Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to use tcpdump to analyze three-way handshake and four waves, which has a certain reference value. Interested friends can refer to it. I hope you will gain a lot after reading this article.

Establishing a TCP connection means that when establishing a TCP connection, the client and server need to send a total of 3 packets to confirm the establishment of the connection. In socket programming, this process is triggered by the client executing connect. Because the TCP connection is full-duplex, disconnecting a TCP connection requires the client and the server to send four packets to confirm the disconnection.

Execute the tcpdump command tcpdump-n-I ens32 host 192.168.10.10 and 42.186.113.26 > > / tmp/tcpdump.txtping game.campus.163.com actual combat: tcpdump grab bag analysis three-way handshake four times wave hands actual combat: tcpdump grab bag analysis three-way handshake four times wave curl http://game.campus.163.com

When curl http://game.campus.163.com is over, stop ping game.campus.163.com Check / tmp/tcpdump.txt analysis bag grab results actual combat: tcpdump bag grab analysis three-way handshake four-time wave hands actual combat: tcpdump grab bag analysis three-way handshake four-way wave three-way handshake 20 IP 04.393437 IP 192.168.10.5.53250 > 42.186.113.26.http: Flags [S], seq 4039900133, win 29200, options [mss 1460 sackOKLG TS val 304628816 ecr 0MennopPowerWScale 7] Length 020 seq 23 IP 04.421269 IP 42.186.113.26.http > 192.168.10.53250: Flags [S.], seq 874076341, ack 4039900134, win 64240, options [mss 1460], length 020 Flags 23 ack 04.421355 IP 192.168.10.53250 > 42.186.113.26.http: Flags [.], ack 1, win 29200, control bits in length 0TCP message format are composed of six flag bits One of them is that an ACK,ACK of 1 means that the confirmation number is valid, and a value of 0 means that the message does not contain confirmation information, and the confirmation number field is ignored. Wave 20 seq 23 IP 05.560319 IP 42.186.113.26.http > 192.168.10.53250 > 42.186.113.26.http: Flags [F.], seq 84, ack 364592, win 64240, length 020 IP 05.560487 IP 42.186.113.26.http > 192.168.10.5.53250: Flags [.], ack 85, win 64239, length 020 2323 RV 05.586700 IP 42.186.113.26.http > 192.168.10.53250: Flags [FP.], seq 364592, ack 85, win 64239 Length 020 ack 23 length 05.586735 IP 192.168.10.10.53250 > Flags: ack 364593, win 64240, length Thank you for reading this article carefully I hope the article "how to use tcpdump to analyze three handshakes and four waves" shared by the editor will be helpful to everyone. At the same time, I hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.