About the Wireshark grab bag thing.

About the Wireshark Grab bag thing.

Three-time handshake

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/72/82/wKioL1XlX13xlyMyAAFscNScy5c669.jpg "title=" Three-time handshake. png "alt=" wkiol1xlx13xlymyaafscnscy5c669.jpg "/>

172.18.254.177 for customers 111.13.2.158 as a service-side

1. Open actively. Send SYN, Negotiate window size ,TCP MSS seq=0 len=0 mss=1460 win=65535 Max window sizes

Client is syn_sent

Service side is syn_recv

2. received a syn. Reply to syn ack seq=0 ack=1=0+1 Confirm your maximum win=14480 mss=1460

Client is established

Service side is syn_recv

3. received a syn reply ack seq=1 ack=1=0+1 to this three times the handshake was successfully established.

Client is established

Service side is established

Four-time disconnection

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/82/wKioL1XlX2_AUT7YAAGbpSbjH5U362.jpg "title=" Four times disconnect. png "alt=" wkiol1xlx2_aut7yaagbpsbjh5u362.jpg "/>

1. active shutdown, send fin. seq=328

Service-side status is fin_wait1

Client status is closed_wait

2. client sends acknowledgment ACK ack=329=328+1

Service-side status is fin_wait2

3. client sends fin seq=133

Client status is last_ack

Service-side status is time_wait

4. server sends ACK ack=134=133+1

Client status closed

Service-side status closed

TCP segment of a reassembled PDU ( part of a TCP packet reorganization )

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/72/82/wKioL1XlYEHgbu_rAADSnbJx6ak656.jpg "title=" tcp Segment of reassembled pdu.png "alt=" Wkiol1xlyehgbu_raadsnbjx6ak656.jpg "/>

fragment of the packet. Acknum The same,

when the requested packet is greater than TCP MSS divides the data into multiple packets for transmission.

The TCP MSS size in the LAN is 1460=1500-20(IP header)-20( TCP Baotou)

TCP Window Update (tcp Windows Updates)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/85/wKiom1XlXhDxMUHlAADECH5jUi4021.jpg "title=" tcp Window Update.png "alt=" Wkiom1xlxhdxmuhlaadech5jui4021.jpg "/>

is a state in TCP communication, it can occur for a number of reasons, but ultimately due to the sender to transmit data faster than the receiver read data, which makes the receiver in the buffer must free a portion of the space to load the data sent, and then send to the sender Windows Update , telling the sender how much speed the data should be sent, so that the transmission and acceptance return to normal.

or aTCP Windowinto0the, or Close0the, this warns the data sender that there is no more room to accept more data..file transfer will stop, until you receive aUpdatesayBufferit's emptied..

TCP DUP ack (duplicate ack)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/82/wKioL1XlX7LRd2bpAAGTxqoAu84045.jpg "title=" TCP dup Ack.png "alt=" Wkiol1xlx7lrd2bpaagtxqoau84045.jpg "/>

indicates that the data segment is missing, 574 is the location of the data loss,#1 represents the loss once.

TCP Out-of-order

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/72/85/wKiom1XlXcCDqfqcAADCxhkH-Ys945.jpg "title=" TCP Out of order 1.png "alt=" Wkiom1xlxccdqfqcaadcxhkh-ys945.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/72/85/wKiom1XlXc-ie_uLAAG86whhBSI904.jpg "title=" TCP Out of order 2.png "alt=" Wkiom1xlxc-ie_ulaag86whhbsi904.jpg "/>

Due to the packet chaos received, it is possible that the network congestion or load sharing on the route, resulting in the packets sent after the first to achieve.

TCP restransmission retransmission

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/82/wKioL1XlYAHjxAxxAAQHFLqHGJ4246.jpg "title=" tcp Restransmission.png "alt=" Wkiol1xlyahjxaxxaaqhflqhgj4246.jpg "/>

The 167 Packet is a retransmission operation for the packet number packet, so the SEQ ack is the same,seq=2070 ack=6264

This article is from the "LIHONGWEIBJ" blog, make sure to keep this source http://lihongweibj.blog.51cto.com/6235038/1690518

About the Wireshark grab bag thing.