Transport layer protocol TCP and UDP analysis

Source: Internet
Author: User
Tags ack

Software download for analysis: Wireshark-win32-1.10.2.exe

Read the guided Tour

1. Analysis of application TCP protocol, and TCP link management

2. Analyzing Application UDP protocol

Analysis requirements

(1) TCP section:

    1. Learn the configuration and use of 3CDaemon FTP server
    2. Design applications to obtain TCP messages
    3. Analyze the format and content of TCP messages (analyze at least 5 messages and understand the relationship between them)
    4. Analyze the "three-time handshake" process established by the TCP connection to find the corresponding message

(2) UDP part:

    1. Learn about the configuration and use of Cisco TFTP Server
    2. Design applications to obtain UDP messages
    3. Analyze the format and content of UDP messages (analyze at least 5 messages and understand the relationship between them)
    4. What is the difference between analyzing a UDP message and a TCP message? Realize the difference between UDP protocol and TCP protocol

Analyze content

(1) TCP section:

    1. Learn the configuration and use of 3CDaemon FTP server

Download and install the 3CDaemon software and configure the FTP server section

    1. Design applications to obtain TCP messages

Log in to the FTP server using the Anonymous account "anonymous" built into the 3CDaemon system to obtain TCP messages

    1. Analyze the format and content of TCP messages (analyze at least 5 messages and understand the relationship between them)

See part Fourth of the analysis

    1. Analyze the "three-time handshake" process established by the TCP connection to find the corresponding message

(2) UDP part:

    1. Learn about the configuration and use of Cisco TFTP Server

Configuring Cisco TFTP Server

    1. Design applications to obtain UDP messages

Use the TFTP client command in Windows command-line mode to connect to the TFTP server and download the F1.txt file:

Tftp–i 172.18.3.188 GET F1.txt

Upload f2.txt file:

Tftp-i 172.18.3.188 PUT F2.txt

Grab packets at the same time to get UDP messages

    1. Analyze the format and content of UDP messages (analyze at least 5 messages and understand the relationship between them)

See part Fourth of the analysis

    1. What is the difference between analyzing a UDP message and a TCP message? Realize the difference between UDP protocol and TCP protocol

Analysis Results and summary

1. Acquiring and analyzing TCP messages

(1) Log in to the FTP server: 172.18.3.154 establish the SYN message for the TCP connection:

07a200151ea58e8f000000008002ffff5ad20000020405b40103030301010402

SOURCE Port: 07A2

Source Port:abr-api (1954)

Destination Port: 0015

Destination Port:ftp (21)

Sequence Number: 1e A5 8e 8f

Sequence number:0 (relative Sequence number)

Header Length: 8

Header length:32 bytes

Bit bit: 02

flags:0x002 (SYN)

window: FF FF

Window size value:65535

Calculated window size:65535

Checksum: 5ad2

checksum:0x5ad2 [Validation disabled]

Options: B4 01 03 03 03 01 01 04 02

Options: (bytes), Maximum segment size, no-operation (NOP), Window scale, no-operation (NOP), No-operation (NOP), SACK Permitted

(2) Log in to the FTP server: 172.18.3.154 establish a TCP connection Syn+ack message:

00e04c512b4e00e04c500ff9080045000034287040004006b2fcac12039aac120399001507a263bcdaf71ea58e908012ffff1c0d0000020405b401030 30301010402

SOURCE Port: 00 15

Source Port:ftp (21)

Destination Port: A2

Destination Port:abr-api (1954)

Serial number: BC DA F7

Sequence number:0 (relative Sequence number)

Confirmation Number: 1e A5 8e 90

Acknowledgment number:1 (relative ACK number)

Header Length: 8

Header length:32 bytes

Bit bit: 12

flags:0x012 (SYN, ACK)

window: FF FF

Window size value:65535

Calculated window size:65535

Checksum: 1c 0d

checksum:0x1c0d [Validation disabled]

Option: 020405b40103030301010402

Options: (bytes), Maximum segment size, no-operation (NOP), Window scale, no-operation (NOP), No-operation (NOP), SACK Permitted

(3) Log in to the FTP server: 172.18.3.154 establish a second ACK message for the TCP connection:

07a200151ea58e9063bcdaf85010b5c9a7110000

SOURCE Port: 07A2

Source Port:abr-api (1954)

Destination Port: 0015

Destination Port:ftp (21)

Sequence Number: 1e A5 8e 90

Sequence number:1 (relative Sequence number)

Confirmation Number: BC DA F8

Acknowledgment number:1 (relative ACK number)

Header Length: 5

Header length:20 bytes

Bit bit: 10

flags:0x010 (ACK)

window: B5 C9

Window size value:46537

Calculated window size:372296

Window Size Scaling Factor:8

Checksum: A7 11

checksum:0xa711 [Validation disabled]

(4) FTP server: 172.18.3.154 Disconnect the Fin+ack seq=x message from the TCP connection:

00e04c512b4e00e04c500ff908004500002854fb40004006867dac12039aac12039900150966cb76f9c531de53865011b5b846a70000000000000000

SOURCE Port: 00 15

Source Port:ftp (21)

Destination Port: 09 66

Destination Port:jediserver (2406)

Serial number: CB F9 C5

Sequence number:437 (relative Sequence number)

Confirmation Number: 86 de 53

Acknowledgment number:135 (relative ACK number)

Header Length: 5

Header length:20 bytes

Bit bit: 11

flags:0x011 (FIN, ACK)

window: B5 B8

Window size value:46520

Calculated window size:372160

Window Size Scaling Factor:8

Checksum: A7

checksum:0x46a7 [Validation disabled]

(5) FTP server: 172.18.3.154 Disconnect the ACK x+1 message for the TCP connection:

0966001531de5386cb76f9c65010b59346cc0000

SOURCE Port: 09 66

Source Port:jediserver (2406)

Destination Port: 00 15

Destination Port:ftp (21)

Serial number: to de 53 86

Sequence number:135 (relative Sequence number)

Confirmation Number: CB F9 C6

Acknowledgment number:438 (relative ACK number)

Header Length: 5

Header length:20 bytes

Bit bit: 10

flags:0x010 (ACK)

Window: B5 93

Window size value:46483

Calculated window size:371864

Window Size Scaling Factor:8

Checksum: + CC

checksum:0x46cc [Validation disabled]

(6) FTP server: 172.18.3.154 disconnects the fin seq =y, ACK +1 messages for TCP connections:

0966001531de5386cb76f9c65011b59346cb0000

SOURCE Port: 09 66

Source Port:jediserver (2406)

Destination Port: 00 15

Destination Port:ftp (21)

Serial number: to de 53 86

Sequence number:135 (relative Sequence number)

Confirmation Number: CB F9 C6

Acknowledgment number:438 (relative ACK number)

Header Length: 5

Header length:20 bytes

Bit bit: 11

flags:0x011 (FIN, ACK)

Window: B5 93

Window size value:46483

Calculated window size:371864

Window Size Scaling Factor:8

Checksum: CB

CHECKSUM:0X46CB [Validation disabled]

(7) FTP server: 172.18.3.154 Disconnect the ACK y+1 message for the TCP connection:

00e04c512b4e00e04c500ff908004500002854fc40004006867cac12039aac12039900150966cb76f9c631de53875010b5b846a60000000000000000

SOURCE Port: 00 15

Source Port:ftp (21)

Destination Port: 09 66

Destination Port:jediserver (2406)

Serial Number: CB F9 C6

Sequence number:438 (relative Sequence number)

Confirmation Number: 87 de 53

Acknowledgment number:136 (relative ACK number)

Header Length: 5

Header length:20 bytes

Bit bit: 10

flags:0x010 (ACK)

window: B5 B8

Window size value:46520

Calculated window size:372160

Window Size Scaling Factor:8

Checksum: A6

CHECKSUM:0X46A6 [Validation disabled]

For the TCP connection establishment process:

The client sends a SYN message with the ordinal x, and the server receives a SYN with a sequence number of Y and an ACK message with the sequence number x+1, and the client receives the ACK message with the sequence number y+1, and TCP establishes three handshakes in this order.

For a graceful shutdown of the TCP connection:

Dot 1 Send the fin message ordinal x, Dot 2 received after the sending sequence number is x+1 ack message, Dot 2 and then send the number y of fin and serial number for X+1 ACK message, Dot 1 received after sending the serial number is y+1 ack message, DOT 2 receive the message, the connection is closed normally, This is an improved three-time handshake method.

2. Acquiring and analyzing UDP messages

(1) tftp–i 172.18.3.188 GET F1.txt's first UDP message:

0c3e00450017bd5c

SOURCE Port: 0c 3e

Source port:3134 (3134)

Destination Port: 0045

Destination port:69 (69)

Message Length: 00 17

Length:23

CHECKSUM: BD 5c

checksum:0xbd5c [Validation disabled]

Data for TFTP messages

(2) Tftp–i 172.18.3.188 GET F1.txt's second UDP message:

09f30c3e001b8124

Source Port: F3

Source port:2547 (2547)

Destination Port: 0c3e

Destination port:3134 (3134)

Message Length: 1b

Length:27

Checksum: 81 24

checksum:0x8124 [Validation disabled]

Data for TFTP messages

(3) Tftp–i 172.18.3.188 GET f1.txt third UDP message:

0c3e09f3000c8a32

SOURCE Port: 0c 3e

Source port:3134 (3134)

Destination port: F3

Destination port:2547 (2547)

Message Length: 0c

Length:12

Checksum: 8a 32

CHECKSUM:0X8A32 [Validation disabled]

Data for TFTP messages

(4) Tftp–i 172.18.3.188 PUT f2.txt The first UDP message:

0d1d00450017bc7b

SOURCE Port: 0d 1d

Source port:3357 (3357)

Destination Port: 00 45

Destination port:69 (69)

Message Length: 00 17

Length:23

Checksum: BC 7b

checksum:0xbc7b [Validation disabled]

Data for TFTP messages

(5) Tftp–i 172.18.3.188 PUT F2.txt's second UDP message:

0b410d1d000c8806

SOURCE Port: 0b 41

Source port:2881 (2881)

Destination Port: 0d 1d

Destination port:3357 (3357)

Message Length: 0c

Length:12

Checksum: 88 06

checksum:0x8806 [Validation disabled]

Data for TFTP messages

(6) Tftp–i 172.18.3.188 PUT f2.txt The third UDP message:

0d1d0b4100138b61

SOURCE Port: 0d 1d

Source port:3357 (3357)

Destination Port: 0b 41

Destination port:2881 (2881)

Message Length: 00 13

Length:19

Checksum: 8b 61

checksum:0x8b61 [Validation disabled]

Data for TFTP messages

(7) The fourth UDP message tftp–i 172.18.3.188 PUT f2.txt:

0b410d1d000c8805

SOURCE Port: 0b 41

Source port:2881 (2881)

Destination Port: 0d 1d

Destination port:3357 (3357)

Message Length: 0c

Length:12

Checksum: 88 05

checksum:0x8805 [Validation disabled]

Data for TFTP messages

What is the difference between a UDP message and a TCP message:

UDP packets are shorter than TCP messages and do not establish a connection, TCP is a reliable transport protocol, UDP is an unreliable transport protocol. UDP is faster than TCP and is suitable for a number of high-speed, precision-demanding connections.

Transport layer protocol TCP and UDP analysis

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.