tcpdump/HTTP协议实践
客户端:
CLOSED->SYN_SENT->ESTABLISHED->FIN_WAIT_1->FIN_WAIT_2->TIME_WAIT->CLOSED
服务端:
CLOSED->LISTEN->SYN收到->ESTABLISHED->CLOSE_WAIT->LAST_ACK->CLOSED
# tcpdump host 192.168.64.71 and port 80 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
10:13:01.617505 I
10:13:01.617631 IP 192.168.64.71.80 >
10:13:01.617766 I
10:13:01.618011 I
10:13:01.618023 IP 192.168.64.71.80 >
10:13:01.618486 IP 192.168.64.71.80 >
10:13:01.618510 IP 192.168.64.71.80 >
10:13:01.619638 I
10:13:11.574352 I
10:13:11.574455 IP 192.168.64.71.80 >
10:13:11.574991 I
Ø 服务端(192.168.64.71.80)向客户端(
第一个包发送了328字节,第二个包发送了974字节
Ø 关闭连接由客户端(
Site found: www.tcpdump.com=192.168.64.71
Connecting to 192.168.64.71
Connected to 192.168.64.71
GET http:// www.tcpdump.com/
> Accept: p_w_picpath/gif, p_w_picpath/x-xbitmap, p_w_picpath/jpeg, p_w_picpath/pjpeg, */*
> User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
> Host: tsf.oa.com
Request sent. 611 bytes
Data available. 974/974 bytes
Date: Sun, 10 Aug 2008 02:27:08 GMT
Server: Apache/
Last-Modified: Wed, 21 May 2008 01:19:21 GMT
ETag: "298227-3ce-62ec9840"
Accept-Ranges: bytes
Content-Length: 974
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=GB2312
200 Request complete
从上面的抓包结果来看,Apache将HTTP响应头和数据部分是分成两两部分发送的,而且TCP/IP协议栈没有再对其分包,也就是每个send调用都将数据发送完毕。