About the Wireshark Grab bag thing.
Three-time handshake
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/72/82/wKioL1XlX13xlyMyAAFscNScy5c669.jpg "title=" Three-time handshake. png "alt=" wkiol1xlx13xlymyaafscnscy5c669.jpg "/>
172.18.254.177 for customers 111.13.2.158 as a service-side
1. Open actively. Send SYN, Negotiate window size ,TCP MSS seq=0 len=0 mss=1460 win=65535 Max window sizes
Client is syn_sent
Service side is syn_recv
2. received a syn. Reply to syn ack seq=0 ack=1=0+1 Confirm your maximum win=14480 mss=1460
Client is established
Service side is syn_recv
3. received a syn reply ack seq=1 ack=1=0+1 to this three times the handshake was successfully established.
Client is established
Service side is established
Four-time disconnection
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/82/wKioL1XlX2_AUT7YAAGbpSbjH5U362.jpg "title=" Four times disconnect. png "alt=" wkiol1xlx2_aut7yaagbpsbjh5u362.jpg "/>
1. active shutdown, send fin. seq=328
Service-side status is fin_wait1
Client status is closed_wait
2. client sends acknowledgment ACK ack=329=328+1
Service-side status is fin_wait2
3. client sends fin seq=133
Client status is last_ack
Service-side status is time_wait
4. server sends ACK ack=134=133+1
Client status closed
Service-side status closed
TCP segment of a reassembled PDU ( part of a TCP packet reorganization )
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/72/82/wKioL1XlYEHgbu_rAADSnbJx6ak656.jpg "title=" tcp Segment of reassembled pdu.png "alt=" Wkiol1xlyehgbu_raadsnbjx6ak656.jpg "/>
fragment of the packet. Acknum The same,
when the requested packet is greater than TCP MSS divides the data into multiple packets for transmission.
The TCP MSS size in the LAN is 1460=1500-20(IP header)-20( TCP Baotou)
TCP Window Update (tcp Windows Updates)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/85/wKiom1XlXhDxMUHlAADECH5jUi4021.jpg "title=" tcp Window Update.png "alt=" Wkiom1xlxhdxmuhlaadech5jui4021.jpg "/>
is a state in TCP communication, it can occur for a number of reasons, but ultimately due to the sender to transmit data faster than the receiver read data, which makes the receiver in the buffer must free a portion of the space to load the data sent, and then send to the sender Windows Update , telling the sender how much speed the data should be sent, so that the transmission and acceptance return to normal.
or aTCP Windowinto0the, or Close0the, this warns the data sender that there is no more room to accept more data..file transfer will stop, until you receive aUpdatesayBufferit's emptied..
TCP DUP ack (duplicate ack)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/82/wKioL1XlX7LRd2bpAAGTxqoAu84045.jpg "title=" TCP dup Ack.png "alt=" Wkiol1xlx7lrd2bpaagtxqoau84045.jpg "/>
indicates that the data segment is missing, 574 is the location of the data loss,#1 represents the loss once.
TCP Out-of-order
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/72/85/wKiom1XlXcCDqfqcAADCxhkH-Ys945.jpg "title=" TCP Out of order 1.png "alt=" Wkiom1xlxccdqfqcaadcxhkh-ys945.jpg "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/72/85/wKiom1XlXc-ie_uLAAG86whhBSI904.jpg "title=" TCP Out of order 2.png "alt=" Wkiom1xlxc-ie_ulaag86whhbsi904.jpg "/>
Due to the packet chaos received, it is possible that the network congestion or load sharing on the route, resulting in the packets sent after the first to achieve.
TCP restransmission retransmission
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/82/wKioL1XlYAHjxAxxAAQHFLqHGJ4246.jpg "title=" tcp Restransmission.png "alt=" Wkiol1xlyahjxaxxaaqhflqhgj4246.jpg "/>
The 167 Packet is a retransmission operation for the packet number packet, so the SEQ ack is the same,seq=2070 ack=6264
This article is from the "LIHONGWEIBJ" blog, make sure to keep this source http://lihongweibj.blog.51cto.com/6235038/1690518
About the Wireshark grab bag thing.