一、客户端数据分析：

spu@spu:~/code/pcap$ tcpdump -r client_all.pcap -X
reading from file client_all.pcap, link-type EN10MB (Ethernet)
17:58:56.346748 IP 192.168.1.178.55814 > 192.168.1.117.socks: Flags [S], seq 2615205588, win 64240, options [mss 1460,sackOK,TS val 2960015764 ecr 0,nop,wscale 7], length 00x0000:  4500 003c 6c75 4000 4006 49cf c0a8 01b2  E..<lu@.@.I.....0x0010:  c0a8 0175 da06 0438 9be0 ded4 0000 0000  ...u...8........0x0020:  a002 faf0 7da0 0000 0204 05b4 0402 080a  ....}...........0x0030:  b06e 4194 0000 0000 0103 0307            .nA.........
17:58:56.354743 IP 192.168.1.117.socks > 192.168.1.178.55814: Flags [S.], seq 3996464281, ack 2615205589, win 65160, options [mss 1460,sackOK,TS val 902936060 ecr 2960015764,nop,wscale 7], length 00x0000:  4500 003c 0000 4000 4006 b644 c0a8 0175  E..<..@.@..D...u0x0010:  c0a8 01b2 0438 da06 ee35 3499 9be0 ded5  .....8...54.....0x0020:  a012 fe88 6b5a 0000 0204 05b4 0402 080a  ....kZ..........0x0030:  35d1 b5fc b06e 4194 0103 0307            5....nA.....
17:58:56.354773 IP 192.168.1.178.55814 > 192.168.1.117.socks: Flags [.], ack 1, win 502, options [nop,nop,TS val 2960015772 ecr 902936060], length 00x0000:  4500 0034 6c76 4000 4006 49d6 c0a8 01b2  E..4lv@.@.I.....0x0010:  c0a8 0175 da06 0438 9be0 ded5 ee35 349a  ...u...8.....54.0x0020:  8010 01f6 96b1 0000 0101 080a b06e 419c  .............nA.0x0030:  35d1 b5fc                                5...

spu@spu:~/code/containrc$ ./test/pcap_parse ../pcap/client_all.pcap
Capturing packets from ../pcap/client_all.pcap...
Source IP: 192.168.1.178, Destination IP: 192.168.1.117 syn 1 ack 0 check a07d seq 9be0ded4 ack_seq 0
Source IP: 192.168.1.117, Destination IP: 192.168.1.178 syn 1 ack 1 check 5a6b seq ee353499 ack_seq 9be0ded5
Source IP: 192.168.1.178, Destination IP: 192.168.1.117 syn 0 ack 1 check b196 seq 9be0ded5 ack_seq ee35349a

二、服务端数据分析：

spu@spu:~/code/pcap$ tcpdump -r server_all.pcap -X
reading from file server_all.pcap, link-type EN10MB (Ethernet)
17:58:47.812796 ARP, Request who-has 192.168.1.178 tell 192.168.1.1, length 460x0000:  0001 0800 0604 0001 7439 8998 c0f9 c0a8  ........t9......0x0010:  0101 0000 0000 0000 c0a8 01b2 0000 0000  ................0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............
17:58:57.302898 IP 192.168.1.178.55814 > 192.168.1.117.socks: Flags [S], seq 2615205588, win 64240, options [mss 1460,sackOK,TS val 2960015764 ecr 0,nop,wscale 7], length 00x0000:  4500 003c 6c75 4000 4006 49cf c0a8 01b2  E..<lu@.@.I.....0x0010:  c0a8 0175 da06 0438 9be0 ded4 0000 0000  ...u...8........0x0020:  a002 faf0 7da0 0000 0204 05b4 0402 080a  ....}...........0x0030:  b06e 4194 0000 0000 0103 0307            .nA.........
17:58:57.302957 IP 192.168.1.117.socks > 192.168.1.178.55814: Flags [S.], seq 3996464281, ack 2615205589, win 65160, options [mss 1460,sackOK,TS val 902936060 ecr 2960015764,nop,wscale 7], length 00x0000:  4500 003c 0000 4000 4006 b644 c0a8 0175  E..<..@.@..D...u0x0010:  c0a8 01b2 0438 da06 ee35 3499 9be0 ded5  .....8...54.....0x0020:  a012 fe88 84a6 0000 0204 05b4 0402 080a  ................0x0030:  35d1 b5fc b06e 4194 0103 0307            5....nA.....
17:58:57.312199 IP 192.168.1.178.55814 > 192.168.1.117.socks: Flags [.], ack 1, win 502, options [nop,nop,TS val 2960015772 ecr 902936060], length 00x0000:  4500 0034 6c76 4000 4006 49d6 c0a8 01b2  E..4lv@.@.I.....0x0010:  c0a8 0175 da06 0438 9be0 ded5 ee35 349a  ...u...8.....54.0x0020:  8010 01f6 96b1 0000 0101 080a b06e 419c  .............nA.0x0030:  35d1 b5fc                                5...

spu@spu:~/code/containrc$ ./test/pcap_parse ../pcap/server_all.pcap
Capturing packets from ../pcap/server_all.pcap...
Source IP: 192.168.1.178, Destination IP: 192.168.1.117 syn 1 ack 0 check a07d seq 9be0ded4 ack_seq 0
Source IP: 192.168.1.117, Destination IP: 192.168.1.178 syn 1 ack 1 check a684 seq ee353499 ack_seq 9be0ded5
Source IP: 192.168.1.178, Destination IP: 192.168.1.117 syn 0 ack 1 check b196 seq 9be0ded5 ack_seq ee35349a

这里服务端发送的syn ack数据包的check 与客户端收到的syn ack数据包的check 不知道为什么不同。