您的位置:首页 > 理论基础 > 计算机网络

简要分析并搞懂9个tcp基础包------三次握手 + 发送数据并收到确认 + 四次挥手

stpeace 2017-07-01 17:24 44 查看
        之前我们说过tcp三次握手(3个tcp包), 说过send函数(2个tcp包), 说过四次挥手(4个tcp包), 本文中, 我们来看看, 这9个包到底是怎样的!

        服务端代码:

#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#include <malloc.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <stdarg.h>
#include <fcntl.h>

int main()
{
int sockSrv = socket(AF_INET, SOCK_STREAM, 0);

struct sockaddr_in addrSrv;
addrSrv.sin_family = AF_INET;
addrSrv.sin_addr.s_addr = INADDR_ANY;
addrSrv.sin_port = htons(8765);

bind(sockSrv, (const struct sockaddr *)&addrSrv, sizeof(struct sockaddr_in));

listen(sockSrv, 5);

struct sockaddr_in addrClient;
int len = sizeof(struct sockaddr_in);

int sockConn = accept(sockSrv, (struct sockaddr *)&addrClient, (socklen_t*)&len);

unsigned int total = 0;
char szRecvBuf[128] = {0};
int iRet = recv(sockConn, szRecvBuf, sizeof(szRecvBuf) - 1, 0);
printf("iRet is %u\n", iRet);

getchar();

close(sockConn);
close(sockSrv);

return 0;
}
      客户端代码:
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#include <malloc.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <stdarg.h>
#include <fcntl.h>

int main()
{
int sockClient = socket(AF_INET, SOCK_STREAM, 0);

struct sockaddr_in addrSrv;
addrSrv.sin_addr.s_addr = inet_addr("10.100.70.140");
addrSrv.sin_family = AF_INET;
addrSrv.sin_port = htons(8765);
connect(sockClient, ( const struct sockaddr *)&addrSrv, sizeof(struct sockaddr_in));

char szSendBuf[] = "abc";
int iRet = send(sockClient, szSendBuf, strlen(szSendBuf) , 0);
printf("send size is %d, iRet is %d\n", strlen(szSendBuf), iRet);

getchar();

close(sockClient);

return 0;
}
       先启动服务端, 再启动客户端, 这样就有了3个握手包,发送数据产生2个包。 然后客户端主动关socket, 服务端随即关socket,  产生4个对应的挥手包。 抓包如下:
xxxxxx$ sudo tcpdump -iany port 8765 -Xnlps0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
16:12:04.575911 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [S], seq 3601264859, win 14280, options [mss 1428,sackOK,TS val 1252765388 ecr 0,nop,wscale 8], length 0
0x0000:  4500 003c 5e17 4000 4006 3ac6 0a64 468b  E..<^.@.@.:..dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0db 0000 0000  .dF..?"=........
0x0020:  a002 37c8 a20d 0000 0204 0594 0402 080a  ..7.............
0x0030:  4aab aecc 0000 0000 0103 0308 0000 0000  J...............
0x0040:  0000 0000 0000 0000 0000 0000            ............
16:12:04.576110 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [S.], seq 2317573919, ack 3601264860, win 14160, options [mss 1428,sackOK,TS val 1252764147 ecr 1252765388,nop,wscale 8], length 0
0x0000:  4500 003c 0000 4000 4006 98dd 0a64 468c  E..<..@.@....dF.
0x0010:  0a64 468b 223d 9f3f 8a23 5f1f d6a6 f0dc  .dF."=.?.#_.....
0x0020:  a012 3750 0e86 0000 0204 0594 0402 080a  ..7P............
0x0030:  4aab a9f3 4aab aecc 0103 0308 0000 0000  J...J...........
0x0040:  0000 0000 0000 0000 0000 0000            ............
16:12:04.576132 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [.], ack 1, win 56, options [nop,nop,TS val 1252765388 ecr 1252764147], length 0
0x0000:  4500 0034 5e18 4000 4006 3acd 0a64 468b  E..4^.@.@.:..dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0dc 8a23 5f20  .dF..?"=.....#_.
0x0020:  8010 0038 a205 0000 0101 080a 4aab aecc  ...8........J...
0x0030:  4aab a9f3 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....
16:12:04.576228 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [P.], seq 1:4, ack 1, win 56, options [nop,nop,TS val 1252765388 ecr 1252764147], length 3
0x0000:  4500 0037 5e19 4000 4006 3ac9 0a64 468b  E..7^.@.@.:..dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0dc 8a23 5f20  .dF..?"=.....#_.
0x0020:  8018 0038 a208 0000 0101 080a 4aab aecc  ...8........J...
0x0030:  4aab a9f3 6162 6300 0000 0000 0000 0000  J...abc.........
0x0040:  0000 0000 0000 00                        .......
16:12:04.576350 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [.], ack 4, win 56, options [nop,nop,TS val 1252764147 ecr 1252765388], length 0
0x0000:  4500 0034 f6d3 4000 4006 a211 0a64 468c  E..4..@.@....dF.
0x0010:  0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0df  .dF."=.?.#_.....
0x0020:  8010 0038 7448 0000 0101 080a 4aab a9f3  ...8tH......J...
0x0030:  4aab aecc 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....
16:12:10.538982 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [F.], seq 4, ack 1, win 56, options [nop,nop,TS val 1252766879 ecr 1252764147], length 0
0x0000:  4500 0034 5e1a 4000 4006 3acb 0a64 468b  E..4^.@.@.:..dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0df 8a23 5f20  .dF..?"=.....#_.
0x0020:  8011 0038 a205 0000 0101 080a 4aab b49f  ...8........J...
0x0030:  4aab a9f3 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....
16:12:10.578132 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [.], ack 5, win 56, options [nop,nop,TS val 1252765648 ecr 1252766879], length 0
0x0000:  4500 0034 f6d4 4000 4006 a210 0a64 468c  E..4..@.@....dF.
0x0010:  0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0e0  .dF."=.?.#_.....
0x0020:  8010 0038 6897 0000 0101 080a 4aab afd0  ...8h.......J...
0x0030:  4aab b49f 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....
16:12:12.719660 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [F.], seq 1, ack 5, win 56, options [nop,nop,TS val 1252766183 ecr 1252766879], length 0
0x0000:  4500 0034 f6d5 4000 4006 a20f 0a64 468c  E..4..@.@....dF.
0x0010:  0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0e0  .dF."=.?.#_.....
0x0020:  8011 0038 667f 0000 0101 080a 4aab b1e7  ...8f.......J...
0x0030:  4aab b49f 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....
16:12:12.719699 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [.], ack 2, win 56, options [nop,nop,TS val 1252767424 ecr 1252766183], length 0
0x0000:  4500 0034 b4c4 4000 4006 e420 0a64 468b  E..4..@.@....dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0e0 8a23 5f21  .dF..?"=.....#_!
0x0020:  8010 0038 645e 0000 0101 080a 4aab b6c0  ...8d^......J...
0x0030:  4aab b1e7 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....
       

         先来看看三次握手:

         1.  syn包为:

16:12:04.575911 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [S], seq 3601264859, win 14280, options [mss 1428,sackOK,TS val 1252765388 ecr 0,nop,wscale 8], length 0
0x0000:  4500 003c 5e17 4000 4006 3ac6 0a64 468b  E..<^.@.@.:..dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0db 0000 0000  .dF..?"=........
0x0020:  a002 37c8 a20d 0000 0204 0594 0402 080a  ..7.............
0x0030:  4aab aecc 0000 0000 0103 0308 0000 0000  J...............
0x0040:  0000 0000 0000 0000 0000 0000            ............
        解析一下:



       2. ack/syn包为:

16:12:04.576110 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [S.], seq 2317573919, ack 3601264860, win 14160, options [mss 1428,sackOK,TS val 1252764147 ecr 1252765388,nop,wscale 8], length 0
0x0000:  4500 003c 0000 4000 4006 98dd 0a64 468c  E..<..@.@....dF.
0x0010:  0a64 468b 223d 9f3f 8a23 5f1f d6a6 f0dc  .dF."=.?.#_.....
0x0020:  a012 3750 0e86 0000 0204 0594 0402 080a  ..7P............
0x0030:  4aab a9f3 4aab aecc 0103 0308 0000 0000  J...J...........
0x0040:  0000 0000 0000 0000 0000 0000            ............


         解析一下:



        3.  ack包为:

16:12:04.576132 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [.], ack 1, win 56, options [nop,nop,TS val 1252765388 ecr 1252764147], length 0
0x0000:  4500 0034 5e18 4000 4006 3acd 0a64 468b  E..4^.@.@.:..dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0dc 8a23 5f20  .dF..?"=.....#_.
0x0020:  8010 0038 a205 0000 0101 080a 4aab aecc  ...8........J...
0x0030:  4aab a9f3 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....
       解析一下:



         从上面三个包中可以清楚地看到序列化的关系, 这不就是大家影长看到的x/y, x+1/y, x+1/y+1吗?   其他信息, 也一目了然。

         再来看看数据发送的第4个包:

16:12:04.576228 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [P.], seq 1:4, ack 1, win 56, options [nop,nop,TS val 1252765388 ecr 1252764147], length 3
0x0000:  4500 0037 5e19 4000 4006 3ac9 0a64 468b  E..7^.@.@.:..dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0dc 8a23 5f20  .dF..?"=.....#_.
0x0020:  8018 0038 a208 0000 0101 080a 4aab aecc  ...8........J...
0x0030:  4aab a9f3 6162 6300 0000 0000 0000 0000  J...abc.........
0x0040:  0000 0000 0000 00                        .......
        解析一下:



        再看看第5个回包:

16:12:04.576350 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [.], ack 4, win 56, options [nop,nop,TS val 1252764147 ecr 1252765388], length 0
0x0000:  4500 0034 f6d3 4000 4006 a211 0a64 468c  E..4..@.@....dF.
0x0010:  0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0df  .dF."=.?.#_.....
0x0020:  8010 0038 7448 0000 0101 080a 4aab a9f3  ...8tH......J...
0x0030:  4aab aecc 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....
        解析一下:



        我们注意到, 这次的确认序列号增加了3, 为什么呢? 因为发送了3个字节, 对端接收到了3个字节。

        最后再来看看四次挥手包

        第6个包为:

16:12:10.538982 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [F.], seq 4, ack 1, win 56, options [nop,nop,TS val 1252766879 ecr 1252764147], length 0
0x0000:  4500 0034 5e1a 4000 4006 3acb 0a64 468b  E..4^.@.@.:..dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0df 8a23 5f20  .dF..?"=.....#_.
0x0020:  8011 0038 a205 0000 0101 080a 4aab b49f  ...8........J...
0x0030:  4aab a9f3 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....
       解析一下:



        第7个包为:

16:12:10.578132 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [.], ack 5, win 56, options [nop,nop,TS val 1252765648 ecr 1252766879], length 0
0x0000:  4500 0034 f6d4 4000 4006 a210 0a64 468c  E..4..@.@....dF.
0x0010:  0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0e0  .dF."=.?.#_.....
0x0020:  8010 0038 6897 0000 0101 080a 4aab afd0  ...8h.......J...
0x0030:  4aab b49f 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....

        解析一下:



       第8个包为:

16:12:12.719660 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [F.], seq 1, ack 5, win 56, options [nop,nop,TS val 1252766183 ecr 1252766879], length 0
0x0000:  4500 0034 f6d5 4000 4006 a20f 0a64 468c  E..4..@.@....dF.
0x0010:  0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0e0  .dF."=.?.#_.....
0x0020:  8011 0038 667f 0000 0101 080a 4aab b1e7  ...8f.......J...
0x0030:  4aab b49f 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....

       解析一下:



      第9个包为:

16:12:12.719699 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [.], ack 2, win 56, options [nop,nop,TS val 1252767424 ecr 1252766183], length 0
0x0000:  4500 0034 b4c4 4000 4006 e420 0a64 468b  E..4..@.@....dF.
0x0010:  0a64 468c 9f3f 223d d6a6 f0e0 8a23 5f21  .dF..?"=.....#_!
0x0020:  8010 0038 645e 0000 0101 080a 4aab b6c0  ...8d^......J...
0x0030:  4aab b1e7 0000 0000 0000 0000 0000 0000  J...............
0x0040:  0000 0000                                ....

        解析一下:



         一切一目了然, 通过代码时间和抓包分析, 再对着枯燥的书本看, 是不是清晰很多呢?

         先说这么多, 慢慢体会。
标签: 
相关文章推荐