您好,欢迎访问三七文档
当前位置:首页 > IT计算机/网络 > 开发文档 > 基于wireshark的TCP和UDP报文分析
1《计算机网络基础》课程报告基于Wireshark的TCP和UDP报文分析院系:班级:学号:姓名:教师:2012年11月4日2目录一TCP连接时的三次握手··································3二TCP连接释放时的四次握手······························5三UDP报文分析··········································73.1UDP报文结构······································73.2UDP检验和的计算·································7四结束语···············································93一、TCP连接时的三次握手TCP协议为终端设备提供了面向连接的、可靠的网络服务。TCP在交换数据报文段之前要在发送方和接收方之间建立连接。客户是连接的发起者,服务器是被动打开和客户进行联系。具体的过程如下所述。第一次握手:客户发送SYN=1,seq=0的TCP报文给服务器Ps:客户的TCP向服务器发出连接请求报文段,其首部中的同步位SYN=1。序号seq=0,表明报文中未携带数据。报文如下:源端口号:56644(56644)目的端口号:http(80)[Streamindex:0]Sequencenumber:0(relativesequencenumber)Headerlength:32bytesFlags:0x02(SYN)000.........=Reserved:Notset...0........=Nonce:Notset....0.......=CongestionWindowReduced(CWR):Notset.....0......=ECN-Echo:Notset......0.....=Urgent:Notset.......0....=Acknowledgement:Notset........0...=Push:Notset.........0..=Reset:Notset..........1.=Syn:Set...........0=Fin:NotsetWindowsize:8192Checksum:0x1030[validationdisabled]Options:(12bytes)第二次握手:服务器发送SYN=1,ACK=1,seq=0的TCP报文给客户Ps:服务器的TCP收到客户发来的连接请求报文段后,如同意,则发回确认。服务器在确认报文段中应使SYN=1,使ACK=1。序号seq=0,表明报文中未携带数据。报文如下:源端口号:http(80)目的端口号:56644(56644)[Streamindex:0]Sequencenumber:0(relativesequencenumber)Acknowledgementnumber:1(relativeacknumber)4Headerlength:32bytesFlags:0x12(SYN,ACK)000.........=Reserved:Notset...0........=Nonce:Notset....0.......=CongestionWindowReduced(CWR):Notset.....0......=ECN-Echo:Notset......0.....=Urgent:Notset.......1....=Acknowledgement:Set........0...=Push:Notset.........0..=Reset:Notset..........1.=Syn:Set...........0=Fin:NotsetWindowsize:5840Checksum:0x54f6[validationdisabled]Options:(12bytes)第三次握手:客户发送ACK=1的TCP报文给服务器Ps:客户收到报文段后向服务器给出确认,其ACK=1。客户的TCP通知上层应用进程,连接已经建立。服务器的TCP收到主机客户的确认后,也通知其上层应用进程,TCP连接已经建立。报文如下:源端口号:56644(56644)目的端口号:http(80)[Streamindex:0]Sequencenumber:1(relativesequencenumber)Acknowledgementnumber:1(relativeacknumber)Headerlength:20bytesFlags:0x10(ACK)000.........=Reserved:Notset...0........=Nonce:Notset....0.......=CongestionWindowReduced(CWR):Notset.....0......=ECN-Echo:Notset......0.....=Urgent:Notset.......1....=Acknowledgement:Set........0...=Push:Notset.........0..=Reset:Notset..........0.=Syn:Notset...........0=Fin:NotsetWindowsize:65928(scaled)Checksum:0x1024[validationdisabled]5二、TCP连接释放时的四次握手数据传输结束后,通信的双方都可释放连接。客户应用进程先向其TCP发出连接释放报文段,并停止再发送数据,主动关闭TCP连接。接下来服务器半关闭连接,最后等待结束后释放连接资源。具体过程如下所述第一次握手:客户发送FIN=1,seq=u的TCP报文给服务器Ps:客户把TCP连接释放报文段首部的FIN=1,等待服务器的确认。报文如下:源端口号:56644(56644)目的端口号:http(80)[Streamindex:0]Sequencenumber:1(relativesequencenumber)Acknowledgementnumber:1(relativeacknumber)Headerlength:20bytesFlags:0x11(FIN,ACK)000.........=Reserved:Notset...0........=Nonce:Notset....0.......=CongestionWindowReduced(CWR):Notset.....0......=ECN-Echo:Notset......0.....=Urgent:Notset.......1....=Acknowledgement:Set........0...=Push:Notset.........0..=Reset:Notset..........0.=Syn:Notset...........1=Fin:SetWindowsize:65928(scaled)Checksum:0x1024[validationdisabled]第二次握手:服务器发送ACK=1,Acknowledgementnumber=u+1的TCP报文给客户Ps:服务器发出确认,确认号Acknowledgementnumber=u+1。TCP服务器进程通知高层应用进程。从客户到服务器这个方向的连接就释放了,TCP连接处于半关闭状态。服务器若发送数据,客户仍要接收。第三次握手:服务器发送FIN=1,ACK=1,seq=w,Acknowledgementnumber=u+1的TCP报文给客户Ps:若服务器已经没有要向客户发送的数据,其应用进程就通知TCP释放连接。事实上,第二次握手和第三次握手常常整合体现在同一服务器向客户发送的TCP报文中。报文如下:6源端口号:http(80)目的端口号:56644(56644)[Streamindex:0]Sequencenumber:1(relativesequencenumber)Acknowledgementnumber:2(relativeacknumber)Headerlength:20bytesFlags:0x11(FIN,ACK)000.........=Reserved:Notset...0........=Nonce:Notset....0.......=CongestionWindowReduced(CWR):Notset.....0......=ECN-Echo:Notset......0.....=Urgent:Notset.......1....=Acknowledgement:Set........0...=Push:Notset.........0..=Reset:Notset..........0.=Syn:Notset...........1=Fin:SetWindowsize:6144(scaled)Checksum:0xac93[validationdisabled][SEQ/ACKanalysis]第四次握手:客户发送ACK=1,seq=u+1,Acknowledgementnumber=w+1的TCP报文给服务器Ps:客户收到连接释放报文段后,必须发出确认。在确认报文段中ACK=1,确认号Acknowledgementnumber=w+1。自己的序号seq=u+1。随之服务器TCP关闭,而客户进入timedwait,等时间到后连接关闭。报文如下:源端口号:56644(56644)目的端口号:http(80)[Streamindex:0]Sequencenumber:2(relativesequencenumber)Acknowledgementnumber:2(relativeacknumber)Headerlength:20bytesFlags:0x10(ACK)000.........=Reserved:Notset...0........=Nonce:Notset....0.......=CongestionWindowReduced(CWR):Notset.....0......=ECN-Echo:Notset......0.....=Urgent:Notset.......1....=Acknowledgement:Set........0...=Push:Notset.........0..=Reset:Notset..........0.=Syn:Notset7...........0=Fin:NotsetWindowsize:65928(scaled)Checksum:0x1024[validationdisabled][SEQ/ACKanalysis]三、UDP报文分析3.1UDP报文结构UDP报头定长为8B。按顺序为:源端口号:关于端口号有一些规定,服务器端通常用熟知端口号,通常在0-1023之间。而客户端用随机的端口号,其范围在49152到65535之间。目的端口号长度:包括报头和数据的长度之和。在[8,65535]区间。检验和:提供差错检测功能3.2UDP检验和的计算3.2.1UDP的检验和所需信息①UDP伪首部:源IP+目的IP+Byte0+Byte17+UDP长度,其目的是让UDP两次检查数据是否已经正确到达目的地,只是单纯为了做校验用的。②UDP首部:该长度不是报文的总长度,而只是UDP(包括UDP头和数据部分)的总长度③UDP的数据部分3.2.2检验和的计算步骤:①把伪首部添加到UDP上;②计算初始时将检验和字段添零的;③把所有位划分为16位(2字节)的字④把所有16位的字相加,如果遇到进位,则将高于16字节的进位部分的值加到最低位上。⑤将所有字相加得到的结果应该为一个16位的数,将该数按位取反则可以得到检验和。3.2.3举例子分析该例子计算的是一个UDP的检验和由上图可知源IP、目的IP、UDP长度和数据。计算步骤:8①首先将检验和部分
本文标题:基于wireshark的TCP和UDP报文分析
链接地址:https://www.777doc.com/doc-2572959 .html