps are as follows:

Identify which network card is used for data exchange between the source server and the target server.

If the source server accesses the public network through NAT sharing, visit websites such as http://ip.taobao.com to obtain the public network IP corresponding to the local network.

Using the tools mentioned above, grab the destination port of the destination server address from the source server, or complete the packet capture, and then save the packet capture data.

Using the tools mentioned above, grab the address of the source server from the target server, or grab the packet completely, and then save the packet data.

Create a work order and attach the capture data file. After submitting the work order, Aliyun after-sales technical support will troubleshoot the problem and feedback the result to you through the work order.

The above is all the contents of the method of grabbing the package to obtain the most original interactive data when the source server accesses the target server. Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.