Shulou(Shulou.com)06/02 Report--

Today, I will talk to you about how to use wireshark to analyze tcp. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Use wireshark today to analyze some of the principles of tcp. First, let's set up a tcp server.

Const net = require ('net')

Net.createServer (). Listen (11111)

Set up another tcp client.

Const net = require ('net')

Net.connect ({port: 11111, host: '192.168.226'})

Let's analyze it on a case-by-case basis.

1 do not start the server, start the client.

Let's take a look at tcp's performance in this situation. Take a look at the overview first.

We saw that tcp first sent a syn package.

Because the server did not start, the client did not receive the sync+ack packet and retransmitted it twice. In the end, it was wrong.

2 start the server and the client.

Let's see what a complete tcp handshake looks like.

First the client sends a sync packet with seq equal to 0, and then the server returns a tcp packet of sync+ack. And the serial number of the confirmation is 1. That is, the serial number before 1 has been received. Finally, the client sends an ack packet. At this time, seq is equal to 1, indicating that the handshake occupies the serial number. Ack is also equal to 1. The client tells the server that the previous sequence has been received. This completes the three handshakes. So what does a three-way handshake mean? How did it come true? The essence of the three-way handshake is to record some context at both ends. For example, the server records which ip port I have established a connection with. Well, the next time the client receives the packet, the server will look in this table to see if there is a record, and if so, it means that a connection has been established, which is a legitimate request. Otherwise, send the reset packet to the client (we can construct a tcp message in C language).

3 the client is down (or the server is down)

Let's take a look at what tcp does if the client hangs up directly.

We see that tcp will send a reset package to the server.

4 the client (or server) closes the connection normally

Let's change the client code first.

Const net = require ('net')

Const socket = net.connect ({port: 11111, host: '192.168.226'})

Socket.on ('connect', (client) = > {

Socket.destroy ()

})

The above code causes the client to start a four-way handshake to close the connection immediately after completing the three-way handshake. Let's see what tcp does.

We only look at the last four lines (four waves). First, the client sends a fin packet, but we find that seq is equal to 1, indicating that the fin package does not consume serial numbers. Similarly, the server first returns an ack package. Then send a fin packet until the client returns ack. The last time the client sends an ack, it needs to wait until 2msl. The ip and port can be reused unless port reuse is set.

5 both ends are closed together

Let's change the server code, too.

Const net = require ('net')

Net.createServer ((socket) = > {

Socket.destroy ()

}) .customers (11111)

When the server completes the three-way handshake, it immediately sends the fin packet in the callback. So what will tcp do at this time? Because in the three-way handshake, the third handshake is sent by the client, when the client sends the third handshake, it enters the completed connection state (established). At this time, the server has not received the packet of the third handshake. So the client sends the fin packet first. Then here comes the problem. Which of the fin packet sent by the client or the ack packet of the third handshake arrives at the server first affects the subsequent process. Here are two situations.

Ack for the third handshake comes first.

Fin package arrives first.

6 keep-alive

Tcp is not automatically disconnected by default and needs to be controlled by the caller. However, tcp has made some optimizations, that is, if there is no data transmission after a period of time, then tcp will send a probe packet. If no data has been transferred or the ack of the probe packet has not been received, the probe packet will be sent again every once in a while (the values of these two periods of time seem to be the same under window, but different under linux). Send it to a certain number of times without any movement, then send the reset package to the opposite side to disconnect.

After we see the three-way handshake, we do not transmit data, and tcp will keep sending probe packets. After reading the above, do you have any further understanding of how to use wireshark to analyze tcp? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.