1、浏览网页数据报文
截图如下:
No. Time Source Destination Protocol Info
351 199.346792 58.218.3.215 119.75.218.45 TCP dectalk > http [ACK] Seq=1 Ack=1 Win=65535 Len=0
Frame 351 (54 bytes on wire, 54 bytes captured)
Arrival Time: Dec 18, 2010 23:10:30.152304000
[Time delta from previous captured frame: 0.000065000 seconds]
[Time delta from previous displayed frame: 0.000065000 seconds]
[Time since reference or first frame: 199.346792000 seconds]
Frame Number: 351
Frame Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: CompalIn_29:bd:20 (70:5a:b6:29:bd:20), Dst: LinkageS_04:d6:00 (00:09:53:04:d6:00)
Destination: LinkageS_04:d6:00 (00:09:53:04:d6:00)
Address: LinkageS_04:d6:00 (00:09:53:04:d6:00)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: CompalIn_29:bd:20 (70:5a:b6:29:bd:20)
Address: CompalIn_29:bd:20 (70:5a:b6:29:bd:20)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 58.218.3.215 (58.218.3.215), Dst: 119.75.218.45 (119.75.218.45)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x3486 (13446)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7620 [correct]
[Good: True]
[Bad : False]
Source: 58.218.3.215 (58.218.3.215)
Destination: 119.75.218.45 (119.75.218.45)
Transmission Control Protocol, Src Port: dectalk (2007), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: dectalk (2007)
Destination port: http (80)
[Stream index: 60]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xd1ed [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 350]
[The RTT to ACK the segment was: 0.000065000 seconds]
分析以上报文知:
以太帧格式部分:
终止地址是:00:09:53:04:d6:00 源点地址是:70:5a:b6:29:bd:20
帧格式类型码为:0x0800
IP数据报格式及首部各字段:
版本号:4 首部长度:20 bytes
服务类型:0x00 总长度:40
标识:0x3486 (13446) 标志:0x02
偏移:0 生存期: 64
协议:TCP (0x06) 首部校验和:0x7620 [correct]
源IP:58.218.3.215 目的IP:119.75.218.45
传输层协议,TCP字段:
源端口:2007 目的端口:80
序列号:1 确认序列号:1
首部长度:20 bytes 标志:0x10 (ACK)
窗口大小:65535 检验和:0xd1ed
2、即时通信
截图如下:
No. Time Source Destination Protocol Info
1198 1261.306972 58.218.3.215 121.233.61.180 TCP down > 49383 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=3 TSV=0 TSER=0
Frame 1198 (78 bytes on wire, 78 bytes captured)
Arrival Time: Dec 18, 2010 23:28:12.112484000
[Time delta from previous captured frame: 0.000083000 seconds]
[Time delta from previous displayed frame: 0.000083000 seconds]
[Time since reference or first frame: 1261.306972000 seconds]
Frame Number: 1198
Frame Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: CompalIn_29:bd:20 (70:5a:b6:29:bd:20), Dst: LinkageS_04:d6:00 (00:09:53:04:d6:00)
Destination: LinkageS_04:d6:00 (00:09:53:04:d6:00)
Address: LinkageS_04:d6:00 (00:09:53:04:d6:00)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: CompalIn_29:bd:20 (70:5a:b6:29:bd:20)
Address: CompalIn_29:bd:20 (70:5a:b6:29:bd:20)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 58.218.3.215 (58.218.3.215), Dst: 121.233.61.180 (121.233.61.180)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x35db (13787)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x4e8f [correct]
[Good: True]
[Bad : False]
Source: 58.218.3.215 (58.218.3.215)
Destination: 121.233.61.180 (121.233.61.180)
Transmission Control Protocol, Src Port: down (2022), Dst Port: 49383 (49383), Seq: 0, Ack: 1, Len: 0
Source port: down (2022)
Destination port: 49383 (49383)
[Stream index: 116]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 44 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port down]
[Message: Connection establish acknowledge (SYN+ACK): server port down]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xa7eb [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 3 (multiply by 8)
NOP
NOP
Timestamps: TSval 0, TSecr 0
NOP
NOP
SACK permitted
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1197]
[The RTT to ACK the segment was: 0.000083000 seconds]
分析以上报文知:
以太帧格式部分:
终止地址是:00:09:53:04:d6:00 源点地址是:70:5a:b6:29:bd:20
帧格式类型码为:0x0800
IP数据报格式及首部各字段:
版本号:4 首部长度:20 bytes
服务类型:0x00 总长度:64
标识:0x35db (13787) 标志:0x00
偏移:0 生存期: 64
协议:TCP (0x06) 首部校验和:0x4e8f [correct]
源IP:58.218.3.215 目的IP:121.233.61.180
传输层协议,TCP字段:
源端口:2022 目的端口:49383
序列号:0 确认序列号:1
首部长度:44 bytes 标志:0x12(SYN,ACK)
窗口大小:65535 检验和:0xa7eb
3、TCP建立与断开连接
1) 三次握手截图如下:
第一次握手:请求端(客户端)会向服务端(被请求端)发送一个tcp报文,申请打开某一个端口。因为没有数据,所以这个报文仅包含一个tcp头。其中:
客户端发送一个TCP的SYN标志位置1的包指明客户打算连接的服务器的端口,以及初始序号0,保存在包头的序列号(Sequence Number)字段里。序号用来标识从客户端向服务端发送的数据字节流。此时客户端进入SYN_SENT状态。
第二次握手:服务端收到客户端的SYN包,也会发一个只包含tcp头的报文给客户端。即:
SYN标志位和ACK标志位均为1,同时将确认序号(Acknowledgement Number)设置为客户的SYN加1作为应答。此时服务端进入SYN_RECV状态。
第三次握手:客户端再次发送确认包(ACK) SYN标志位为0,ACK标志位为1,并把服务器发来ACK的序号字段+1,放在确定字段中发送给对方。ACK=1;客户端确认收到信息,确认序号;服务端序号+1,作为应答。此时客户端进入ESTABLISHED状态,服务端收到ACK后也会进入此状态。
可见,客户端和服务端都保留了对方的序号,这三次握手缺少任何一步都无法实现这一目标。
2) 四次握手截图如下:
第一次握手: 客户端发送一个FIN(这个客户端是主动发起关闭的一端,与建立连接时的客户端不一定是同一主机)此时客户端进入FIN_WAIT_1状态;
第二次握手: 服务端收到FIN,发回客户端一个ACK,确认序号为收到的序号加1(因为FIN和SYN一样,会占用一个序号);客户端收到ACK之后会进入FIN_WAIT_2状态,服务端会进入CLOSE_WAIT状态;
第三次握手: 服务端发送给客户端一个FIN。服务端进入LAST_ACK状态;
第四次握手:客户端收到FIN,发回服务端一个ACK,确认序号为收到的序号加1;客户端会进入TIME_WAIT状态,2MSL超时后进入CLOSE状态。服务端收到ACK后也会进入CLOSE状态。
分析两种握手:
之所以建立连接时时三次握手,而拆除连接时是四次握手时因为,建立连接时,服务端可以把应答
ACK
和同步
SYN
放在一个报文里进行发送;而关闭连接时,收到
FIN
通知仅仅表示对方没有数据发送过来了,并不表示自己的数据全部发送给了对方。所以
ACK
和
FIN
是分了两次进行发送。如果服务端收到
FIN
,恰恰自己也没有数据要发,这样就可以少一次数据流了。
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
