欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

TCP协议

程序员文章站 2022-07-01 17:19:10
...

TCP

A -> SYN 敲门有人在吗? -> B
A <- SYN,ACK有人在喔  <- B
A -> ACK ,好的我要东西給你 ->B
A -> ACK,PSH 东西 -> B
A <- ACK 收到 <-B

Step 1 Packet# 1

客户端10.44.124.5向93.184.216.34提出建立连接的申请, 发送数据包+SYN

TCP协议

因为sync包没有实际的数据,所以数据长度为0。Wireshark把sequence number设置为0。

The actual value would be a 32 bit randomly selected number which we humans will find hard to keep up with. From the screenshot you can see the actual SEQ number from the client is 1932704549 (I have also attached the picture which shows the actual 32 bits sequence number below)

TCP协议

Step 2 Packet# 2

In step 2, the server will respond to the client with ACK and SYN bit set. Like step 1, Length of the data is zero, no data is transmitted in this stage. The sequence number is set to 0 (relative) and acknowledges the request of the client for synchronization.  The server sends an acknowledgment of 1 to the client. The ACK is specific to the SYN the client sent. The acknowledge number is set to one more than the receive sequence number.

TCP协议

Step 3 Packet# 3

Finally, the client acknowledges the server’s request for synchronization with ACK 1. The ACK is specific to the SYN the server sent. The acknowledge number is set to one more than the receive sequence number.

TCP协议

TCP标记和他们的意义如下所列:

* F : FIN  - 结束; 结束会话
* S : SYN  - 同步; 表示开始会话请求
* R : RST  - 复位;中断一个连接
* P : PUSH - 推送; 数据包立即发送
* A : ACK  - 应答
* U : URG  - 紧急
* E : ECE  - 显式拥塞提醒回应
* W : CWR  - 拥塞窗口减少

TCP Flags详解:http://www.firewall.cx/networking-topics/protocols/tcp/136-tcp-flag-options.html

  • TCP协议

tcpdump

sudo tcpdump -i any -s 0 dst port 111 -Z root -w target.pcap

wireshark

ip
tcp

WireShark出现的常见提示 

  • TCP Out_of_Order的原因分析: 

一般来说是网络拥塞,导致顺序包抵达时间不同,延时太长,或者包丢失,需要重新组合数据单元,因为他们可能是由不同的路径到达你的电脑上面。 

  • TCP Retransmission原因分析: 

很明显是上面的超时引发的数据重传。 

  • TCP dup ack XXX#X原因分析: 

就是重复应答#前的表示报文到哪个序号丢失,#后面的是表示第几次丢失。 

  • tcp previous segment not captured原因分析 

意思就是报文没有捕捉到,出现报文的丢失。 
 

 

 

上一篇: 进程通信

下一篇: TCP协议