wireshark tcp協議
工具:wireshark
顯示過濾器VS捕獲過濾器
顧名思義,顯示過濾器是針對結果的顯示過濾,捕獲過濾器是針對捕獲過程當中的過濾。tcp
tcp stream理解
根據 IP_1:Port_1 - IP_2:Port_2的惟一標識,可能dns或者udp或者其協議也用。
可是能夠理解到的重點應該是,從一個鏈接的握手到keep alive 到fin,這個tcp stream index是不變的。好比下面的三次握手和四次揮手 tcp stream 都爲10 (用 tcp stream index eq 10便可),這個與右擊某個包數據-追蹤流,效果一致。工具
設置爲絕對序列號
tcp是字節流,每一個字節一個編號。注意此序列號爲當前數據包數據第一個字節的序號。序列號32位,因此2的32次方個字節最大(考慮迴流問題?),另外實際抓包是各自端的數據數據第一個字節對應的序列號,這樣就能夠對發送的每個字節數據進行編號了。另外若是有tcp分片,seq格式就是當前seq:下一個seqthis
三次握手
先放出tcp報文
注意wireshark的包內容中帶[]的應該爲該軟件自定義補充內容,其餘爲tcp報文中對應內容。好比 [Stream index: 10]這個東東就是她本身calucate出來的spa
第一次握手
客戶端發送syn,客戶端說個人初始序列號是79994848,我要和你好。.net
Transmission Control Protocol, Src Port: 55148, Dst Port: 443, Seq: 79994848, Len: 0
Source Port: 55148
Destination Port: 443
[Stream index: 10]
[TCP Segment Len: 0]
Sequence number: 79994848
[Next sequence number: 79994848]
Acknowledgment number: 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 64240
[Calculated window size: 64240]
Checksum: 0xe207 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
[Timestamps]
[Time since first frame in this TCP stream: 0.000000000 seconds]
[Time since previous frame in this TCP stream: 0.000000000 seconds]
第二次握手
服務端發送 syn 和ack:服務端說我也 想和你好,個人初始序列號是907180931,下次我但願你發出的的是 79994849 。注意這個79994849 是確認號,表明接收方指望收到發送方下個報文段的第一個字節數據的字節編號(下同)code
Transmission Control Protocol, Src Port: 443, Dst Port: 55148, Seq: 907180931, Ack: 79994849, Len: 0
Source Port: 443
Destination Port: 55148
[Stream index: 10]
[TCP Segment Len: 0]
Sequence number: 907180931
[Next sequence number: 907180931]
Acknowledgment number: 79994849
1000 .... = Header Length: 32 bytes (8)
Flags: 0x012 (SYN, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A··S·]
Window size value: 14600
[Calculated window size: 14600]
Checksum: 0xf24a [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 440]
[The RTT to ACK the segment was: 0.003146000 seconds]
[iRTT: 0.003200000 seconds]
[Timestamps]
[Time since first frame in this TCP stream: 0.003146000 seconds]
[Time since previous frame in this TCP stream: 0.003146000 seconds]
第三次握手
客戶端ack說好的,我給你發79994849,咱倆好了,我但願你給我發的是907180932。blog
Transmission Control Protocol, Src Port: 55148, Dst Port: 443, Seq: 79994849, Ack: 907180932, Len: 0
Source Port: 55148
Destination Port: 443
[Stream index: 10]
[TCP Segment Len: 0]
Sequence number: 79994849
[Next sequence number: 79994849]
Acknowledgment number: 907180932
0101 .... = Header Length: 20 bytes (5)
Flags: 0x010 (ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window size value: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0x6b25 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 442]
[The RTT to ACK the segment was: 0.000054000 seconds]
[iRTT: 0.003200000 seconds]
[Timestamps]
[Time since first frame in this TCP stream: 0.003200000 seconds]
[Time since previous frame in this TCP stream: 0.000054000 seconds]
四次揮手
相關文章
- 1. Wireshark抓包-TCP協議包
- 2. Wireshark協議分析之TCP
- 3. wireshark實戰之:TCP協議
- 4. WireShark捕獲報文理解TCP協議
- 5. wireshark 抓包分析 TCP協議
- 6. wireshark抓包分析——TCP/IP協議
- 7. Wireshark分析驗證TCP協議
- 8. Wireshark實戰分析之TCP協議(二)
- 9. 使用wireshark分析TCP及UDP協議
- 10. Wireshark實戰分析之TCP協議
- 更多相關文章...
- • 使用TCP協議檢測防火牆 - TCP/IP教程
- • Swift 協議 - Swift 教程
- • 適用於PHP初學者的學習線路和建議
- • Flink 數據傳輸及反壓詳解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. Window下Ribbit MQ安裝
- 2. Linux下Redis安裝及集羣搭建
- 3. shiny搭建網站填坑戰略
- 4. Mysql8.0.22安裝與配置詳細教程
- 5. Hadoop安裝及配置
- 6. Python爬蟲初學筆記
- 7. 部署LVS-Keepalived高可用集羣
- 8. keepalived+mysql高可用集羣
- 9. jenkins 公鑰配置
- 10. HA實用詳解
歡迎關注本站公眾號,獲取更多信息
