• 使用ping命令获取IP地址

    image-1648033815187

    在过滤器中设置目标地址为182.92.187.217和http协议后可以得到数据

image-1648033826050

使用右键追踪tcp流后看到http协议上方有三条tcp连接,即为tcp3次握手

image-1648033832884

其中对于IP协议获取到的报文内容如下

image-1648033839443

Internet Protocol Version 4, Src: 192.168.1.108, Dst: 182.92.187.217
    0100 .... = Version: 4		//IP版本
    .... 0101 = Header Length: 20 bytes (5)		//首部长度
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)	服务类型
    Total Length: 474	//总长度
    Identification: 0xf3fe (62462)	//标识
    Flags: 0x40, Don't fragment		//标志	MF=0,DF=1
    ...0 0000 0000 0000 = Fragment Offset: 0	//片偏移
    Time to Live: 128		//TTL
    Protocol: TCP (6)		//TCP协议版本
    Header Checksum: 0x0000 [validation disabled]		//校验和
    [Header checksum status: Unverified]
    Source Address: 192.168.1.108				//源IP
    Destination Address: 182.92.187.217			//目的IP

TCP第一次握手:

image-1648033847216

Transmission Control Protocol, Src Port: 63627, Dst Port: 80, Seq: 4002316351, Len: 0
    Source Port: 63627							//源端口
    Destination Port: 80						//目的端口
    [Stream index: 713]		
    [Conversation completeness: Complete, WITH_DATA (63)]
    [TCP Segment Len: 0]
    Sequence Number: 4002316351					//seq序号
    [Next Sequence Number: 4002316352]
    Acknowledgment Number: 0					//ack确认号
    Acknowledgment number (raw): 0
    1000 .... = Header Length: 32 bytes (8)		//首部长度
    Flags: 0x002 (SYN)			//标志位
        000. .... .... = Reserved: Not set	
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set			//URG
        .... ...0 .... = Acknowledgment: Not set	//ACK
        .... .... 0... = Push: Not set				//PSH
        .... .... .0.. = Reset: Not set				//RST
        .... .... ..1. = Syn: Set					//SYN Set=1
        .... .... ...0 = Fin: Not set				//SYN
        [TCP Flags: ··········S·]
    Window: 64240									//窗口大小
    [Calculated window size: 64240]
    Checksum: 0x3471 [unverified]					//校验和
    [Checksum Status: Unverified]
    Urgent Pointer: 0								//紧急指针
    Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
        TCP Option - Maximum segment size: 1460 bytes
        TCP Option - No-Operation (NOP)
        TCP Option - Window scale: 8 (multiply by 256)
        TCP Option - No-Operation (NOP)
        TCP Option - No-Operation (NOP)
        TCP Option - SACK permitted
    [Timestamps]

可以看出,tcp第一次握手时,由客户端发送SYN包给服务器,将SYN为置1,序列号seq为4002316351

image-1648033857707

Transmission Control Protocol, Src Port: 80, Dst Port: 63627, Seq: 1438817122, Ack: 4002316352, Len: 0
    Source Port: 80
    Destination Port: 63627
    [Stream index: 713]
    [Conversation completeness: Complete, WITH_DATA (63)]
    [TCP Segment Len: 0]
    Sequence Number: 1438817122
    [Next Sequence Number: 1438817123]
    Acknowledgment Number: 4002316352
    1000 .... = Header Length: 32 bytes (8)
    Flags: 0x012 (SYN, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set	//ACK set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set				//SYN set
        .... .... ...0 = Fin: Not set
        [TCP Flags: ·······A··S·]
    Window: 29200
    [Calculated window size: 29200]
    Checksum: 0x6fea [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale
        TCP Option - Maximum segment size: 1440 bytes
        TCP Option - No-Operation (NOP)
        TCP Option - No-Operation (NOP)
        TCP Option - SACK permitted
        TCP Option - No-Operation (NOP)
        TCP Option - Window scale: 7 (multiply by 128)
    [Timestamps]
        [Time since first frame in this TCP stream: 0.029402000 seconds]
        [Time since previous frame in this TCP stream: 0.029402000 seconds]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 62653]
        [The RTT to ACK the segment was: 0.029402000 seconds]
        [iRTT: 0.029541000 seconds]

服务器接收到SYN包之后,会给客户端发送ACK+SYN包,将ACK和SYN置1,其中ack为第一次握手时的seq+1,即ack=4002316352,seq为随机数1438817122

TCP第三次握手时:

image-1648033867105

Transmission Control Protocol, Src Port: 63627, Dst Port: 80, Seq: 4002316352, Ack: 1438817123, Len: 0
    Source Port: 63627
    Destination Port: 80
    [Stream index: 713]
    [Conversation completeness: Complete, WITH_DATA (63)]
    [TCP Segment Len: 0]
    Sequence Number: 4002316352	
    [Next Sequence Number: 4002316352]
    Acknowledgment Number: 1438817123
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x010 (ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set		//ACK set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
        [TCP Flags: ·······A····]
    Window: 1029
    [Calculated window size: 263424]
    [Window size scaling factor: 256]
    Checksum: 0x3465 [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    [Timestamps]
    [SEQ/ACK analysis]

第三次握手,客户端给服务器发送ACK包,确认已经收到来自服务器的连接,ACK位置1

seq为第一次握手时发送的seq+1,即4002316352,ack为第二次握手时服务器发送给客户端的seq+1,即1438817123

SYN ACK seq ack
第一次握手(客户端到服务器) 1 0 4002316351 0
第二次握手(服务器到客户端) 1 1 1438817122 4002316352
第三次握手(客户端到服务器) 0 1 4002316352 1438817123

Q.E.D.