简要分析并搞懂9个tcp基础包------三次握手 + 发送数据并收到确认 + 四次挥手
之前我们说过tcp三次握手(3个tcp包), 说过send函数(2个tcp包), 说过四次挥手(4个tcp包), 本文中, 我们来看看, 这9个包到底是怎样的!
服务端代码:
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int main()
{
int sockSrv = socket(AF_INET, SOCK_STREAM, 0);
struct sockaddr_in addrSrv;
addrSrv.sin_family = AF_INET;
addrSrv.sin_addr.s_addr = INADDR_ANY;
addrSrv.sin_port = htons(8765);
bind(sockSrv, (const struct sockaddr *)&addrSrv, sizeof(struct sockaddr_in));
listen(sockSrv, 5);
struct sockaddr_in addrClient;
int len = sizeof(struct sockaddr_in);
int sockConn = accept(sockSrv, (struct sockaddr *)&addrClient, (socklen_t*)&len);
unsigned int total = 0;
char szRecvBuf[128] = {0};
int iRet = recv(sockConn, szRecvBuf, sizeof(szRecvBuf) - 1, 0);
printf("iRet is %u\n", iRet);
getchar();
close(sockConn);
close(sockSrv);
return 0;
}
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int main()
{
int sockClient = socket(AF_INET, SOCK_STREAM, 0);
struct sockaddr_in addrSrv;
addrSrv.sin_addr.s_addr = inet_addr("10.100.70.140");
addrSrv.sin_family = AF_INET;
addrSrv.sin_port = htons(8765);
connect(sockClient, ( const struct sockaddr *)&addrSrv, sizeof(struct sockaddr_in));
char szSendBuf[] = "abc";
int iRet = send(sockClient, szSendBuf, strlen(szSendBuf) , 0);
printf("send size is %d, iRet is %d\n", strlen(szSendBuf), iRet);
getchar();
close(sockClient);
return 0;
}
xxxxxx$ sudo tcpdump -iany port 8765 -Xnlps0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
16:12:04.575911 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [S], seq 3601264859, win 14280, options [mss 1428,sackOK,TS val 1252765388 ecr 0,nop,wscale 8], length 0
0x0000: 4500 003c 5e17 4000 4006 3ac6 0a64 468b E..<^.@.@.:..dF.
0x0010: 0a64 468c 9f3f 223d d6a6 f0db 0000 0000 .dF..?"=........
0x0020: a002 37c8 a20d 0000 0204 0594 0402 080a ..7.............
0x0030: 4aab aecc 0000 0000 0103 0308 0000 0000 J...............
0x0040: 0000 0000 0000 0000 0000 0000 ............
16:12:04.576110 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [S.], seq 2317573919, ack 3601264860, win 14160, options [mss 1428,sackOK,TS val 1252764147 ecr 1252765388,nop,wscale 8], length 0
0x0000: 4500 003c 0000 4000 4006 98dd 0a64 468c E..<..@[email protected].
0x0010: 0a64 468b 223d 9f3f 8a23 5f1f d6a6 f0dc .dF."=.?.#_.....
0x0020: a012 3750 0e86 0000 0204 0594 0402 080a ..7P............
0x0030: 4aab a9f3 4aab aecc 0103 0308 0000 0000 J...J...........
0x0040: 0000 0000 0000 0000 0000 0000 ............
16:12:04.576132 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [.], ack 1, win 56, options [nop,nop,TS val 1252765388 ecr 1252764147], length 0
0x0000: 4500 0034 5e18 4000 4006 3acd 0a64 468b E..4^.@.@.:..dF.
0x0010: 0a64 468c 9f3f 223d d6a6 f0dc 8a23 5f20 .dF..?"=.....#_.
0x0020: 8010 0038 a205 0000 0101 080a 4aab aecc ...8........J...
0x0030: 4aab a9f3 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
16:12:04.576228 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [P.], seq 1:4, ack 1, win 56, options [nop,nop,TS val 1252765388 ecr 1252764147], length 3
0x0000: 4500 0037 5e19 4000 4006 3ac9 0a64 468b E..7^.@.@.:..dF.
0x0010: 0a64 468c 9f3f 223d d6a6 f0dc 8a23 5f20 .dF..?"=.....#_.
0x0020: 8018 0038 a208 0000 0101 080a 4aab aecc ...8........J...
0x0030: 4aab a9f3 6162 6300 0000 0000 0000 0000 J...abc.........
0x0040: 0000 0000 0000 00 .......
16:12:04.576350 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [.], ack 4, win 56, options [nop,nop,TS val 1252764147 ecr 1252765388], length 0
0x0000: 4500 0034 f6d3 4000 4006 a211 0a64 468c E..4..@[email protected].
0x0010: 0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0df .dF."=.?.#_.....
0x0020: 8010 0038 7448 0000 0101 080a 4aab a9f3 ...8tH......J...
0x0030: 4aab aecc 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
16:12:10.538982 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [F.], seq 4, ack 1, win 56, options [nop,nop,TS val 1252766879 ecr 1252764147], length 0
0x0000: 4500 0034 5e1a 4000 4006 3acb 0a64 468b E..4^.@.@.:..dF.
0x0010: 0a64 468c 9f3f 223d d6a6 f0df 8a23 5f20 .dF..?"=.....#_.
0x0020: 8011 0038 a205 0000 0101 080a 4aab b49f ...8........J...
0x0030: 4aab a9f3 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
16:12:10.578132 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [.], ack 5, win 56, options [nop,nop,TS val 1252765648 ecr 1252766879], length 0
0x0000: 4500 0034 f6d4 4000 4006 a210 0a64 468c E..4..@[email protected].
0x0010: 0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0e0 .dF."=.?.#_.....
0x0020: 8010 0038 6897 0000 0101 080a 4aab afd0 ...8h.......J...
0x0030: 4aab b49f 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
16:12:12.719660 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [F.], seq 1, ack 5, win 56, options [nop,nop,TS val 1252766183 ecr 1252766879], length 0
0x0000: 4500 0034 f6d5 4000 4006 a20f 0a64 468c E..4..@[email protected].
0x0010: 0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0e0 .dF."=.?.#_.....
0x0020: 8011 0038 667f 0000 0101 080a 4aab b1e7 ...8f.......J...
0x0030: 4aab b49f 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
16:12:12.719699 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [.], ack 2, win 56, options [nop,nop,TS val 1252767424 ecr 1252766183], length 0
0x0000: 4500 0034 b4c4 4000 4006 e420 0a64 468b E..4..@[email protected].
0x0010: 0a64 468c 9f3f 223d d6a6 f0e0 8a23 5f21 .dF..?"=.....#_!
0x0020: 8010 0038 645e 0000 0101 080a 4aab b6c0 ...8d^......J...
0x0030: 4aab b1e7 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
先来看看三次握手:
1. syn包为:
16:12:04.575911 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [S], seq 3601264859, win 14280, options [mss 1428,sackOK,TS val 1252765388 ecr 0,nop,wscale 8], length 0
0x0000: 4500 003c 5e17 4000 4006 3ac6 0a64 468b E..<^.@.@.:..dF.
0x0010: 0a64 468c 9f3f 223d d6a6 f0db 0000 0000 .dF..?"=........
0x0020: a002 37c8 a20d 0000 0204 0594 0402 080a ..7.............
0x0030: 4aab aecc 0000 0000 0103 0308 0000 0000 J...............
0x0040: 0000 0000 0000 0000 0000 0000 ............
2. ack/syn包为:
16:12:04.576110 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [S.], seq 2317573919, ack 3601264860, win 14160, options [mss 1428,sackOK,TS val 1252764147 ecr 1252765388,nop,wscale 8], length 0
0x0000: 4500 003c 0000 4000 4006 98dd 0a64 468c E..<..@[email protected].
0x0010: 0a64 468b 223d 9f3f 8a23 5f1f d6a6 f0dc .dF."=.?.#_.....
0x0020: a012 3750 0e86 0000 0204 0594 0402 080a ..7P............
0x0030: 4aab a9f3 4aab aecc 0103 0308 0000 0000 J...J...........
0x0040: 0000 0000 0000 0000 0000 0000 ............解析一下:
3. ack包为:
16:12:04.576132 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [.], ack 1, win 56, options [nop,nop,TS val 1252765388 ecr 1252764147], length 0
0x0000: 4500 0034 5e18 4000 4006 3acd 0a64 468b E..4^.@.@.:..dF.
0x0010: 0a64 468c 9f3f 223d d6a6 f0dc 8a23 5f20 .dF..?"=.....#_.
0x0020: 8010 0038 a205 0000 0101 080a 4aab aecc ...8........J...
0x0030: 4aab a9f3 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
从上面三个包中可以清楚地看到序列化的关系, 这不就是大家影长看到的x/y, x+1/y, x+1/y+1吗? 其他信息, 也一目了然。
再来看看数据发送的第4个包:
16:12:04.576228 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [P.], seq 1:4, ack 1, win 56, options [nop,nop,TS val 1252765388 ecr 1252764147], length 3
0x0000: 4500 0037 5e19 4000 4006 3ac9 0a64 468b E..7^.@.@.:..dF.
0x0010: 0a64 468c 9f3f 223d d6a6 f0dc 8a23 5f20 .dF..?"=.....#_.
0x0020: 8018 0038 a208 0000 0101 080a 4aab aecc ...8........J...
0x0030: 4aab a9f3 6162 6300 0000 0000 0000 0000 J...abc.........
0x0040: 0000 0000 0000 00 .......
再看看第5个回包:
16:12:04.576350 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [.], ack 4, win 56, options [nop,nop,TS val 1252764147 ecr 1252765388], length 0
0x0000: 4500 0034 f6d3 4000 4006 a211 0a64 468c E..4..@[email protected].
0x0010: 0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0df .dF."=.?.#_.....
0x0020: 8010 0038 7448 0000 0101 080a 4aab a9f3 ...8tH......J...
0x0030: 4aab aecc 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
我们注意到, 这次的确认序列号增加了3, 为什么呢? 因为发送了3个字节, 对端接收到了3个字节。
最后再来看看四次挥手包
第6个包为:
16:12:10.538982 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [F.], seq 4, ack 1, win 56, options [nop,nop,TS val 1252766879 ecr 1252764147], length 0
0x0000: 4500 0034 5e1a 4000 4006 3acb 0a64 468b E..4^.@.@.:..dF.
0x0010: 0a64 468c 9f3f 223d d6a6 f0df 8a23 5f20 .dF..?"=.....#_.
0x0020: 8011 0038 a205 0000 0101 080a 4aab b49f ...8........J...
0x0030: 4aab a9f3 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
第7个包为:
16:12:10.578132 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [.], ack 5, win 56, options [nop,nop,TS val 1252765648 ecr 1252766879], length 0
0x0000: 4500 0034 f6d4 4000 4006 a210 0a64 468c E..4..@[email protected].
0x0010: 0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0e0 .dF."=.?.#_.....
0x0020: 8010 0038 6897 0000 0101 080a 4aab afd0 ...8h.......J...
0x0030: 4aab b49f 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....解析一下:
第8个包为:
16:12:12.719660 IP 10.100.70.140.ultraseek-http > 10.100.70.139.40767: Flags [F.], seq 1, ack 5, win 56, options [nop,nop,TS val 1252766183 ecr 1252766879], length 0
0x0000: 4500 0034 f6d5 4000 4006 a20f 0a64 468c E..4..@[email protected].
0x0010: 0a64 468b 223d 9f3f 8a23 5f20 d6a6 f0e0 .dF."=.?.#_.....
0x0020: 8011 0038 667f 0000 0101 080a 4aab b1e7 ...8f.......J...
0x0030: 4aab b49f 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....解析一下:
第9个包为:
16:12:12.719699 IP 10.100.70.139.40767 > 10.100.70.140.ultraseek-http: Flags [.], ack 2, win 56, options [nop,nop,TS val 1252767424 ecr 1252766183], length 0
0x0000: 4500 0034 b4c4 4000 4006 e420 0a64 468b E..4..@[email protected].
0x0010: 0a64 468c 9f3f 223d d6a6 f0e0 8a23 5f21 .dF..?"=.....#_!
0x0020: 8010 0038 645e 0000 0101 080a 4aab b6c0 ...8d^......J...
0x0030: 4aab b1e7 0000 0000 0000 0000 0000 0000 J...............
0x0040: 0000 0000 ....
解析一下:
一切一目了然, 通过代码时间和抓包分析, 再对着枯燥的书本看, 是不是清晰很多呢?
先说这么多, 慢慢体会。