Shulou(Shulou.com)06/01 Report--

1. The header format of the TCP message paragraph

Description:

ACK: the TCP protocol stipulates that only ACK=1 is valid, and that the ACK of all messages sent after the connection is established must be 1.

SYN (SYNchronization): used to synchronize sequence numbers when a connection is established. When SYN=1 and ACK=0, it indicates that this is a connection request message. If the other party agrees to establish a connection, it should use SYN=1 and ACK=1. Therefore, a SYN setting of 1 indicates that this is a connection request or connection acceptance message

FIN (finis) means finalization, which is used to release a connection. When FIN = 1, the data of the sender of this message segment has been sent and the connection is required to be released.

2. The whole process of three-way handshake when tcp is connected and 4 waving when disconnected

2.1 specific process of tcp three-way handshake

1) first, Client sends out the request connection, namely SYN=1, and declares its serial number is seq=x (can I send you the data? )

2) then Server confirms the reply, that is, SYN=1, declares that its serial number is seq=y and sets it to ack=x+1 (OK)

3) finally, Client confirms again and sets seq=x+1 and ack=y+1 (OK)

Note: seq serial number range: 2 ^ 32-1 to maximum, starting with 0

Seq serial number function: the server uses this serial number to group data

2.2 use tcpdump to grab packets to view the tcp three-way handshake process

Parameter description:

-c specify the number of packages

-n IP, port displayed digitally

-I specifies the network card, which defaults to eth0

-X displays the protocol header and package contents in hexadecimal and ASCII form, which is very useful for protocol analysis.

-e output adds Ethernet frame header information

-F specifies the file where the filter expression is located

-w saves the traffic to a file in binary format

-r read parameter-w saved file

Port designated port

1) 192.168.1.24 machine establishes ssh connection

Ssh root@192.168.1.124

Note: ssh also belongs to tcp connection. During the process of grabbing data packets, another server, ssh, logs in to the server and can complete three handshakes without entering a password.

2) 192.168.1.123 machine

Grab the package tcpdump port 22-c 3-n

Note: s in Flags [S] is denoted as SYN package 1

The client host returns ACK, and the package serial number is ack=1, which is the relative serial number. If you need to see the absolute serial number, you can add-S to the tcpdump command.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.