wireshark抓取分析TCP数据包的三次握手

编译运行DaytimeClient，访问"time.nist.gov" 获取时间信息。

package tcpClient.daytime;
import java.io.IOException;import java.io.InputStream;import java.io.InputStreamReader;import java.net.Socket;import java.nio.charset.StandardCharsets;/** * 使用客户端获取时间，协议指定的字节必须是ASCII */public class DaytimeClient {    public static void main(String[] args) {        String hostname = args.length > 0 ? args[0] : "time.nist.gov";        Socket socket = null;        try {            socket = new Socket(hostname, 13);            socket.setSoTimeout(15000);            InputStream in = socket.getInputStream();            StringBuilder time = new StringBuilder();            InputStreamReader reader = new InputStreamReader(in, StandardCharsets.US_ASCII);            for (int c = reader.read();c != -1;c = reader.read()){                time.append((char) c);            }            System.out.println("time = " + time);        } catch (IOException e) {            e.printStackTrace();        } finally {            if (socket != null) {                try {                    socket.close();                } catch (IOException e) {                    e.printStackTrace();                }            }        }    }}

    使用wireshark监听daytime客户端连接服务器的数据报，过滤规则：tcp.port eq 13握手过程：数据包编号No.16-No.20。

握手一：数据包No.16，本地IP10.1.1.64端口52528向远程IP132.163.86.4端口13发起连接请求SYN。

Transmission Control Protocol, Src Port: 52528, Dst Port: 13, Seq: 0, Len: 0
  Source Port: 52528//源端口
  Destination Port: 13//目的端口
  [Stream index: 2]//流索引
  [TCP Segment Len: 0]//此片TCP数据段长度
  Sequence number: 0   (relative sequence number)//序列号(相对序列号)
  [Next sequence number: 0   (relative sequence number)]
  Acknowledgment number: 0//确认序列号
  1010 .... = Header Length: 40 bytes (10)//首部长度
  Flags: 0x002 (SYN)//标志位
      000. .... .... = Reserved: Not set
      ...0 .... .... = Nonce: Not set
      .... 0... .... = Congestion Window Reduced (CWR): Not set
      .... .0.. .... = ECN-Echo: Not set
      .... ..0. .... = Urgent: Not set
      .... ...0 .... = Acknowledgment: Not set
      .... .... 0... = Push: Not set
      .... .... .0.. = Reset: Not set
      .... .... ..1. = Syn: Set//标志当前报文用于同步序号来发起一个连接
          [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 13]//详细信息：连接建立请求
              [Connection establish request (SYN): server port 13]
              [Severity level: Chat]
              [Group: Sequence]
      .... .... ...0 = Fin: Not set
      [TCP Flags: ··········S·]
  Window size value: 29200//窗口大小
  [Calculated window size: 29200]
  Checksum: 0xf016 [unverified]//校验和
  [Checksum Status: Unverified]
  Urgent pointer: 0//紧急指针
  Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale//可选项
      TCP Option - Maximum segment size: 1460 bytes//MSS 1460字节
      TCP Option - SACK permitted
      TCP Option - Timestamps: TSval 2795695397, TSecr 0
      TCP Option - No-Operation (NOP)
      TCP Option - Window scale: 7 (multiply by 128)
  [Timestamps]//时间戳
      [Time since first frame in this TCP stream: 0.000000000 seconds]
      [Time since previous frame in this TCP stream: 0.000000000 seconds]

客户端发送SYN=1，seq=0给远程服务器，发送成功后进入SYN_Sent状态。

握手二：数据包No.19，远程服务器回复本地主机的SYN报文。

Transmission Control Protocol, Src Port: 13, Dst Port: 52528, Seq: 0, Ack: 1, Len: 0
  Source Port: 13
  Destination Port: 52528
  [Stream index: 2]
  [TCP Segment Len: 0]
  Sequence number: 0   (relative sequence number)
  [Next sequence number: 0   (relative sequence number)]
  Acknowledgment number: 1   (relative ack number)//确认序列号从0变为1
  1010 .... = Header Length: 40 bytes (10)
  Flags: 0x012 (SYN, ACK)//标志位
      000. .... .... = Reserved: Not set
      ...0 .... .... = Nonce: Not set
      .... 0... .... = Congestion Window Reduced (CWR): Not set
      .... .0.. .... = ECN-Echo: Not set
      .... ..0. .... = Urgent: Not set
      .... ...1 .... = Acknowledgment: Set//ACK置1
      .... .... 0... = Push: Not set
      .... .... .0.. = Reset: Not set
      .... .... ..1. = Syn: Set//SYN置1
          [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 13]//连接建立确认
              [Connection establish acknowledge (SYN+ACK): server port 13]
              [Severity level: Chat]
              [Group: Sequence]
      .... .... ...0 = Fin: Not set
      [TCP Flags: ·······A··S·]
  Window size value: 65535//窗口大小
  [Calculated window size: 65535]
  Checksum: 0x0616 [unverified]//校验和
  [Checksum Status: Unverified]
  Urgent pointer: 0
  Options: (20 bytes), Maximum segment size, No-Operation (NOP), Window scale, SACK permitted, Timestamps可选项
      TCP Option - Maximum segment size: 1412 bytes//MSS 1412字节
      TCP Option - No-Operation (NOP)
      TCP Option - Window scale: 6 (multiply by 64)
      TCP Option - SACK permitted
      TCP Option - Timestamps: TSval 2251642254, TSecr 2795695397
  [SEQ/ACK analysis]
      [This is an ACK to the segment in frame: 16]
      [The RTT to ACK the segment was: 0.270227949 seconds]//本次RTT值
      [iRTT: 0.270281602 seconds]//总RTT值
  [Timestamps]//时间戳，发送上一个报文到收到这个报文经过了0.27s
      [Time since first frame in this TCP stream: 0.270227949 seconds]
      [Time since previous frame in this TCP stream: 0.270227949 seconds]

服务器收到客户端发的SYN后，响应了一个seq=0，ack=1，SYN=1，ACK=1的响应报文。发送成功后进入SYN_RCVD状态。

握手三：数据包No.20，本地客户端发送ACK以建立连接

Transmission Control Protocol, Src Port: 52528, Dst Port: 13, Seq: 1, Ack: 1, Len: 0
  Source Port: 52528
  Destination Port: 13
  [Stream index: 2]
  [TCP Segment Len: 0]
  Sequence number: 1   (relative sequence number)
  [Next sequence number: 1   (relative sequence number)]
  Acknowledgment number: 1   (relative ack number)//确认序列号从0变为1
  1000 .... = Header Length: 32 bytes (8)//首部长度32字节
  Flags: 0x010 (ACK)
      000. .... .... = Reserved: Not set
      ...0 .... .... = Nonce: Not set
      .... 0... .... = Congestion Window Reduced (CWR): Not set
      .... .0.. .... = ECN-Echo: Not set
      .... ..0. .... = Urgent: Not set
      .... ...1 .... = Acknowledgment: Set//ACK置1
      .... .... 0... = Push: Not set
      .... .... .0.. = Reset: Not set
      .... .... ..0. = Syn: Not set
      .... .... ...0 = Fin: Not set
      [TCP Flags: ·······A····]
  Window size value: 229//窗口大小
  [Calculated window size: 29312]
  [Window size scaling factor: 128]
  Checksum: 0xf00e [unverified]
  [Checksum Status: Unverified]
  Urgent pointer: 0
  Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
      TCP Option - No-Operation (NOP)
      TCP Option - No-Operation (NOP)
      TCP Option - Timestamps: TSval 2795695667, TSecr 2251642254
  [SEQ/ACK analysis]
      [This is an ACK to the segment in frame: 19]
      [The RTT to ACK the segment was: 0.000053653 seconds]
      [iRTT: 0.270281602 seconds]
  [Timestamps]
      [Time since first frame in this TCP stream: 0.270281602 seconds]
      [Time since previous frame in this TCP stream: 0.000053653 seconds]

客户端发送seq=1，ack=1，ACK=1的确认报文，进入ESTABLISHED状态。在服务器收到此报文后也进入ESTABLISHED。至此连接已经建立完成。

注：本文为小yip原创，未经许可不得在任何平台转载。如需转载，与作者联系~

欢迎加入linux交流群：734638086，分享工作经验。

关注微信公众号：技术训练营（微信ID：TechBootcamp），获取更多资讯～

微信扫一扫，发现更精彩。