Wireshark數據包分析之TCP協議包解讀

*此篇博客僅作爲個人筆記和學習參考

三次握手建立連接(SYN標誌)

客戶端發送鏈接請求,此時處於等待確認狀態;服務端收到請求,迴應確認請求;最後客戶端確認;建立完畢，開始傳輸數據！

四次握手斷開連接(FIN標誌)

客戶端發送斷開請求,此時處於等待確認狀態;服務端收到請求,迴應確認請求,並再次確認是否斷開;客戶端最後確認;斷開鏈接！

TCP協議包首部格式

三次握手建立連接---分析

第一次握手(SYN)

Transmission Control Protocol, Src Port: 52777 (52777), Dst Port: http (80), Seq: 0, Len: 0
#TCP,源端口:52777,目標端口:80#
Source Port: 52777 (52777) #源端口#
Destination Port: http (80) #目標端口#
[Stream index: 1] #流節點號#
Sequence number: 0 (relative sequence number) #序列號#
Acknowledgment number: 0 #確認編號#
Header Length: 32 bytes #首部長度#
Flags: 0x002 (SYN) #標誌#

0. .... .... = Reserved: Not set
   ...0 .... .... = Nonce: Not set
   .... 0... .... = Congestion Window Reduced (CWR): Not set
   .... .0.. .... = ECN-Echo: Not set
   .... ..0. .... = Urgent: Not set #緊急指針#
   .... ...0 .... = Acknowledgment: Not set #確認編號#
   .... .... 0... = Push: Not set #緊急位#
   .... .... .0.. = Reset: Not set #重置#
   .... .... ..1. = Syn: Set #SYN標誌位#
   [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #專家信息#
   [Connection establish request (SYN): server port 80] #消息#
   [Severity level: Chat] #安全級別#
   [Group: Sequence] #組#
   .... .... ...0 = Fin: Not set #FIN標誌位#
   Window size value: 8192 #窗口大小#
   [Calculated window size: 8192] #估計的窗口大小#
   Checksum: 0x0a48 [unverified] #校驗和#
   Urgent pointer: 0 #緊急指針#
   Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #選項#
   Maximum segment size: 1460 bytes #最大段大小#
   No-Operation (NOP) #無操作指令#
   No-Operation (NOP) #無操作指令#
   No-Operation (NOP) #無操作指令#
   TCP SACK Permitted Option: True #TCP SACK允許選項#

   第二次握手(SYN/ACK)

   Transmission Control Protocol, Src Port: http (80), Dst Port: 52777 (52777), Seq: 0, Ack: 1, Len: 0
   #TCP,源端口:80,目標端口:52777#
   Source Port: http (80) #源端口#
   Destination Port: 52777 (52777) #目標端口#
   [Stream index: 1] #流節點號#
   Sequence number: 0 (relative sequence number) #序列號#
   Acknowledgment number: 1 (relative ack number) #確認編號#
   Header Length: 32 bytes #首部長度#
   Flags: 0x012 (SYN, ACK) #標誌#

1. .... .... = Reserved: Not set
   ...0 .... .... = Nonce: Not set
   .... 0... .... = Congestion Window Reduced (CWR): Not set
   .... .0.. .... = ECN-Echo: Not set
   .... ..0. .... = Urgent: Not set #緊急指針#
   .... ...1 .... = Acknowledgment: Not set #確認編號#
   .... .... 0... = Push: Not set #緊急位#
   .... .... .0.. = Reset: Not set #重置#
   .... .... ..1. = Syn: Set #SYN標誌位#
   [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #專家信息#
   [Connection establish request (SYN): server port 80] #消息#
   [Severity level: Chat] #安全級別#
   [Group: Sequence] #組#
   .... .... ...0 = Fin: Not set #FIN標誌位#
   Window size value: 8192 #窗口大小#
   [Calculated window size: 8192] #估計的窗口大小#
   Checksum: 0x0a48 [unverified] #校驗和#
   Urgent pointer: 0 #緊急指針#
   Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #選項#
   Maximum segment size: 1460 bytes #最大段大小#
   No-Operation (NOP) #無操作指令#
   No-Operation (NOP) #無操作指令#
   No-Operation (NOP) #無操作指令#
   TCP SACK Permitted Option: True #TCP SACK允許選項#
   [SEQ/ACK analysis] #序列號 確認編號分析#
   [This is an ACK to the segment in frame: 4]
   [The RTT to ACK the segment was: 0.170392000 seconds]
   [iRTT: 0.170478000 seconds]

   第三次握手(ACK)

   Transmission Control Protocol, Src Port: 52777 (52777), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
   #TCP,源端口:52777,目標端口:80#
   Source Port: 52777 (52777) #源端口#
   Destination Port: http (80) #目標端口#
   [Stream index: 1] #流節點號#
   Sequence number: 0 (relative sequence number) #序列號#
   Acknowledgment number: 0 #確認編號#
   Header Length: 32 bytes #首部長度#
   Flags: 0x010 (ACK) #標誌#

2. .... .... = Reserved: Not set
   ...0 .... .... = Nonce: Not set
   .... 0... .... = Congestion Window Reduced (CWR): Not set
   .... .0.. .... = ECN-Echo: Not set
   .... ..0. .... = Urgent: Not set #緊急指針#
   .... ...1 .... = Acknowledgment: Not set #確認編號#
   .... .... 0... = Push: Not set #緊急位#
   .... .... .0.. = Reset: Not set #重置#
   .... .... ..0. = Syn: Set #SYN標誌位#
   [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #專家信息#
   [Connection establish request (SYN): server port 80] #消息#
   [Severity level: Chat] #安全級別#
   [Group: Sequence] #組#
   .... .... ...0 = Fin: Not set #FIN標誌位#
   Window size value: 8192 #窗口大小#
   [Calculated window size: 8192] #估計的窗口大小#
   Checksum: 0x0a48 [unverified] #校驗和#
   Urgent pointer: 0 #緊急指針#
   Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #選項#
   Maximum segment size: 1460 bytes #最大段大小#
   No-Operation (NOP) #無操作指令#
   No-Operation (NOP) #無操作指令#
   No-Operation (NOP) #無操作指令#
   TCP SACK Permitted Option: True #TCP SACK允許選項#
   [SEQ/ACK analysis] #序列號 確認編號分析#
   [This is an ACK to the segment in frame: 13]
   [The RTT to ACK the segment was: 0.000061000 seconds]
   [iRTT: 0.168388000 seconds]

四次握手斷開連接---分析

基本同上，SYN變成FIN，值爲1；
Flags: 0x011 (FIN, ACK)

0. .... .... = Reserved: Not set
   ...0 .... .... = Nonce: Not set
   .... 0... .... = Congestion Window Reduced (CWR): Not set
   .... .0.. .... = ECN-Echo: Not set
   .... ..0. .... = Urgent: Not set
   .... ...1 .... = Acknowledgment: Set
   .... .... 0... = Push: Not set
   .... .... .0.. = Reset: Not set
   .... .... ..0. = Syn: Not set
   .... .... ...1 = Fin: Set

TCP重置---分析

基本同上，SYN變成RST，值爲1；
Flags: 0x014 (RST, ACK)

0. .... .... = Reserved: Not set
   ...0 .... .... = Nonce: Not set
   .... 0... .... = Congestion Window Reduced (CWR): Not set
   .... .0.. .... = ECN-Echo: Not set
   .... ..0. .... = Urgent: Not set
   .... ...1 .... = Acknowledgment: Set
   .... .... 0... = Push: Not set
   .... .... .1.. = Reset: Set