❤️💕💕计算机网络--TCP/IP 学习。Myblog:http://nsddd.top
[TOC]
TCP 算是最复杂的协议之一了,基于TCP的应用层协议非常多
模拟TCP连接最简单的方式就是使用xshell连接远程linux,就会捕捉到完整的三次握手。
1475 316.527612 192.168.139.29 110.42.175.115 TCP 54 63164 → 22 [FIN, ACK] Seq=3343 Ack=4478 Win=130816 Len=0
1476 316.563632 110.42.175.115 192.168.139.29 TCP 54 22 → 63164 [ACK] Seq=4478 Ack=3344 Win=37632 Len=0
1477 316.565597 110.42.175.115 192.168.139.29 TCP 54 22 → 63164 [FIN, ACK] Seq=4478 Ack=3344 Win=37632 Len=0原端口63164,目标端口22,这个原端口是客户端的一个随机端口,一般来说
>5000的端口号不是常用的端口,所以随机端口也是如此。
- Sequence Number:序列号
- Acknowledgment Number:确认序列号
- Flags:标志位
- Header Length:头部长度
- Checksum:校验和,校验数据包的完整性
- Flags: 0x011 (FIN, ACK):第一次握手
- [TCP Flags: ·······A···F]:A = ACK
Frame 1475: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{17CC1A62-8145-46E6-9DB3-739B55186EEA}, id 0
Ethernet II, Src: 66:0d:c5:75:2c:44 (66:0d:c5:75:2c:44), Dst: 76:d6:83:47:29:43 (76:d6:83:47:29:43)
Internet Protocol Version 4, Src: 192.168.139.29, Dst: 110.42.175.115
Transmission Control Protocol, Src Port: 63164, Dst Port: 22, Seq: 3343, Ack: 4478, Len: 0
Source Port: 63164
Destination Port: 22
[Stream index: 30]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 3343 (relative sequence number)
Sequence Number (raw): 1409613353
[Next Sequence Number: 3344 (relative sequence number)]
Acknowledgment Number: 4478 (relative ack number)
Acknowledgment number (raw): 3908234668
0101 .... = Header Length: 20 bytes (5)
Flags: 0x011 (FIN, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
[TCP Flags: ·······A···F]
[Expert Info (Note/Sequence): This frame initiates the connection closing]
[This frame initiates the connection closing]
[Severity level: Note]
[Group: Sequence]
Window: 511
[Calculated window size: 130816]
[Window size scaling factor: 256]
Checksum: 0x697e [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 195.942889000 seconds]
[Time since previous frame in this TCP stream: 0.000687000 seconds]
- This is an ACK to the segment in frame: 确认1475的
- [TCP Flags: ·······A····]:A=ACK
Frame 1476: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{17CC1A62-8145-46E6-9DB3-739B55186EEA}, id 0
Ethernet II, Src: 76:d6:83:47:29:43 (76:d6:83:47:29:43), Dst: 66:0d:c5:75:2c:44 (66:0d:c5:75:2c:44)
Internet Protocol Version 4, Src: 110.42.175.115, Dst: 192.168.139.29
Transmission Control Protocol, Src Port: 22, Dst Port: 63164, Seq: 4478, Ack: 3344, Len: 0
Source Port: 22
Destination Port: 63164
[Stream index: 30]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 4478 (relative sequence number)
Sequence Number (raw): 3908234668
[Next Sequence Number: 4478 (relative sequence number)]
Acknowledgment Number: 3344 (relative ack number)
Acknowledgment number (raw): 1409613354
0101 .... = Header Length: 20 bytes (5)
Flags: 0x010 (ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window: 294
[Calculated window size: 37632]
[Window size scaling factor: 128]
Checksum: 0x25a9 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 195.978909000 seconds]
[Time since previous frame in this TCP stream: 0.036020000 seconds]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1475]
[The RTT to ACK the segment was: 0.036020000 seconds]
[iRTT: 0.044892000 seconds]
- ACK
- This is an ACK to the segment in frame:确认1477的
- Sequence Number:上一帧的确认序号
- Flags: 0x010 (ACK):第三次握手
Frame 1478: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{17CC1A62-8145-46E6-9DB3-739B55186EEA}, id 0
Ethernet II, Src: 66:0d:c5:75:2c:44 (66:0d:c5:75:2c:44), Dst: 76:d6:83:47:29:43 (76:d6:83:47:29:43)
Internet Protocol Version 4, Src: 192.168.139.29, Dst: 110.42.175.115
Transmission Control Protocol, Src Port: 63164, Dst Port: 22, Seq: 3344, Ack: 4479, Len: 0
Source Port: 63164
Destination Port: 22
[Stream index: 30]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 3344 (relative sequence number)
Sequence Number (raw): 1409613354
[Next Sequence Number: 3344 (relative sequence number)]
Acknowledgment Number: 4479 (relative ack number)
Acknowledgment number (raw): 3908234669
0101 .... = Header Length: 20 bytes (5)
Flags: 0x010 (ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window: 511
[Calculated window size: 130816]
[Window size scaling factor: 256]
Checksum: 0x697e [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 195.980942000 seconds]
[Time since previous frame in this TCP stream: 0.000068000 seconds]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1477]
[The RTT to ACK the segment was: 0.000068000 seconds]
[iRTT: 0.044892000 seconds]
WireShark支持通过图表显示的更加清晰
31 0.251466 2a01:111:2003::52 240e:45d:ac30:296:fd26:30f5:4e8f:6da6 TCP 74 80 → 64455 [FIN, ACK] Seq=538 Ack=113 Win=4194816 Len=0
32 0.251572 240e:45d:ac30:296:fd26:30f5:4e8f:6da6 2a01:111:2003::52 TCP 74 64455 → 80 [ACK] Seq=113 Ack=539 Win=130560 Len=0
33 0.251773 240e:45d:ac30:296:fd26:30f5:4e8f:6da6 2a01:111:2003::52 TCP 74 64455 → 80 [FIN, ACK] Seq=113 Ack=539 Win=130560 Len=0
34 0.377119 2a01:111:2003::52 240e:45d:ac30:296:fd26:30f5:4e8f:6da6 TCP 74 80 → 64455 [ACK] Seq=539 Ack=114 Win=4194816 Len=0
四次挥手可以是客户端先断开连接,也可以是服务器先断开连接,我使用的是客户端exit,这个虽然是在客户端上面做的,但是实际上是服务端先断开的
- 第一次挥手,服务端先发送一个$$ FIN+ACK$$,表示自己没有数据要发送了,想要断开连接
- 第二次挥手,客户端收到断开请求,就知道不会再有数据从服务端传来,想要发送ACK进行确认,确认序号为收到序号+1(与SYN相同,一个FIN占用一个序号)
- 第三次挥手,客户端发送$$FIN+ACK$$给对方,表示自己没有数据要发送了,客户端进入$$LAST_ACK$$状态,然后直接断开TCP会话的连接,释放相对应的资源
- 第四次挥手,服务端收到了客户端的$$FIN$$信号后,进入$$TIMED_WAIT$$状态,并且发送ACK确认消息,等待一段时间后,如果没有数据到来,就会认为对方已经收到了自己发送的ACK并且正确关闭了进入close状态,自己也断开了TCP连接,最后释放并且销毁资源。