TCP protocol Analysis

First, the purpose of the experiment

1. Master the TCP protocol header format.

2. Master the serial number confirmation mechanism of the TCP protocol.

3. Master the traffic control mechanism of TCP protocol.

4. Learn protocol analysis software to send custom packet methods.

Second, the principle of experiment

The 1.TCP protocol is a protocol for connecting services and providing reliable data transfer, through which the packet analysis TCP establishes the connection, data transfer, and release connection to analyze the TCP protocol.

The 2.TCP protocol is a three-time handshake to establish a connection, the serial number and confirmation number to maintain the communication between the two, by sending the size of the window to control traffic.

3. Through multiple computers to establish a computer TCP connection, you can analyze the nature of traffic control.

Third, the experimental steps

1. In the Command Line window for host A with IP address 192.168.0.250, enter Telnet 218.65.113.46 to find that the connection is not on, because Port 23rd is not open. Open the browser of Host B with IP address 218.65.113.46 and host A's grab package software Irris, then enter Telnet 218.65.113.46 80 on Host a command line, filter TCP and 80,23 ports, capture TCP protocol packets, and analyze.

(1)

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/8B/8B/wKioL1hQ9q7yf2vxAACxk3b8RVw142.png-wh_500x0-wm_3 -wmp_4-s_2847223749.png "title=" 1.png "alt=" wkiol1hq9q7yf2vxaacxk3b8rvw142.png-wh_50 "style=" padding:0px;margin:0 Px;vertical-align:top;border:none; "/>

This is the first handshake: Host A with IP address 192.168.0.250 sends a connection request to host B with an IP address of 218.65.113.46, a randomly initializes its own serial number 50596762, the confirmation number is 0, initializes a receive window size of 16384, sends a SYN =1, at this time ack=0.

(2)

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/8B/8E/wKiom1hQ9uHDO6MqAABfhsE6bE4717.png-wh_500x0-wm_3 -wmp_4-s_4226300466.png "title=" 2.png "alt=" wkiom1hq9uhdo6mqaabfhse6be4717.png-wh_50 "style=" padding:0px;margin:0 Px;vertical-align:top;border:none; "/>

This is the second handshake: B randomly initializes its own serial number 804733534, the confirmation number is a first handshake sequence number plus 1 (expecting the other party to send the next data to the first byte of the number) to do confirmation, for 50596763, initialize B's receive window size, send Syn=1,ack.

(3)

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/8B/8B/wKioL1hQ9xnSVVJrAABUfY0Ej14199.png-wh_500x0-wm_3 -wmp_4-s_3256883829.png "title=" 3.png "alt=" wkiol1hq9xnsvvjraabufy0ej14199.png-wh_50 "style=" padding:0px;margin:0 Px;vertical-align:top;border:none; "/>

Third handshake: Host A to Host B confirmation, syn=0,ack=1, the serial number is the confirmation number of the previous frame, the confirmation number is B second handshake sequence number plus 1.

(4) Frame 4th to 9th.

Frames sent by host A to IP address 218.65.113.46 for host A with IP address 192.168.0.250

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/8B/8B/wKioL1hQ9yiAjj8iAAIP2nTO0RQ160.png-wh_500x0-wm_3 -wmp_4-s_4178598718.png "title=" 4.png "alt=" wkiol1hq9yiajj8iaaip2nto0rq160.png-wh_50 "style=" padding:0px;margin:0 Px;vertical-align:top;border:none; "/>

(5) The fifth frame is sent by B to a:

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8B/8E/wKiom1hQ9z7htqDPAABtyS0kFHc862.png-wh_500x0-wm_3 -wmp_4-s_4141299546.png "title=" 6.png "alt=" wkiom1hq9z7htqdpaabtys0kfhc862.png-wh_50 "style=" padding:0px;margin:0 Px;vertical-align:top;border:none; "/>

(7) Frame 7th or B is sent to a:

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8B/8E/wKiom1hQ91vjHZRtAAB9pZEXw2U473.png-wh_500x0-wm_3 -wmp_4-s_1468267978.png "title=" 7.png "alt=" wkiom1hq91vjhzrtaab9pzexw2u473.png-wh_50 "style=" padding:0px;margin:0 Px;vertical-align:top;border:none; "/>

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/8B/8E/wKiom1hQ95GRB_DCAAC615aa8Oc618.png-wh_500x0-wm_3 -wmp_4-s_540775724.png "title=" 8.png "alt=" wkiom1hq95grb_dcaac615aa8oc618.png-wh_50 "style=" padding:0px;margin:0 Px;vertical-align:top;border:none; "/>

(11) Due to the conditions of the grab bag, some special cases are not specifically listed to analyze.

The TCP protocol has a normal disconnect and an abnormally disconnected connection. An RST of 1 means that the connection is disconnected abnormally. The RST reset reset flag indicates that a critical error occurred in the TCP connection and that the connection must be forcibly released.

Note: In TCP, the confirmation number for the special message (syn=1,fin=1,rst=1) is added 1.

TCP protocol Analysis