20-tcp连接建立实验
TCP连接建立实验
现在我们用浏览器访问hao123站点为例,通过wireshark抓包软件来看一下计算机通信时tcp连接的建立具体过程。主机ip为10.254.3.40,我们访问以下www.hao123.com网站,ip地址为111.13.100.2。
打开wireshark抓包软件开始抓包,打开浏览器访问www.hao123.com网站后,停止抓包并过滤出tcp数据报,如图:
以上是我们抓到的数据报,这里我们重点关注24,28,29这几个数据报。先说24这个数据报,这个数据报是主机访问www.hao123.com网站发起的第一个连接请求,从软件抓到的数据报的信息来看,本地主机是52736端口,访问的是443端口,不是想象中的80端口(网站使用的http协议默认是80端口),这是因为hao123网站使用的是https协议,而https协议使用的端口就是443端口。
为了便于我们分析这里使用的是相对序号,而实际的三次握手过程中序号是随机生成的绝对序号值,而且这个值往往非常大,我们重点注意tcp首部中的窗口,控制字段中的SYN和ACK标志位,序号,确认号等这些字段。
第一次握手
分析24这个tcp数据报格式:
Transmission Control Protocol, Src Port: 52736, Dst Port: 443, Seq: 0, Len: 0
Source Port: 52736
Destination Port: 443
[Stream index: 0]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number) //第一次客户端发送的序列号是0,即SEQ = 0,注意:这是wireshark工具经过处理的相对序号,实际上的序号是随机产生的一个很大的值
Acknowledgment number: 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set //SYN = 1,客户端发送的是一个连接请求
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 8192 //窗口大小为8192字节
[Calculated window size: 8192]
Checksum: 0xfb80 [correct]
[Checksum Status: Good]
[Calculated Checksum: 0xfb80]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted第二次握手
分析28这个tcp数据报格式:
Transmission Control Protocol, Src Port: 443, Dst Port: 52736, Seq: 0, Ack: 1, Len: 0
Source Port: 443
Destination Port: 52736
[Stream index: 0]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number) //服务端发送的序列号值为 :SEQ = 0
Acknowledgment number: 1 (relative ack number) //服务端发送的确认回复消息:ACK = 0 + 1
1000 .... = Header Length: 32 bytes (8)
Flags: 0x012 (SYN, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set //ACK = 1,SYN = 1,说明服务端发送的是一个确认消息 ACK + SYN
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set //SYN标志位置1
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A··S·]
Window size value: 8192 //窗口大小为8192字节
[Calculated window size: 8192]
Checksum: 0x83ba [correct]
[Checksum Status: Good]
[Calculated Checksum: 0x83ba]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
[SEQ/ACK analysis]第三次握手
分析29这个tcp数据报格式:
Transmission Control Protocol, Src Port: 52736, Dst Port: 443, Seq: 1, Ack: 1, Len: 0
Source Port: 52736
Destination Port: 443
[Stream index: 0]
[TCP Segment Len: 0]
Sequence number: 1 (relative sequence number) //客户端发送服务器所期望的序列号值:1
Acknowledgment number: 1 (relative ack number) //ACK = 1 , 表示客户端期望服务器下一次发送的序列号值是1
0101 .... = Header Length: 20 bytes (5)
Flags: 0x010 (ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set //ACK = 1,说明客户端发送了一个确认回复消息
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window size value: 16560 //窗口大小为16560字节
[Calculated window size: 66240]
[Window size scaling factor: 4]
Checksum: 0xa3c6 [correct]
[Checksum Status: Good]
[Calculated Checksum: 0xa3c6]
Urgent pointer: 0
[SEQ/ACK analysis]
总结:通过上述可以看出,客户端和服务端在建立tcp连接时发送了三个报文,因此也称为三次握手。三次握手不仅仅让双方建立一个tcp连接,同时还可以利用tcp报文中的序号字段(Sequence number)来交换初始序列号(Initial Sequence number)。