一次HTTP POST请求,Nginx有没有接收到完整数据, FPM有没有接收到完整数据,通过tcpdump这个软件就可以很轻易完成。
说明:以下LNMP测试环境:
Nginx监听80端口
PHP-FPM监听9022端口
Nginx和FPM通过IP + port的方式通信。
一、通过curl模拟请求
curl -x '10.235.25.242:80' 'http://energy.tv.weibo.cn/ssvote?aid=1' -d 't=debugqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq' # PHP中输出POST结果 PHP recive: t = debugqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
二、tcpdump抓取Nginx监听80端口POST的数据
tcpdump -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354' -nn and port 80 and src host 10.222.77.160 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 11:10:35.025842 IP (tos 0x0, ttl 61, id 55994, offset 0, flags [DF], proto TCP (6), length 619) 10.222.77.160.62930 > 10.235.25.242.80: Flags [P.], cksum 0xd697 (correct), seq 2027225327:2027225894, ack 3681519634, win 4117, options [nop,nop,TS val 884338733 ecr 577897190], length 567 E..k..@.=..w .M. ......Px....o............. 4..-"r..POST http://energy.tv.weibo.cn/ssvote?aid=1 HTTP/1.1 Host: energy.tv.weibo.cn User-Agent: curl/7.51.0 Accept: */* Proxy-Connection: Keep-Alive Content-Length: 347 Content-Type: application/x-www-form-urlencoded t=debugqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
三、tcpdump抓取fpm监听9022端口传输数据
tcpdump -i any -nn -Xx port 9022 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes 11:10:35.026177 IP 127.0.0.1.46147 > 127.0.0.1.9022: Flags [S], seq 3420317456, win 32792, options [mss 16396,sackOK,TS val 577897194 ecr 0,nop,wscale 7], length 0 0x0000: 4500 003c e5fa 4000 4006 56bf 7f00 0001 E..<..@.@.V..... 0x0010: 7f00 0001 b443 233e cbdd e710 0000 0000 .....C#>........ 0x0020: a002 8018 dfc0 0000 0204 400c 0402 080a ..........@..... 0x0030: 2272 02ea 0000 0000 0103 0307 "r.......... 11:10:35.026193 IP 127.0.0.1.9022 > 127.0.0.1.46147: Flags [S.], seq 4214014606, ack 3420317457, win 32768, options [mss 16396,sackOK,TS val 577897194 ecr 577897194,nop,wscale 7], length 0 0x0000: 4500 003c 0000 4000 4006 3cba 7f00 0001 E..<..@.@.<..... 0x0010: 7f00 0001 233e b443 fb2c c28e cbdd e711 ....#>.C.,...... 0x0020: a012 8000 fcaf 0000 0204 400c 0402 080a ..........@..... 0x0030: 2272 02ea 2272 02ea 0103 0307 "r.."r...... 11:10:35.026205 IP 127.0.0.1.46147 > 127.0.0.1.9022: Flags [.], ack 1, win 257, options [nop,nop,TS val 577897194 ecr 577897194], length 0 0x0000: 4500 0034 e5fb 4000 4006 56c6 7f00 0001 E..4..@.@.V..... 0x0010: 7f00 0001 b443 233e cbdd e711 fb2c c28f .....C#>.....,.. 0x0020: 8010 0101 e4d3 0000 0101 080a 2272 02ea ............"r.. 0x0030: 2272 02ea "r.. 11:10:35.026237 IP 127.0.0.1.46147 > 127.0.0.1.9022: Flags [P.], seq 1:1121, ack 1, win 257, options [nop,nop,TS val 577897194 ecr 577897194], length 1120 0x0000: 4500 0494 e5fc 4000 4006 5265 7f00 0001 E.....@.@.Re.... 0x0010: 7f00 0001 b443 233e cbdd e711 fb2c c28f .....C#>.....,.. 0x0020: 8018 0101 0289 0000 0101 080a 2272 02ea ............"r.. 0x0030: 2272 02ea 0101 0001 0008 0000 0001 0000 "r.............. 0x0040: 0000 0000 0104 0001 02d0 0000 0a00 5245 ..............RE 0x0050: 5155 4553 545f 4944 0c05 5155 4552 595f QUEST_ID..QUERY_ 0x0060: 5354 5249 4e47 6169 643d 310e 0452 4551 STRINGaid=1..REQ 0x0070: 5545 5354 5f4d 4554 484f 4450 4f53 540c UEST_METHODPOST. 0x0080: 2143 4f4e 5445 4e54 5f54 5950 4561 7070 !CONTENT_TYPEapp 0x0090: 6c69 6361 7469 6f6e 2f78 2d77 7777 2d66 lication/x-www-f 0x00a0: 6f72 6d2d 7572 6c65 6e63 6f64 6564 0e03 orm-urlencoded.. 0x00b0: 434f 4e54 454e 545f 4c45 4e47 5448 3334 CONTENT_LENGTH34 0x00c0: 370b 0a53 4352 4950 545f 4e41 4d45 2f69 7..SCRIPT_NAME/i 0x00d0: 6e64 6578 2e70 6870 0b0d 5245 5155 4553 ndex.php..REQUES 0x00e0: 545f 5552 492f 7373 766f 7465 3f61 6964 T_URI/ssvote?aid 0x00f0: 3d31 0c11 444f 4355 4d45 4e54 5f55 5249 =1..DOCUMENT_URI 0x0100: 2f69 6e64 6578 2e70 6870 2f73 7376 6f74 /index.php/ssvot 0x0110: 650d 2b44 4f43 554d 454e 545f 524f 4f54 e.+DOCUMENT_ROOT 0x0120: 2f64 6174 6131 2f77 7777 2f68 7464 6f63 /data1/www/htdoc 0x0130: 732f 656e 6572 6779 2e74 762e 7765 6962 s/energy.tv.weib 0x0140: 6f2e 636e 2f70 7562 6c69 630f 0853 4552 o.cn/public..SER 0x0150: 5645 525f 5052 4f54 4f43 4f4c 4854 5450 VER_PROTOCOLHTTP 0x0160: 2f31 2e31 1107 4741 5445 5741 595f 494e /1.1..GATEWAY_IN 0x0170: 5445 5246 4143 4543 4749 2f31 2e31 0f0b TERFACECGI/1.1.. 0x0180: 5345 5256 4552 5f53 4f46 5457 4152 456e SERVER_SOFTWAREn 0x0190: 6769 6e78 2f31 2e34 2e37 0b0d 5245 4d4f ginx/1.4.7..REMO 0x01a0: 5445 5f41 4444 5231 302e 3232 322e 3737 TE_ADDR10.222.77 0x01b0: 2e31 3630 0b05 5245 4d4f 5445 5f50 4f52 .160..REMOTE_POR 0x01c0: 5436 3239 3330 0b0d 5345 5256 4552 5f41 T62930..SERVER_A 0x01d0: 4444 5231 302e 3233 352e 3235 2e32 3432 DDR10.235.25.242 0x01e0: 0b02 5345 5256 4552 5f50 4f52 5438 300b ..SERVER_PORT80. 0x01f0: 1253 4552 5645 525f 4e41 4d45 656e 6572 .SERVER_NAMEener 0x0200: 6779 2e74 762e 7765 6962 6f2e 636e 0f35 gy.tv.weibo.cn.5 0x0210: 5343 5249 5054 5f46 494c 454e 414d 452f SCRIPT_FILENAME/ 0x0220: 6461 7461 312f 7777 772f 6874 646f 6373 data1/www/htdocs 0x0230: 2f65 6e65 7267 792e 7476 2e77 6569 626f /energy.tv.weibo 0x0240: 2e63 6e2f 7075 626c 6963 2f69 6e64 6578 .cn/public/index 0x0250: 2e70 6870 0907 5041 5448 5f49 4e46 4f2f .php..PATH_INFO/ 0x0260: 7373 766f 7465 0912 4854 5450 5f48 4f53 ssvote..HTTP_HOS 0x0270: 5465 6e65 7267 792e 7476 2e77 6569 626f Tenergy.tv.weibo 0x0280: 2e63 6e0f 0b48 5454 505f 5553 4552 5f41 .cn..HTTP_USER_A 0x0290: 4745 4e54 6375 726c 2f37 2e35 312e 300b GENTcurl/7.51.0. 0x02a0: 0348 5454 505f 4143 4345 5054 2a2f 2a15 .HTTP_ACCEPT*/*. 0x02b0: 0a48 5454 505f 5052 4f58 595f 434f 4e4e .HTTP_PROXY_CONN 0x02c0: 4543 5449 4f4e 4b65 6570 2d41 6c69 7665 ECTIONKeep-Alive 0x02d0: 1303 4854 5450 5f43 4f4e 5445 4e54 5f4c ..HTTP_CONTENT_L 0x02e0: 454e 4754 4833 3437 1121 4854 5450 5f43 ENGTH347.!HTTP_C 0x02f0: 4f4e 5445 4e54 5f54 5950 4561 7070 6c69 ONTENT_TYPEappli 0x0300: 6361 7469 6f6e 2f78 2d77 7777 2d66 6f72 cation/x-www-for 0x0310: 6d2d 7572 6c65 6e63 6f64 6564 0104 0001 m-urlencoded.... 0x0320: 0000 0000 0105 0001 015b 0500 743d 6465 .........[..t=de 0x0330: 6275 6771 7171 7171 7171 7171 7171 7171 bugqqqqqqqqqqqqq 0x0340: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0350: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0360: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0370: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0380: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0390: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x03a0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x03b0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x03c0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x03d0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x03e0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x03f0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0400: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0410: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0420: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0430: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0440: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0450: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0460: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0470: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0480: 7171 7171 7171 7100 0000 0000 0105 0001 qqqqqqq......... 0x0490: 0000 0000 .... 11:10:35.026245 IP 127.0.0.1.9022 > 127.0.0.1.46147: Flags [.], ack 1121, win 274, options [nop,nop,TS val 577897194 ecr 577897194], length 0 0x0000: 4500 0034 c065 4000 4006 7c5c 7f00 0001 E..4.e@.@.|\.... 0x0010: 7f00 0001 233e b443 fb2c c28f cbdd eb71 ....#>.C.,.....q 0x0020: 8010 0112 e062 0000 0101 080a 2272 02ea .....b......"r.. 0x0030: 2272 02ea "r.. 11:10:35.038955 IP 127.0.0.1.9022 > 127.0.0.1.46147: Flags [P.], seq 1:553, ack 1121, win 274, options [nop,nop,TS val 577897207 ecr 577897194], length 552 0x0000: 4500 025c c066 4000 4006 7a33 7f00 0001 E..\.f@.@.z3.... 0x0010: 7f00 0001 233e b443 fb2c c28f cbdd eb71 ....#>.C.,.....q 0x0020: 8018 0112 0051 0000 0101 080a 2272 02f7 .....Q......"r.. 0x0030: 2272 02ea 0106 0001 020b 0500 436f 6e74 "r..........Cont 0x0040: 656e 742d 7479 7065 3a20 7465 7874 2f68 ent-type:.text/h 0x0050: 746d 6c3b 2063 6861 7273 6574 3d75 7466 tml;.charset=utf 0x0060: 2d38 0d0a 4361 6368 652d 436f 6e74 726f -8..Cache-Contro 0x0070: 6c3a 206e 6f2d 6361 6368 652c 206d 7573 l:.no-cache,.mus 0x0080: 742d 7265 7661 6c69 6461 7465 0d0a 4578 t-revalidate..Ex 0x0090: 7069 7265 733a 2053 6174 2c20 3236 204a pires:.Sat,.26.J 0x00a0: 756c 2031 3939 3720 3035 3a30 303a 3030 ul.1997.05:00:00 0x00b0: 2047 4d54 0d0a 5072 6167 6d61 3a20 6e6f .GMT..Pragma:.no 0x00c0: 2d63 6163 6865 0d0a 0d0a 5048 5020 7265 -cache....PHP.re 0x00d0: 6369 7665 3a20 7420 3d20 6465 6275 6771 cive:.t.=.debugq 0x00e0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x00f0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0100: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0110: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0120: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0130: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0140: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0150: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0160: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0170: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0180: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0190: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x01a0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x01b0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x01c0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x01d0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x01e0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x01f0: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0200: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0210: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0220: 7171 7171 7171 7171 7171 7171 7171 7171 qqqqqqqqqqqqqqqq 0x0230: 7171 710a 0a70 6172 616d 2074 206c 656e qqq..param.t.len 0x0240: 7320 3d20 3334 3500 0000 0000 0103 0001 s.=.345......... 0x0250: 0008 0000 0000 0000 0063 732f .........cs/ 11:10:35.038964 IP 127.0.0.1.46147 > 127.0.0.1.9022: Flags [.], ack 553, win 265, options [nop,nop,TS val 577897207 ecr 577897207], length 0 0x0000: 4500 0034 e5fd 4000 4006 56c4 7f00 0001 E..4..@.@.V..... 0x0010: 7f00 0001 b443 233e cbdd eb71 fb2c c4b7 .....C#>...q.,.. 0x0020: 8010 0109 de29 0000 0101 080a 2272 02f7 .....)......"r.. 0x0030: 2272 02f7 "r.. 11:10:35.038975 IP 127.0.0.1.9022 > 127.0.0.1.46147: Flags [F.], seq 553, ack 1121, win 274, options [nop,nop,TS val 577897207 ecr 577897207], length 0 0x0000: 4500 0034 c067 4000 4006 7c5a 7f00 0001 E..4.g@.@.|Z.... 0x0010: 7f00 0001 233e b443 fb2c c4b7 cbdd eb71 ....#>.C.,.....q 0x0020: 8011 0112 de1f 0000 0101 080a 2272 02f7 ............"r.. 0x0030: 2272 02f7 "r.. 11:10:35.039064 IP 127.0.0.1.46147 > 127.0.0.1.9022: Flags [F.], seq 1121, ack 554, win 265, options [nop,nop,TS val 577897207 ecr 577897207], length 0 0x0000: 4500 0034 e5fe 4000 4006 56c3 7f00 0001 E..4..@.@.V..... 0x0010: 7f00 0001 b443 233e cbdd eb71 fb2c c4b8 .....C#>...q.,.. 0x0020: 8011 0109 de27 0000 0101 080a 2272 02f7 .....'......"r.. 0x0030: 2272 02f7 "r.. 11:10:35.039103 IP 127.0.0.1.9022 > 127.0.0.1.46147: Flags [.], ack 1122, win 274, options [nop,nop,TS val 577897207 ecr 577897207], length 0 0x0000: 4500 0034 c068 4000 4006 7c59 7f00 0001 E..4.h@.@.|Y.... 0x0010: 7f00 0001 233e b443 fb2c c4b8 cbdd eb72 ....#>.C.,.....r 0x0020: 8010 0112 de1e 0000 0101 080a 2272 02f7 ............"r.. 0x0030: 2272 02f7 "r..
注:nginx把收到的HTTP请求转发给PHP-FPM, 这个过程我理解不再是HTTP请求,而是fastcgi请求,所以通过监听9022端口POST请求数据,抓不到。
直接抓9022端口能抓到数据包
tcpdump tcp -s 0 -i any -nn port 9022 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes 11:22:20.043606 IP 127.0.0.1.46421 > 127.0.0.1.9022: Flags [S], seq 2857616840, win 32792, options [mss 16396,sackOK,TS val 578602211 ecr 0,nop,wscale 7], length 0 11:22:20.043621 IP 127.0.0.1.9022 > 127.0.0.1.46421: Flags [S.], seq 2338582113, ack 2857616841, win 32768, options [mss 16396,sackOK,TS val 578602211 ecr 578602211,nop,wscale 7], length 0 11:22:20.043634 IP 127.0.0.1.46421 > 127.0.0.1.9022: Flags [.], ack 1, win 257, options [nop,nop,TS val 578602211 ecr 578602211], length 0 11:22:20.043666 IP 127.0.0.1.46421 > 127.0.0.1.9022: Flags [P.], seq 1:1121, ack 1, win 257, options [nop,nop,TS val 578602212 ecr 578602211], length 1120 11:22:20.043674 IP 127.0.0.1.9022 > 127.0.0.1.46421: Flags [.], ack 1121, win 274, options [nop,nop,TS val 578602212 ecr 578602212], length 0 11:22:20.057865 IP 127.0.0.1.9022 > 127.0.0.1.46421: Flags [P.], seq 1:553, ack 1121, win 274, options [nop,nop,TS val 578602226 ecr 578602212], length 552 11:22:20.057875 IP 127.0.0.1.46421 > 127.0.0.1.9022: Flags [.], ack 553, win 265, options [nop,nop,TS val 578602226 ecr 578602226], length 0 11:22:20.057886 IP 127.0.0.1.9022 > 127.0.0.1.46421: Flags [F.], seq 553, ack 1121, win 274, options [nop,nop,TS val 578602226 ecr 578602226], length 0 11:22:20.057984 IP 127.0.0.1.46421 > 127.0.0.1.9022: Flags [F.], seq 1121, ack 554, win 265, options [nop,nop,TS val 578602226 ecr 578602226], length 0 11:22:20.058028 IP 127.0.0.1.9022 > 127.0.0.1.46421: Flags [.], ack 1122, win 274, options [nop,nop,TS val 578602226 ecr 578602226], length 0
抓9022端口POST数据发现抓不到
tcpdump -i any -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354' -nn and port 9022 tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
四、小结
0、数据包不一定都走默认网口,eth0, 比如fpm 9022端口开始走默认网口发现抓不到数据,加上-i any才行
1、查看网口
tcpdump -D 1.eth0 2.docker0 3.nflog (Linux netfilter log (NFLOG) interface) 4.nfqueue (Linux netfilter queue (NFQUEUE) interface) 5.usbmon1 (USB bus number 1) 6.usbmon2 (USB bus number 2) 7.usbmon3 (USB bus number 3) 8.usbmon4 (USB bus number 4) 9.any (Pseudo-device that captures on all interfaces) 10.lo
2、客户端到服务器的请求才是HTTP请求,Nginx的PHP-FPM的请求不是HTTP请求,Fastcgi请求。
3、tcpdump 逻辑运算符用法
第一个需要and, 第二个需要,不然会提示语法错误。
tcpdump tcp -s 0 -i any -nn port 9022 tcpdump -i any -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354' -nn and port 9022
参考:
tcpdump诊断nginx问题