*此篇博客僅作爲個人筆記和學習參考
三次握手建立連接(SYN標誌)
客戶端發送鏈接請求,此時處於等待確認狀態;服務端收到請求,迴應確認請求;最後客戶端確認;建立完畢,開始傳輸數據!
四次握手斷開連接(FIN標誌)
客戶端發送斷開請求,此時處於等待確認狀態;服務端收到請求,迴應確認請求,並再次確認是否斷開;客戶端最後確認;斷開鏈接!
TCP協議包首部格式
三次握手建立連接---分析
第一次握手(SYN)
Transmission Control Protocol, Src Port: 52777 (52777), Dst Port: http (80), Seq: 0, Len: 0
#TCP,源端口:52777,目標端口:80#
Source Port: 52777 (52777) #源端口#
Destination Port: http (80) #目標端口#
[Stream index: 1] #流節點號#
Sequence number: 0 (relative sequence number) #序列號#
Acknowledgment number: 0 #確認編號#
Header Length: 32 bytes #首部長度#
Flags: 0x002 (SYN) #標誌#
- .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set #緊急指針#
.... ...0 .... = Acknowledgment: Not set #確認編號#
.... .... 0... = Push: Not set #緊急位#
.... .... .0.. = Reset: Not set #重置#
.... .... ..1. = Syn: Set #SYN標誌位#
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #專家信息#
[Connection establish request (SYN): server port 80] #消息#
[Severity level: Chat] #安全級別#
[Group: Sequence] #組#
.... .... ...0 = Fin: Not set #FIN標誌位#
Window size value: 8192 #窗口大小#
[Calculated window size: 8192] #估計的窗口大小#
Checksum: 0x0a48 [unverified] #校驗和#
Urgent pointer: 0 #緊急指針#
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #選項#
Maximum segment size: 1460 bytes #最大段大小#
No-Operation (NOP) #無操作指令#
No-Operation (NOP) #無操作指令#
No-Operation (NOP) #無操作指令#
TCP SACK Permitted Option: True #TCP SACK允許選項#第二次握手(SYN/ACK)
Transmission Control Protocol, Src Port: http (80), Dst Port: 52777 (52777), Seq: 0, Ack: 1, Len: 0
#TCP,源端口:80,目標端口:52777#
Source Port: http (80) #源端口#
Destination Port: 52777 (52777) #目標端口#
[Stream index: 1] #流節點號#
Sequence number: 0 (relative sequence number) #序列號#
Acknowledgment number: 1 (relative ack number) #確認編號#
Header Length: 32 bytes #首部長度#
Flags: 0x012 (SYN, ACK) #標誌#- .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set #緊急指針#
.... ...1 .... = Acknowledgment: Not set #確認編號#
.... .... 0... = Push: Not set #緊急位#
.... .... .0.. = Reset: Not set #重置#
.... .... ..1. = Syn: Set #SYN標誌位#
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #專家信息#
[Connection establish request (SYN): server port 80] #消息#
[Severity level: Chat] #安全級別#
[Group: Sequence] #組#
.... .... ...0 = Fin: Not set #FIN標誌位#
Window size value: 8192 #窗口大小#
[Calculated window size: 8192] #估計的窗口大小#
Checksum: 0x0a48 [unverified] #校驗和#
Urgent pointer: 0 #緊急指針#
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #選項#
Maximum segment size: 1460 bytes #最大段大小#
No-Operation (NOP) #無操作指令#
No-Operation (NOP) #無操作指令#
No-Operation (NOP) #無操作指令#
TCP SACK Permitted Option: True #TCP SACK允許選項#
[SEQ/ACK analysis] #序列號 確認編號分析#
[This is an ACK to the segment in frame: 4]
[The RTT to ACK the segment was: 0.170392000 seconds]
[iRTT: 0.170478000 seconds]第三次握手(ACK)
Transmission Control Protocol, Src Port: 52777 (52777), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
#TCP,源端口:52777,目標端口:80#
Source Port: 52777 (52777) #源端口#
Destination Port: http (80) #目標端口#
[Stream index: 1] #流節點號#
Sequence number: 0 (relative sequence number) #序列號#
Acknowledgment number: 0 #確認編號#
Header Length: 32 bytes #首部長度#
Flags: 0x010 (ACK) #標誌#- .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set #緊急指針#
.... ...1 .... = Acknowledgment: Not set #確認編號#
.... .... 0... = Push: Not set #緊急位#
.... .... .0.. = Reset: Not set #重置#
.... .... ..0. = Syn: Set #SYN標誌位#
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #專家信息#
[Connection establish request (SYN): server port 80] #消息#
[Severity level: Chat] #安全級別#
[Group: Sequence] #組#
.... .... ...0 = Fin: Not set #FIN標誌位#
Window size value: 8192 #窗口大小#
[Calculated window size: 8192] #估計的窗口大小#
Checksum: 0x0a48 [unverified] #校驗和#
Urgent pointer: 0 #緊急指針#
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #選項#
Maximum segment size: 1460 bytes #最大段大小#
No-Operation (NOP) #無操作指令#
No-Operation (NOP) #無操作指令#
No-Operation (NOP) #無操作指令#
TCP SACK Permitted Option: True #TCP SACK允許選項#
[SEQ/ACK analysis] #序列號 確認編號分析#
[This is an ACK to the segment in frame: 13]
[The RTT to ACK the segment was: 0.000061000 seconds]
[iRTT: 0.168388000 seconds]
四次握手斷開連接---分析
基本同上,SYN變成FIN,值爲1;
Flags: 0x011 (FIN, ACK)
- .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...1 = Fin: Set
TCP重置---分析
基本同上,SYN變成RST,值爲1;
Flags: 0x014 (RST, ACK)
- .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set