Wireshark数据包分析之TCP协议包解读
2018-06-06 05:19
951 查看
*此篇博客仅作为个人笔记和学习参考
客户端发送链接请求,此时处于等待确认状态;服务端收到请求,回应确认请求;最后客户端确认;建立完毕,开始传输数据!
客户端发送断开请求,此时处于等待确认状态;服务端收到请求,回应确认请求,并再次确认是否断开;客户端最后确认;断开链接!
#TCP,源端口:52777,目标端口:80#
Source Port: 52777 (52777) #源端口#
Destination Port: http (80) #目标端口#
[Stream index: 1] #流节点号#
Sequence number: 0 (relative sequence number) #序列号#
Acknowledgment number: 0 #确认编号#
Header Length: 32 bytes #首部长度#
Flags: 0x002 (SYN) #标志#
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set #紧急指针#
.... ...0 .... = Acknowledgment: Not set #确认编号#
.... .... 0... = Push: Not set #紧急位#
.... .... .0.. = Reset: Not set #重置#
.... .... ..1. = Syn: Set #SYN标志位#
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #专家信息#
[Connection establish request (SYN): server port 80] #消息#
[Severity level: Chat] #安全级别#
[Group: Sequence] #组#
.... .... ...0 = Fin: Not set #FIN标志位#
Window size value: 8192 #窗口大小#
[Calculated window size: 8192] #估计的窗口大小#
Checksum: 0x0a48 [unverified] #校验和#
Urgent pointer: 0 #紧急指针#
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #选项#
Maximum segment size: 1460 bytes #最大段大小#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
TCP SACK Permitted Option: True #TCP SACK允许选项#
#TCP,源端口:80,目标端口:52777#
Source Port: http (80) #源端口#
Destination Port: 52777 (52777) #目标端口#
[Stream index: 1] #流节点号#
Sequence number: 0 (relative sequence number) #序列号#
Acknowledgment number: 1 (relative ack number) #确认编号#
Header Length: 32 bytes #首部长度#
Flags: 0x012 (SYN, ACK) #标志#
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set #紧急指针#
.... ...1 .... = Acknowledgment: Not set #确认编号#
.... .... 0... = Push: Not set #紧急位#
.... .... .0.. = Reset: Not set #重置#
.... .... ..1. = Syn: Set #SYN标志位#
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #专家信息#
[Connection establish request (SYN): server port 80] #消息#
[Severity level: Chat] #安全级别#
[Group: Sequence] #组#
.... .... ...0 = Fin: Not set #FIN标志位#
Window size value: 8192 #窗口大小#
[Calculated window size: 8192] #估计的窗口大小#
Checksum: 0x0a48 [unverified] #校验和#
Urgent pointer: 0 #紧急指针#
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #选项#
Maximum segment size: 1460 bytes #最大段大小#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
TCP SACK Permitted Option: True #TCP SACK允许选项#
[SEQ/ACK analysis] #序列号 确认编号分析#
[This is an ACK to the segment in frame: 4]
[The RTT to ACK the segment was: 0.170392000 seconds]
[iRTT: 0.170478000 seconds]
#TCP,源端口:52777,目标端口:80#
Source Port: 52777 (52777) #源端口#
Destination Port: http (80) #目标端口#
[Stream index: 1] #流节点号#
Sequence number: 0 (relative sequence number) #序列号#
Acknowledgment number: 0 #确认编号#
Header Length: 32 bytes #首部长度#
Flags: 0x010 (ACK) #标志#
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set #紧急指针#
.... ...1 .... = Acknowledgment: Not set #确认编号#
.... .... 0... = Push: Not set #紧急位#
.... .... .0.. = Reset: Not set #重置#
.... .... ..0. = Syn: Set #SYN标志位#
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #专家信息#
[Connection establish request (SYN): server port 80] #消息#
[Severity level: Chat] #安全级别#
[Group: Sequence] #组#
.... .... ...0 = Fin: Not set #FIN标志位#
Window size value: 8192 #窗口大小#
[Calculated window size: 8192] #估计的窗口大小#
Checksum: 0x0a48 [unverified] #校验和#
Urgent pointer: 0 #紧急指针#
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #选项#
Maximum segment size: 1460 bytes #最大段大小#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
TCP SACK Permitted Option: True #TCP SACK允许选项#
[SEQ/ACK analysis] #序列号 确认编号分析#
[This is an ACK to the segment in frame: 13]
[The RTT to ACK the segment was: 0.000061000 seconds]
[iRTT: 0.168388000 seconds]
Flags: 0x011 (FIN, ACK)
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...1 = Fin: Set
Flags: 0x014 (RST, ACK)
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
三次握手建立连接(SYN标志)
客户端发送链接请求,此时处于等待确认状态;服务端收到请求,回应确认请求;最后客户端确认;建立完毕,开始传输数据!
四次握手断开连接(FIN标志)
客户端发送断开请求,此时处于等待确认状态;服务端收到请求,回应确认请求,并再次确认是否断开;客户端最后确认;断开链接!
TCP协议包首部格式
三次握手建立连接---分析
第一次握手(SYN)
Transmission Control Protocol, Src Port: 52777 (52777), Dst Port: http (80), Seq: 0, Len: 0#TCP,源端口:52777,目标端口:80#
Source Port: 52777 (52777) #源端口#
Destination Port: http (80) #目标端口#
[Stream index: 1] #流节点号#
Sequence number: 0 (relative sequence number) #序列号#
Acknowledgment number: 0 #确认编号#
Header Length: 32 bytes #首部长度#
Flags: 0x002 (SYN) #标志#
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set #紧急指针#
.... ...0 .... = Acknowledgment: Not set #确认编号#
.... .... 0... = Push: Not set #紧急位#
.... .... .0.. = Reset: Not set #重置#
.... .... ..1. = Syn: Set #SYN标志位#
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #专家信息#
[Connection establish request (SYN): server port 80] #消息#
[Severity level: Chat] #安全级别#
[Group: Sequence] #组#
.... .... ...0 = Fin: Not set #FIN标志位#
Window size value: 8192 #窗口大小#
[Calculated window size: 8192] #估计的窗口大小#
Checksum: 0x0a48 [unverified] #校验和#
Urgent pointer: 0 #紧急指针#
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #选项#
Maximum segment size: 1460 bytes #最大段大小#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
TCP SACK Permitted Option: True #TCP SACK允许选项#
第二次握手(SYN/ACK)
Transmission Control Protocol, Src Port: http (80), Dst Port: 52777 (52777), Seq: 0, Ack: 1, Len: 0#TCP,源端口:80,目标端口:52777#
Source Port: http (80) #源端口#
Destination Port: 52777 (52777) #目标端口#
[Stream index: 1] #流节点号#
Sequence number: 0 (relative sequence number) #序列号#
Acknowledgment number: 1 (relative ack number) #确认编号#
Header Length: 32 bytes #首部长度#
Flags: 0x012 (SYN, ACK) #标志#
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set #紧急指针#
.... ...1 .... = Acknowledgment: Not set #确认编号#
.... .... 0... = Push: Not set #紧急位#
.... .... .0.. = Reset: Not set #重置#
.... .... ..1. = Syn: Set #SYN标志位#
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #专家信息#
[Connection establish request (SYN): server port 80] #消息#
[Severity level: Chat] #安全级别#
[Group: Sequence] #组#
.... .... ...0 = Fin: Not set #FIN标志位#
Window size value: 8192 #窗口大小#
[Calculated window size: 8192] #估计的窗口大小#
Checksum: 0x0a48 [unverified] #校验和#
Urgent pointer: 0 #紧急指针#
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #选项#
Maximum segment size: 1460 bytes #最大段大小#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
TCP SACK Permitted Option: True #TCP SACK允许选项#
[SEQ/ACK analysis] #序列号 确认编号分析#
[This is an ACK to the segment in frame: 4]
[The RTT to ACK the segment was: 0.170392000 seconds]
[iRTT: 0.170478000 seconds]
第三次握手(ACK)
Transmission Control Protocol, Src Port: 52777 (52777), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0#TCP,源端口:52777,目标端口:80#
Source Port: 52777 (52777) #源端口#
Destination Port: http (80) #目标端口#
[Stream index: 1] #流节点号#
Sequence number: 0 (relative sequence number) #序列号#
Acknowledgment number: 0 #确认编号#
Header Length: 32 bytes #首部长度#
Flags: 0x010 (ACK) #标志#
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set #紧急指针#
.... ...1 .... = Acknowledgment: Not set #确认编号#
.... .... 0... = Push: Not set #紧急位#
.... .... .0.. = Reset: Not set #重置#
.... .... ..0. = Syn: Set #SYN标志位#
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] #专家信息#
[Connection establish request (SYN): server port 80] #消息#
[Severity level: Chat] #安全级别#
[Group: Sequence] #组#
.... .... ...0 = Fin: Not set #FIN标志位#
Window size value: 8192 #窗口大小#
[Calculated window size: 8192] #估计的窗口大小#
Checksum: 0x0a48 [unverified] #校验和#
Urgent pointer: 0 #紧急指针#
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted #选项#
Maximum segment size: 1460 bytes #最大段大小#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
No-Operation (NOP) #无操作指令#
TCP SACK Permitted Option: True #TCP SACK允许选项#
[SEQ/ACK analysis] #序列号 确认编号分析#
[This is an ACK to the segment in frame: 13]
[The RTT to ACK the segment was: 0.000061000 seconds]
[iRTT: 0.168388000 seconds]
四次握手断开连接---分析
基本同上,SYN变成FIN,值为1;Flags: 0x011 (FIN, ACK)
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...1 = Fin: Set
TCP重置---分析
基本同上,SYN变成RST,值为1;Flags: 0x014 (RST, ACK)
.... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Wireshark数据包分析之UDP协议包解读
- Wireshark数据包分析之FTP协议包解读
- Wireshark数据包分析之HTTP协议包解读
- wireshark tcp 协议分析
- wireshark抓包分析 tcp协议三次握手
- Wireshark抓包分析TCP协议
- WireShark分析TCP协议
- 使用wireshark分析TCP ——以HTTP协议为例
- Wireshark抓包分析TCP协议
- Wireshark 认识捕获的分析数据包(及各个分层协议的介绍)
- Wireshark数据包分析之数据包信息解读
- wireshark tcp 协议分析
- 通过解读数据包内容对FTP协议的分析
- Wireshark数据包分析之ARP协议包解读
- Wireshark数据包分析之IP协议包解读
- Wireshark数据包分析之DNS协议包解读
- Wireshark实战分析之TCP协议
- Wireshark 认识捕获的分析数据包(及各个分层协议的介绍)
- VC++分析数据包实现TCP协议的分析