Loading... <p><span style="font-size: 14px;font-family: 微软雅黑, sans-serif">在这里不得不再吐槽下国内整个IT粗糙浮躁,度娘下来的中文文档几尽抄袭~google下来的文档英文文档质量远高于国内中文文档.</span><span style="font-family: 微软雅黑, sans-serif;font-size: 14px">用ie或没有安装插件的浏览器访问,不然可能会有其它访问请求数据干扰分析</span></p> <h1><strong><span>IP</span></strong><strong><span style="font-size:18px;line-height:173%;font-family:宋体;color:#CC0000;font-weight:normal">数据包结构</span></strong></h1> <p><img src="//cto.wang/usr/uploads/2016/07/20160703160045-5.gif" title="1429095120137639.gif" alt="a.gif" /></p> <h1><strong><span>TCP</span></strong><strong><span style="font-size:18px;line-height:173%;font-family:宋体;color:#CC0000;font-weight:normal">数据包结构</span></strong></h1> <p><img src="//cto.wang/usr/uploads/2016/07/20160703160045-29.gif" title="1429095132114015.gif" alt="b.gif" /></p> <p><strong><span>// tcpdump需root权限</span></strong></p> <pre class="brush:bash;toolbar:false"># tcpdump -x -i eth1 ip host 58.246.240.122 or 58.246.3.218</pre> <pre class="brush:bash;toolbar:false">tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes</pre> <p><strong><em><span>//tcpdump</span></em></strong><strong><em><span>软件参数输出</span></em></strong></p> <p><strong><em><span> </span></em></strong><strong><em><span>用-v 或 –vv可以提到更详细的输出</span></em></strong></p> <p><strong><em><span> </span></em></strong><strong><em><span>监听在eth1端口,ethernet网络,最大可抓取65535 bytes</span></em></strong></p> <pre class="brush:bash;toolbar:false">19:49:24.580582 IP 58.246.240.122.53784 > 112.124.45.184.http: Flags [S], seq 592474217, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0</pre> <p><strong><em><span style="color:red">//</span></em></strong><strong><em><span style="font-family:宋体;color:red">第一次握手</span></em></strong></p> <p><strong><em><span style="color:red">//SERVER: TCP LISTEN</span></em></strong><strong><em><span style="font-family:宋体;color:red">状态</span><span style="color:red"> CLIENT:TCP LISTEN</span></em></strong><strong><em><span style="font-family:宋体;color:red">状态</span></em></strong></p> <p><strong><em><span>//19:49:24(</span></em></strong><strong><em><span>秒).580582(微秒) IP src.port > dst.port: Flags[s],seq序列号,win属性,tcp 选项[~~~]长度为0,即没有数据传输</span></em></strong></p> <p><strong><em><span>//19:49:24.580582,</span></em></strong><strong><em><span>源ip为58.246.240.122的53784端口向112.124.45.184的(80端口)http服务发起SYN请求,序列号为592474217,并告诉http服务器我将发送的最大请求字节数为8192,没有数据输出</span></em></strong></p> <p><strong><em><span>//</span></em></strong><strong><em><span>这是一个空包,只包括IP头和TCP头</span></em></strong></p> <hr /> <p><strong><em><span> </span></em>0x0000: 4500 0034 35a9 4000 3406 4776 3af6 f07a</strong></p> <table cellspacing="0" cellpadding="0" width="449"> <tbody> <tr style="height:111px" class="firstRow"> <td width="60" valign="top" style="border-color: windowtext;border-width: 1px;padding: 0px 7px" height="111"> <p style="text-indent: 0em"><span style="font-size: 14px">4500</span></p> </td> <td width="389" valign="top" style="border-top-color: windowtext;border-right-color: windowtext;border-bottom-color: windowtext;border-top-width: 1px;border-right-width: 1px;border-bottom-width: 1px;border-left-style: none;padding: 0px 7px" height="111"> <p style="text-indent: 0em"><span style="font-size: 14px">4 – IP<span style="font-size: 14px;font-family: 宋体">版本号</span>IPV4</span></p> <p style="text-indent: 0em"><span style="font-size: 14px">5 – IP<span style="font-size: 14px;font-family: 宋体">包头长度</span>,5<span style="font-size: 14px;font-family: 宋体">个</span>32<span style="font-size: 14px;font-family: 宋体">字节</span></span></p> <p style="text-indent: 0em"><span style="font-size: 14px">00 – TOS (000 0000 0)<span style="font-size: 14px;font-family: 宋体">前三个</span>BIT<span style="font-size: 14px;font-family: 宋体">优先权,现已忽略;</span>4 bit<span style="font-size: 14px;font-family: 宋体">的</span>TOS<span style="font-size: 14px;font-family: 宋体">分别代表</span>:<span style="font-size: 14px;font-family: 宋体">最小时延、最大吞吐量、最高可靠性和最小费用,</span> <span style="font-size: 14px;font-family: 宋体">均为</span>0<span style="font-size: 14px;font-family: 宋体">表示一般服务;最后</span>1BIT<span style="font-size: 14px;font-family: 宋体">未用</span></span></p> </td> </tr> <tr style="height:23px"> <td width="60" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px">0034</span></p> </td> <td width="389" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px"><span style="font-size: 14px;font-family: 宋体">总长度</span>,48<span style="font-size: 14px;font-family: 宋体">字节</span></span></p> </td> </tr> <tr style="height:21px"> <td width="60" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="21"> <p style="text-indent: 0em"><span style="font-size: 14px">35a9</span></p> </td> <td width="389" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="21"> <p style="text-indent: 0em"><span style="font-family: 宋体;font-size: 14px">包唯一标识</span></p> </td> </tr> <tr style="height:23px"> <td width="60" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px">4000</span></p> </td> <td width="389" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px"><span style="font-size: 14px;font-family: 宋体">标志字段</span>,<span style="font-size: 14px;font-family: 宋体">和片偏移</span>,<span style="font-size: 14px;font-family: 宋体">用于分片</span></span></p> </td> </tr> <tr style="height:23px"> <td width="60" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px">3406</span></p> </td> <td width="389" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px">34 – TTL(128) Time To Live</span></p> <p style="text-indent: 0em"><span style="font-size: 14px">06 – tcp<span style="font-size: 14px;font-family: 宋体">协议</span></span></p> </td> </tr> <tr style="height:23px"> <td width="60" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px">4776</span></p> </td> <td width="389" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px">MAC</span></p> </td> </tr> <tr style="height:23px"> <td width="60" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px">3af6 f07a</span></p> </td> <td width="389" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="23"> <p style="text-indent: 0em"><span style="font-size: 14px">Src ip,<span style="font-size: 14px;font-family: 宋体">会</span>c<span style="font-size: 14px;font-family: 宋体">的同学可以用</span><span>inet_ntoa</span><span>函数转转看</span></span></p> </td> </tr> </tbody> </table> <hr /> <p><span></span><strong>0x0010: 707c 2db8 d218 0050 2350 7069 0000 0000</strong></p> <table cellspacing="0" cellpadding="0"> <tbody> <tr style="height:21px" class="firstRow"> <td width="86" valign="top" style="border-color: windowtext;border-width: 1px;padding: 0px 7px" height="21"> <p><span style="font-size: 14px">707c 2db8</span></p> </td> <td width="347" valign="top" style="border-top-color: windowtext;border-right-color: windowtext;border-bottom-color: windowtext;border-top-width: 1px;border-right-width: 1px;border-bottom-width: 1px;border-left-style: none;padding: 0px 7px" height="21"> <p><span style="font-size: 14px">Det ip</span></p> </td> </tr> <tr style="height:22px"> <td width="86" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="22"> <p><span style="font-size: 14px">2db8</span></p> </td> <td width="347" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="22"> <p><span style="font-size: 14px"><span style="font-size: 14px;font-family: 宋体">源端口</span> <span style="font-size: 14px;font-family: 宋体">转换为</span>10<span style="font-size: 14px;font-family: 宋体">进制为</span> 53784</span></p> </td> </tr> <tr style="height:22px"> <td width="86" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="22"> <p><span style="font-size: 14px">0050</span></p> </td> <td width="347" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="22"> <p><span style="font-size: 14px"><span style="font-size: 14px;font-family: 宋体">目的端口</span> <span style="font-size: 14px;font-family: 宋体">转换为</span>10<span style="font-size: 14px;font-family: 宋体">进制为</span> 80</span></p> </td> </tr> <tr style="height:22px"> <td width="86" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="22"> <p><span style="font-size: 14px">2350 7069</span></p> </td> <td width="347" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="22"> <p><span style="font-size: 14px"><span style="font-size: 14px;font-family: 宋体">包序列号</span>,<span style="font-size: 14px;font-family: 宋体">转换为</span>10<span style="font-size: 14px;font-family: 宋体">进制为</span> 592474217</span></p> </td> </tr> <tr style="height:22px"> <td width="86" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="22"> <p><span style="font-size: 14px">0000 0000</span></p> </td> <td width="347" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="22"> <p><span style="font-size: 14px"><span>确认序号,</span><span>0</span><span>,未设置</span><span>ACK</span><span>,确认序号无效</span></span></p> </td> </tr> </tbody> </table> <hr /> <p>0x0020: 8002 2000 1f4f 0000 0204 05b4 0103 0302</p> <table cellspacing="0" cellpadding="0" width="441"> <tbody> <tr style="height:26px" class="firstRow"> <td width="91" valign="top" style="border-color: windowtext;border-width: 1px;padding: 0px 7px" height="26"> <p><span style="font-size: 14px">8002</span></p> </td> <td width="351" valign="top" style="border-top-color: windowtext;border-right-color: windowtext;border-bottom-color: windowtext;border-top-width: 1px;border-right-width: 1px;border-bottom-width: 1px;border-left-style: none;padding: 0px 7px" height="26"> <p><span style="font-size: 14px"><span>TCP</span><span>包头长度,标志位。(</span><span>1000 000000 000010</span><span>)前</span><span>4bitTCP</span><span>长度</span><span>8</span><span>个</span><span>32BIT</span><span>,中间</span><span>6bit</span><span>保留,后</span><span>6bit</span><span>为标志位(</span><span>URG, ACK</span><span>,</span><span>PSH</span><span>,</span><span> RST</span><span>,</span><span> SYN</span><span>,</span><span> FIN</span><span>),可以看出设置了倒数第二位,</span><span>SYN</span><span>位</span></span></p> </td> </tr> <tr style="height:25px"> <td width="91" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="25"> <p><span style="font-size: 14px">2000</span></p> </td> <td width="351" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="25"> <p><span style="font-size: 14px"><span style="font-size: 14px;font-family: 宋体">窗口大小</span> ,10<span style="font-size: 14px;font-family: 宋体">进制</span> 8192</span></p> </td> </tr> <tr style="height:26px"> <td width="91" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="26"> <p><span style="font-size: 14px">1f4f</span></p> </td> <td width="351" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="26"> <p><span style="font-size: 14px"><span>校验和,覆盖了整个的</span><span> T C P</span><span>报文段</span><span>: T C P</span><span>首部和</span><span>T C P</span><span>数据</span></span></p> </td> </tr> <tr style="height:26px"> <td width="91" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="26"> <p><span style="font-size: 14px">0000</span></p> </td> <td width="351" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="26"> <p><span style="font-size: 14px"><span>紧急指针,</span> <span>只有当</span><span>URG</span><span>标志置</span><span>1</span><span>时紧急指针才有效</span></span></p> </td> </tr> <tr style="height:26px"> <td width="91" valign="top" style="border-right-color: windowtext;border-bottom-color: windowtext;border-left-color: windowtext;border-right-width: 1px;border-bottom-width: 1px;border-left-width: 1px;border-top-style: none;padding: 0px 7px" height="26"> <p><span style="font-size: 14px">0204 05b4 0103 0302</span></p> </td> <td width="351" valign="top" style="border-top-style: none;border-left-style: none;border-bottom-color: windowtext;border-bottom-width: 1px;border-right-color: windowtext;border-right-width: 1px;padding: 0px 7px" height="26"> <p><span style="font-size: 14px"><span>选项字段,</span><span>8</span><span>个字节</span></span></p> </td> </tr> </tbody> </table> <hr /> <p><strong>0x0030: 0101 0402</strong></p> <table cellspacing="0" cellpadding="0"> <tbody> <tr style="height:28px" class="firstRow"> <td width="121" valign="top" style="border-color: windowtext;border-width: 1px;padding: 0px 7px" height="28"> <p><span style="font-size: 14px">0101 0402</span></p> </td> <td width="327" valign="top" style="border-top-color: windowtext;border-right-color: windowtext;border-bottom-color: windowtext;border-top-width: 1px;border-right-width: 1px;border-bottom-width: 1px;border-left-style: none;padding: 0px 7px" height="28"> <p><span style="font-family: 宋体;font-size: 14px">用户数据</span></p> </td> </tr> </tbody> </table> <pre class="brush:bash;toolbar:false">19:49:24.580613 IP 112.124.45.184.http > 58.246.240.122.53784: Flags [S.], seq 3820056301, ack 592474218, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0</pre> <p><strong><em><span style="color:red">//</span></em></strong><strong><em><span style="font-family:宋体;color:red">第二次握手</span></em></strong></p> <p><strong><em><span style="color:red">//19:49:24.580613 112.124.45.184 webserver</span></em></strong><strong><em><span style="font-family:宋体;color:red">确认收到序列号为</span><span style="color:red">592474217</span></em></strong><strong><em><span style="font-family:宋体;color:red">并对序列号</span><span style="color:red">+1=592474218,</span></em></strong><strong><em><span style="font-family:宋体;color:red">并发出序列号为</span><span style="color:red">3820056301</span></em></strong><strong><em><span style="font-family:宋体;color:red">的请求</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0034 0000 4000 4006 711f 707c 2db8</span></p> <p><span style="font-size: 14px"> 0x0010: 3af6 f07a 0050 d218 e3b1 6eed 2350 706a</span></p> <p><span style="font-size: 14px"> 0x0020: 8012 3908 b391 0000 0204 05b4 0101 0402</span></p> <p><span style="font-size: 14px"> 0x0030: 0103 0307</span></p> <pre class="brush:bash;toolbar:false">19:49:24.639829 IP 58.246.240.122.53784 > 112.124.45.184.http: Flags [.], ack 1, win 16425, length 0</pre> <p><strong><em><span style="color:red">//</span></em></strong><strong><em><span style="font-family:宋体;color:red">第三次握手</span><span style="color:red">,</span></em></strong><strong><em><span style="font-family:宋体;color:red;background:lime;background:lime">到此经典的三次握手结束</span></em></strong></p> <p><strong><em><span style="color:red">//19:49:24.639829 58.246.240.122</span></em></strong><strong><em><span style="font-family:宋体;color:red">从</span><span style="color:red">53784</span></em></strong><strong><em><span style="font-family:宋体;color:red">端口向</span><span style="color:red">112.124.45.184</span></em></strong><strong><em><span style="font-family:宋体;color:red">回应一个</span><span style="color:red">ack,length=0,</span></em></strong><strong><em><span style="font-family:宋体;color:red">没有任何数据传输</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0028 35ab 4000 3406 4780 3af6 f07a</span></p> <p><span style="font-size: 14px"> 0x0010: 707c 2db8 d218 0050 2350 706a e3b1 6eee</span></p> <p><span style="font-size: 14px"> 0x0020: 5010 4029 ed42 0000</span></p> <pre class="brush:bash;toolbar:false">19:49:24.640197 IP 58.246.240.122.53784 > 112.124.45.184.http: Flags [P.], seq 1:541, ack 1, win 16425, length 540</pre> <p><strong><em><span style="color:red">//19:49:24.640197 client</span></em></strong><strong><em><span style="font-family:宋体;color:red">回应一条</span><span style="color:red">ack</span></em></strong><strong><em><span style="font-family:宋体;color:red">并</span><span style="color:red">PUSH</span></em></strong><strong><em><span style="font-family:宋体;color:red">一条长为</span><span style="color:red">540</span></em></strong><strong><em><span style="font-family:宋体;color:red">字节的请求</span><span style="color:red">,seq</span></em></strong><strong><em><span style="font-family:宋体;color:red">由</span><span style="color:red">1->541,win</span></em></strong><strong><em><span style="font-family:宋体;color:red">窗口大小为</span><span style="color:red">16425</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0244 35ac 4000 3406 4563 3af6 f07a</span></p> <p><span style="font-size: 14px"> 0x0010: 707c 2db8 d218 0050 2350 706a e3b1 6eee</span></p> <p><span style="font-size: 14px"> 0x0020: 5018 4029 81e2 0000 4745 5420 2f69 6e64</span></p> <p><span style="font-size: 14px"> 0x0030: 6578 2e70 6870 2048 5454 502f 312e 310d</span></p> <p><span style="font-size: 14px"> 0x0040: 0a41 6363 6570 743a 2061 7070 6c69 6361</span></p> <p><span style="font-size: 14px"> 0x0050: 7469 6f6e 2f78 2d6d 732d 6170 706c 6963</span></p> <p><span style="font-size: 14px"> 0x0060: 6174 696f 6e2c 2069 6d61 6765 2f6a 7065</span></p> <p><span style="font-size: 14px"> 0x0070: 672c 2061 7070 6c69 6361 7469 6f6e 2f78</span></p> <p><span style="font-size: 14px"> 0x0080: 616d 6c2b 786d 6c2c 2069 6d61 6765 2f67</span></p> <p><span style="font-size: 14px"> 0x0090: 6966 2c20 696d 6167 652f 706a 7065 672c</span></p> <p><span style="font-size: 14px"> 0x00a0: 2061 7070 6c69 6361 7469 6f6e 2f78 2d6d</span></p> <p><span style="font-size: 14px"> 0x00b0: 732d 7862 6170 2c20 6170 706c 6963 6174</span></p> <p><span style="font-size: 14px"> 0x00c0: 696f 6e2f 766e 642e 6d73 2d65 7863 656c</span></p> <p><span style="font-size: 14px"> 0x00d0: 2c20 6170 706c 6963 6174 696f 6e2f 766e</span></p> <p><span style="font-size: 14px"> 0x00e0: 642e 6d73 2d70 6f77 6572 706f 696e 742c</span></p> <p><span style="font-size: 14px"> 0x00f0: 2061 7070 6c69 6361 7469 6f6e 2f6d 7377</span></p> <p><span style="font-size: 14px"> 0x0100: 6f72 642c 202a 2f2a 0d0a 4163 6365 7074</span></p> <p><span style="font-size: 14px"> 0x0110: 2d4c 616e 6775 6167 653a 207a 682d 434e</span></p> <p><span style="font-size: 14px"> 0x0120: 0d0a 5573 6572 2d41 6765 6e74 3a20 4d6f</span></p> <p><span style="font-size: 14px"> 0x0130: 7a69 6c6c 612f 342e 3020 2863 6f6d 7061</span></p> <p><span style="font-size: 14px"> 0x0140: 7469 626c 653b 204d 5349 4520 382e 303b</span></p> <p><span style="font-size: 14px"> 0x0150: 2057 696e 646f 7773 204e 5420 362e 313b</span></p> <p><span style="font-size: 14px"> 0x0160: 2057 4f57 3634 3b20 5472 6964 656e 742f</span></p> <p><span style="font-size: 14px"> 0x0170: 342e 303b 2053 4c43 4332 3b20 2e4e 4554</span></p> <p><span style="font-size: 14px"> 0x0180: 2043 4c52 2032 2e30 2e35 3037 3237 3b20</span></p> <p><span style="font-size: 14px"> 0x0190: 2e4e 4554 2043 4c52 2033 2e35 2e33 3037</span></p> <p><span style="font-size: 14px"> 0x01a0: 3239 3b20 2e4e 4554 2043 4c52 2033 2e30</span></p> <p><span style="font-size: 14px"> 0x01b0: 2e33 3037 3239 3b20 4d65 6469 6120 4365</span></p> <p><span style="font-size: 14px"> 0x01c0: 6e74 6572 2050 4320 362e 303b 202e 4e45</span></p> <p><span style="font-size: 14px"> 0x01d0: 5434 2e30 433b 202e 4e45 5434 2e30 453b</span></p> <p><span style="font-size: 14px"> 0x01e0: 2049 6e66 6f50 6174 682e 3329 0d0a 4163</span></p> <p><span style="font-size: 14px"> 0x01f0: 6365 7074 2d45 6e63 6f64 696e 673a 2067</span></p> <p><span style="font-size: 14px"> 0x0200: 7a69 702c 2064 6566 6c61 7465 0d0a 486f</span></p> <p><span style="font-size: 14px"> 0x0210: 7374 3a20 6f70 7469 6d69 7a65 2e70 6961</span></p> <p><span style="font-size: 14px"> 0x0220: 6f74 6169 2e63 6f6d 0d0a 436f 6e6e 6563</span></p> <p><span style="font-size: 14px"> 0x0230: 7469 6f6e 3a20 4b65 6570 2d41 6c69 7665</span></p> <p><span style="font-size: 14px"> 0x0240: 0d0a 0d0a</span></p> <pre class="brush:bash;toolbar:false">19:49:24.640212 IP 112.124.45.184.http > 58.246.240.122.53784: Flags [.], ack 541, win 123, length 0</pre> <p><strong><em><span style="color:red">//server</span></em></strong><strong><em><span style="font-family:宋体;color:red">回应一条</span><span style="color:red">seq</span></em></strong><strong><em><span style="font-family:宋体;color:red">号为</span><span style="color:red">541</span></em></strong><strong><em><span style="font-family:宋体;color:red">的确认信息</span><span style="color:red">,win </span></em></strong><strong><em><span style="font-family:宋体;color:red">窗口大小为</span><span style="color:red">123,</span></em></strong><strong><em><span style="font-family:宋体;color:red">无数据传输</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0028 fc98 4000 4006 7492 707c 2db8</span></p> <p><span style="font-size: 14px"> 0x0010: 3af6 f07a 0050 d218 e3b1 6eee 2350 7286</span></p> <p><span style="font-size: 14px"> 0x0020: 5010 007b 2ad5 0000</span></p> <pre class="brush:bash;toolbar:false">19:49:24.640863 IP 112.124.45.184.http > 58.246.240.122.53784: Flags [P.], seq 1:241, ack 541, win 123, length 240</pre> <p><strong><em><span style="color:red">//server</span></em></strong><strong><em><span style="font-family:宋体;color:red">应答</span><span style="color:red">client,</span></em></strong><strong><em><span style="font-family:宋体;color:red">并向</span><span style="color:red">client PUSH</span></em></strong><strong><em><span style="font-family:宋体;color:red">一条长度为</span><span style="color:red">240</span></em></strong><strong><em><span style="font-family:宋体;color:red">字节的请求</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0118 fc99 4000 4006 73a1 707c 2db8</span></p> <p><span style="font-size: 14px"> 0x0010: 3af6 f07a 0050 d218 e3b1 6eee 2350 7286</span></p> <p><span style="font-size: 14px"> 0x0020: 5018 007b caaf 0000 4854 5450 2f31 2e31</span></p> <p><span style="font-size: 14px"> 0x0030: 2032 3030 204f 4b0d 0a53 6572 7665 723a</span></p> <p><span style="font-size: 14px"> 0x0040: 206e 6769 6e78 0d0a 4461 7465 3a20 5361</span></p> <p><span style="font-size: 14px"> 0x0050: 742c 2031 3720 4a61 6e20 3230 3135 2031</span></p> <p><span style="font-size: 14px"> 0x0060: 313a 3439 3a32 3420 474d 540d 0a43 6f6e</span></p> <p><span style="font-size: 14px"> 0x0070: 7465 6e74 2d54 7970 653a 2074 6578 742f</span></p> <p><span style="font-size: 14px"> 0x0080: 6874 6d6c 0d0a 5472 616e 7366 6572 2d45</span></p> <p><span style="font-size: 14px"> 0x0090: 6e63 6f64 696e 673a 2063 6875 6e6b 6564</span></p> <p><span style="font-size: 14px"> 0x00a0: 0d0a 436f 6e6e 6563 7469 6f6e 3a20 6b65</span></p> <p><span style="font-size: 14px"> 0x00b0: 6570 2d61 6c69 7665 0d0a 582d 506f 7765</span></p> <p><span style="font-size: 14px"> 0x00c0: 7265 642d 4279 3a20 5048 502f 352e 342e</span></p> <p><span style="font-size: 14px"> 0x00d0: 3336 0d0a 436f 6e74 656e 742d 456e 636f</span></p> <p><span style="font-size: 14px"> 0x00e0: 6469 6e67 3a20 677a 6970 0d0a 0d0a 3166</span></p> <p><span style="font-size: 14px"> 0x00f0: 0d0a 1f8b 0800 0000 0000 0003 f34b 2cc9</span></p> <p><span style="font-size: 14px"> 0x0100: 2c4b 5508 f008 5004 002e 0f61 e60b 0000</span></p> <p><span style="font-size: 14px"> 0x0110: 000d 0a30 0d0a 0d0a</span></p> <pre class="brush:bash;toolbar:false">19:49:24.899320 IP 112.124.45.184.http > 58.246.240.122.53784: Flags [P.], seq 1:241, ack 541, win 123, length 240</pre> <p><strong><em><span style="color:red">//</span></em></strong><strong><em><span style="font-family:宋体;color:red">这里不确认什么原因重复</span><span style="color:red">PUSH</span></em></strong><strong><em><span style="font-family:宋体;color:red">了一次数据</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0118 fc9a 4000 4006 73a0 707c 2db8</span></p> <p><span style="font-size: 14px"> 0x0010: 3af6 f07a 0050 d218 e3b1 6eee 2350 7286</span></p> <p><span style="font-size: 14px"> 0x0020: 5018 007b caaf 0000 4854 5450 2f31 2e31</span></p> <p><span style="font-size: 14px"> 0x0030: 2032 3030 204f 4b0d 0a53 6572 7665 723a</span></p> <p><span style="font-size: 14px"> 0x0040: 206e 6769 6e78 0d0a 4461 7465 3a20 5361</span></p> <p><span style="font-size: 14px"> 0x0050: 742c 2031 3720 4a61 6e20 3230 3135 2031</span></p> <p><span style="font-size: 14px"> 0x0060: 313a 3439 3a32 3420 474d 540d 0a43 6f6e</span></p> <p><span style="font-size: 14px"> 0x0070: 7465 6e74 2d54 7970 653a 2074 6578 742f</span></p> <p><span style="font-size: 14px"> 0x0080: 6874 6d6c 0d0a 5472 616e 7366 6572 2d45</span></p> <p><span style="font-size: 14px"> 0x0090: 6e63 6f64 696e 673a 2063 6875 6e6b 6564</span></p> <p><span style="font-size: 14px"> 0x00a0: 0d0a 436f 6e6e 6563 7469 6f6e 3a20 6b65</span></p> <p><span style="font-size: 14px"> 0x00b0: 6570 2d61 6c69 7665 0d0a 582d 506f 7765</span></p> <p><span style="font-size: 14px"> 0x00c0: 7265 642d 4279 3a20 5048 502f 352e 342e</span></p> <p><span style="font-size: 14px"> 0x00d0: 3336 0d0a 436f 6e74 656e 742d 456e 636f</span></p> <p><span style="font-size: 14px"> 0x00e0: 6469 6e67 3a20 677a 6970 0d0a 0d0a 3166</span></p> <p><span style="font-size: 14px"> 0x00f0: 0d0a 1f8b 0800 0000 0000 0003 f34b 2cc9</span></p> <p><span style="font-size: 14px"> 0x0100: 2c4b 5508 f008 5004 002e 0f61 e60b 0000</span></p> <p><span style="font-size: 14px"> 0x0110: 000d 0a30 0d0a 0d0a</span></p> <pre class="brush:bash;toolbar:false">19:49:24.902210 IP 58.246.240.122.53784 > 112.124.45.184.http: Flags [.], ack 241, win 16365, length 0</pre> <p><strong><em><span style="color:red">//client</span></em></strong><strong><em><span style="font-family:宋体;color:red">回应</span><span style="color:red">server</span></em></strong><strong><em><span style="font-family:宋体;color:red">一个确认请求表示数据收到</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0028 35b3 4000 3406 4778 3af6 f07a</span></p> <p><span style="font-size: 14px"> 0x0010: 707c 2db8 d218 0050 2350 7286 e3b1 6fde</span></p> <p><span style="font-size: 14px"> 0x0020: 5010 3fed ea72 0000</span></p> <pre class="brush:bash;toolbar:false">19:49:24.956904 IP 58.246.240.122.53784 > 112.124.45.184.http: Flags [.], ack 241, win 16365, options [nop,nop,sack 1 {1:241}], length 0</pre> <p><strong><em><span style="color:red">//</span></em></strong><strong><em><span style="font-family:宋体;color:red">因为</span><span style="color:red">server</span></em></strong><strong><em><span style="font-family:宋体;color:red">不明原因的多回复了一条应答</span><span style="color:red">,client</span></em></strong><strong><em><span style="font-family:宋体;color:red">这里也再次回复</span><span style="color:red">server ack</span></em></strong><strong><em><span style="font-family:宋体;color:red">请求</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0034 35b4 4000 3406 476b 3af6 f07a</span></p> <p><span style="font-size: 14px"> 0x0010: 707c 2db8 d218 0050 2350 7286 e3b1 6fde</span></p> <p><span style="font-size: 14px"> 0x0020: 8010 3fed 0e2b 0000 0101 050a e3b1 6eee</span></p> <p><span style="font-size: 14px"> 0x0030: e3b1 6fde</span></p> <pre class="brush:bash;toolbar:false">19:49:26.682065 IP 112.124.45.184.http > 58.246.240.122.53594: Flags [F.], seq 2650770207, ack 934373505, win 123, length 0</pre> <p><strong><em><span style="color:red;background:lime;background:lime">//</span></em></strong><strong><em><span style="font-family:宋体;color:red;background:lime;background:lime">第一次挥手</span></em></strong></p> <p><strong><em><span style="color:red">//server</span></em></strong><strong><em><span style="font-family:宋体;color:red">回复应答信息并发起</span><span style="color:red">seq</span></em></strong><strong><em><span style="font-family:宋体;color:red">为</span><span style="color:red">2650770207</span></em></strong><strong><em><span style="font-family:宋体;color:red">的</span><span style="color:red">FIN</span></em></strong><strong><em><span style="font-family:宋体;color:red">信息</span></em></strong></p> <p><strong><em><span style="color:red;background:lime;background:lime">//server</span></em></strong><strong><em><span style="font-family:宋体;color:red;background:lime;background:lime">端</span><span style="color:red;background:lime;background:lime">TCP</span></em></strong><strong><em><span style="font-family:宋体;color:red;background:lime;background:lime">的状态改变为</span><span style="color:red;background:lime;background:lime">TIME_WAIT</span></em></strong><strong><em><span style="font-family:宋体;color:red;background:lime;background:lime">状态</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0028 608c 4000 4006 109f 707c 2db8</span></p> <p><span style="font-size: 14px"> 0x0010: 3af6 f07a 0050 d15a 9dff 8b1f 37b1 6881</span></p> <p><span style="font-size: 14px"> 0x0020: 5011 007b 4ab7 0000</span></p> <pre class="brush:bash;toolbar:false">19:49:26.736671 IP 58.246.240.122.53594 > 112.124.45.184.http: Flags [.], ack 1, win 16365, length 0</pre> <p><strong><em><span style="color:red;background:lime;background:lime">//</span></em></strong><strong><em><span style="font-family:宋体;color:red;background:lime;background:lime">第二次挥手</span></em></strong></p> <p><strong><em><span style="color:red">//client</span></em></strong><strong><em><span style="font-family:宋体;color:red">回复应答信息</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0028 35bc 4000 3406 476f 3af6 f07a</span></p> <p><span style="font-size: 14px"> 0x0010: 707c 2db8 d15a 0050 37b1 6881 9dff 8b20</span></p> <p><span style="font-size: 14px"> 0x0020: 5010 3fed 0b45 0000</span></p> <pre class="brush:bash;toolbar:false">19:49:54.529939 IP 112.124.45.184.http > 58.246.240.122.53716: Flags [F.], seq 1644452284, ack 3778482049, win 123, length 0</pre> <p><strong><em><span style="color:red">//server</span></em></strong><strong><em><span style="font-family:宋体;color:red">第二次发起一条</span><span style="color:red">FIN</span></em></strong><strong><em><span style="font-family:宋体;color:red">断开请求的需求</span></em></strong></p> <p> <span style="font-size: 14px"> 0x0000: 4500 0028 0faf 4000 4006 617c 707c 2db8</span></p> <p><span style="font-size: 14px"> 0x0010: 3af6 f07a 0050 d1d4 6204 59bc e137 0f81</span></p> <p><span style="font-size: 14px"> 0x0020: 5011 007b 6715 0000</span></p> <pre class="brush:bash;toolbar:false">19:49:54.586707 IP 58.246.240.122.53716 > 112.124.45.184.http: Flags [.], ack 1, win 16365, length 0</pre> <p><strong><em><span style="color:red">//client</span></em></strong><strong><em><span style="font-family:宋体;color:red">应答表示收到</span><span style="color:red">FIN</span></em></strong><strong><em><span style="font-family:宋体;color:red">的断开信息</span></em></strong></p> <p><span style="font-size: 14px"> 0x0000: 4500 0028 3667 4000 3406 46c4 3af6 f07a</span></p> <p><span style="font-size: 14px"> 0x0010: 707c 2db8 d1d4 0050 e137 0f81 6204 59bd</span></p> <p><span style="font-size: 14px"> 0x0020: 5010 3fed 27a3 0000</span></p> <pre class="brush:bash;toolbar:false">19:50:09.641734 IP 112.124.45.184.http > 58.246.240.122.53784: Flags [F.], seq 241, ack 541, win 123, length 0</pre> <p><strong><em><span style="color:red">//server</span></em></strong><strong><em><span style="font-family:宋体;color:red">第三次发起一条</span><span style="color:red">FIN</span></em></strong><strong><em><span style="font-family:宋体;color:red">断开请求的需求</span></em></strong></p> <p><span style="font-size: 14px"> 0x0000: 4500 0028 fc9b 4000 4006 748f 707c 2db8</span></p> <p><span style="font-size: 14px"> 0x0010: 3af6 f07a 0050 d218 e3b1 6fde 2350 7286</span></p> <p><span style="font-size: 14px"> 0x0020: 5011 007b 29e4 0000</span></p> <pre class="brush:bash;toolbar:false">19:50:09.699854 IP 58.246.240.122.53784 > 112.124.45.184.http: Flags [.], ack 242, win 16365, length 0</pre> <p><strong><em><span style="color:red">//client</span></em></strong><strong><em><span style="font-family:宋体;color:red">第二次应答表示收到</span><span style="color:red">FIN</span></em></strong><strong><em><span style="font-family:宋体;color:red">的断开信息</span></em></strong></p> <p><span style="font-size: 14px"> 0x0000: 4500 0028 36f6 4000 3406 4635 3af6 f07a</span></p> <p><span style="font-size: 14px"> 0x0010: 707c 2db8 d218 0050 2350 7286 e3b1 6fdf</span></p> <p><span style="font-size: 14px"> 0x0020: 5010 3fed ea71 0000</span></p> <pre class="brush:bash;toolbar:false">19:50:09.702809 IP 58.246.240.122.53784 > 112.124.45.184.http: Flags [R.], seq 541, ack 242, win 0, length 0</pre> <p><strong><em><span style="color:red">//client</span></em></strong><strong><em><span style="font-family:宋体;color:red">表示领会到</span><span style="color:red">server</span></em></strong><strong><em><span style="font-family:宋体;color:red">的意思</span><span style="color:red">,</span></em></strong><strong><em><span style="font-family:宋体;color:red">发送</span><span style="color:red">RESET</span></em></strong><strong><em><span style="font-family:宋体;color:red">次应答表示收到</span><span style="color:red">RESET</span></em></strong><strong><em><span style="font-family:宋体;color:red">并立即主动关闭请求</span></em></strong> </p> <p><span style="font-size: 14px"> 0x0000: 4500 0028 36f7 4000 3406 4634 3af6 f07a</span></p> <p><span style="font-size: 14px"> 0x0010: 707c 2db8 d218 0050 2350 7286 e3b1 6fdf</span></p> <p><span style="font-size: 14px"> 0x0020: 5014 0000 2a5b 0000</span></p> <p><span style="font-size: 14px">//<span style="font-family: 宋体">本次的请求</span>4<span style="font-family: 宋体">次挥手不大正常</span>,<span style="font-family: 宋体">在本次请求中会发现</span>client<span style="font-family: 宋体">没有发送</span>FIN<span style="font-family: 宋体">请求在收到多次服务器请求后就直接关闭连接发送</span>RESET</span></p> <p><span style="font-size: 14px">//<span style="font-size: 14px;font-family: 宋体">有可能是公司内部网络问题</span></span></p> <p><span style="font-size: 14px"><span style="font-size: 14px;font-family: 宋体">一次正常的挥手数据请求应该是这样的</span>,</span></p> <p><img src="//cto.wang/usr/uploads/2016/07/20160703160045-43.png" title="1429099285108709.png" alt="c.png" /></p> <p></p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信