Packetdrill使用方法，结合tcpdump监测

Packetdrill

细读P4论文(Programming Protocol-Independent Packet Processors)

packetdrill是什么 入门demo

Install and Usage

下载地址：https://github.com/google/packetdrill

# root
# 需要下载flex,bison
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install flex bison
# 解压代码，配置编译
unzip packetdrill-master.zip
cd packetdrill-master/gtests/net/packetdrill
./configure & make
# 执行
./packetdrill ./tests/linux/packetdrill/XXX.pkt

添加环境变量(方便执行，不必须)

vim /root/.bashrc
# 添加环境配置：在末尾添加代码
# export PATH="/usr/local/packetdrill:$PATH"

将编译出的packetdrill可执行文件拷贝到/usr/local/bin目录下。

cp /home/kun/Downloads/packetdrill-master/gtests/net/packetdrill/packetdrill /usr/local/bin

执行+tcpdump监测

编写test.pkt文件：

0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0  setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
+0  bind(3, ..., ...) = 0
+0  listen(3, 1) = 0

//TCP three-way handshake
+0  < S 0:0(0) win 4000 <mss 1000>
+0  > S. 0:0(0) ack 1 <...>
+.1 < . 1:1(0) ack 1 win 1000

+0 accept(3, ..., ...) = 4

+0 < P. 1:201(200) win 4000
+0 > . 1:1(0) ack 201

打开终端1，用tcpdump监测8080端口（bind默认绑定端口）：

root@ubuntu:~# sudo tcpdump -i any port 8080 -nn 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes

打开终端2执行上面的pkt测试脚本：

packetdrill test.pkt

这时终端1监测到的信息如下:

13:33:36.573132 IP 192.0.2.1.49941 > 192.168.22.185.8080: Flags [S], seq 0, win 4000, options [mss 1000], length 0
13:33:36.573542 IP 192.168.22.185.8080 > 192.0.2.1.49941: Flags [S.], seq 815367284, ack 1, win 29200, options [mss 1460], length 0
13:33:36.675100 IP 192.0.2.1.49941 > 192.168.22.185.8080: Flags [.], ack 1, win 1000, length 0
13:33:36.675187 IP 192.0.2.1.49941 > 192.168.22.185.8080: Flags [P.], seq 1:201, ack 0, win 4000, length 200: HTTP
13:33:36.675204 IP 192.168.22.185.8080 > 192.0.2.1.49941: Flags [.], ack 201, win 30000, length 0
13:33:36.675997 IP 192.168.22.185.8080 > 192.0.2.1.49941: Flags [R.], seq 1, ack 201, win 30000, length 0
13:33:36.676023 IP 192.0.2.1.49941 > 192.168.22.185.8080: Flags [R.], seq 201, ack 0, win 4000, length 0
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel