摘要:寫兩段簡單的代碼,然后來抓包分析協(xié)議服務(wù)端客戶端三次握手四次揮手端代碼端代碼抓包逐行分析第一行客戶端,端口向服務(wù)端端口發(fā)起主動(dòng)請求,第二行服務(wù)端給客戶端確認(rèn)為,并同時(shí)也發(fā)起同步第三行客戶端回復(fù)服務(wù)端的確認(rèn),三次握手建立連接第四行客戶端調(diào)用,
寫兩段簡單的python代碼,然后來抓包分析tcp協(xié)議
服務(wù)端IP:172.16.196.145
客戶端IP:172.16.196.142
import socket s = socket.socket() s.bind(("172.16.196.145",60000)) s.listen(5) while 1: conn, addr = s.accept() date = conn.recv(1024) if date == "get": conn.send("200 ok") conn.close() print "Connected by", addr, "now closed"client端代碼
import socket s = socket.socket() s.connect(("172.16.196.145",60000)) s.send("get") print s.recv(1024) s.close()tcpdump抓包
1 12:43:46.905723 IP 172.16.196.142.41334 > 172.16.196.145.60000: Flags [S], seq 3255498564, win 14600, options [mss 1460,sackOK,TS val 1412272238 ecr 0,nop,wscale 7], length 0 2 12:43:46.905751 IP 172.16.196.145.60000 > 172.16.196.142.41334: Flags [S.], seq 4195434198, ack 3255498565, win 14480, options [mss 1460,sackOK,TS val 1425611003 ecr 1412272238,nop,wscale 7], length 0 3 12:43:46.905987 IP 172.16.196.142.41334 > 172.16.196.145.60000: Flags [.], ack 4195434199, win 115, options [nop,nop,TS val 1412272238 ecr 1425611003], length 0 4 12:43:46.906031 IP 172.16.196.142.41334 > 172.16.196.145.60000: Flags [P.], seq 3255498565:3255498568, ack 4195434199, win 115, options [nop,nop,TS val 1412272238 ecr 1425611003], length 3 5 12:43:46.906041 IP 172.16.196.145.60000 > 172.16.196.142.41334: Flags [.], ack 3255498568, win 114, options [nop,nop,TS val 1425611003 ecr 1412272238], length 0 6 12:43:46.906265 IP 172.16.196.145.60000 > 172.16.196.142.41334: Flags [P.], seq 4195434199:4195434205, ack 3255498568, win 114, options [nop,nop,TS val 1425611003 ecr 1412272238], length 6 7 12:43:46.906305 IP 172.16.196.145.60000 > 172.16.196.142.41334: Flags [F.], seq 4195434205, ack 3255498568, win 114, options [nop,nop,TS val 1425611003 ecr 1412272238], length 0 8 12:43:46.906406 IP 172.16.196.142.41334 > 172.16.196.145.60000: Flags [.], ack 4195434205, win 115, options [nop,nop,TS val 1412272239 ecr 1425611003], length 0 9 12:43:46.906487 IP 172.16.196.142.41334 > 172.16.196.145.60000: Flags [F.], seq 3255498568, ack 4195434206, win 115, options [nop,nop,TS val 1412272239 ecr 1425611003], length 0 10 12:43:46.906500 IP 172.16.196.145.60000 > 172.16.196.142.41334: Flags [.], ack 3255498569, win 114, options [nop,nop,TS val 1425611004 ecr 1412272239], length 0逐行分析
第一行: 客戶端172.16.196.142,端口41336向服務(wù)端172.16.196.145端口60000發(fā)起SYN主動(dòng)請求,seq:3255498564
第二行: 服務(wù)端172.16.196.145.60000給客戶端172.16.196.142.41336確認(rèn)ACK ack為3255498564+1=3255498565,并同時(shí)也發(fā)起SYN同步
第三行: 客戶端回復(fù)服務(wù)端的SYN確認(rèn),三次握手建立連接
第四行: 客戶端調(diào)用s.send("get"),發(fā)送數(shù)據(jù),因此為P標(biāo)記(PST),seq:3255498565:3255498568
第五行: 服務(wù)端回復(fù)客戶端ACK確認(rèn)標(biāo)記,ack:3255498568
第六行: 服務(wù)端調(diào)用conn.send("200 ok")給客戶端回復(fù)數(shù)據(jù),為P標(biāo)記(PST),seq:4195434199:4195434205
第七行: 服務(wù)端發(fā)送回復(fù)數(shù)據(jù)后,關(guān)閉連接,發(fā)起FIN主動(dòng)關(guān)閉,seq:4195434205
第八行: 客戶端回復(fù)服務(wù)端數(shù)據(jù)(第六行)的確認(rèn)ACK,ack:4195434205
第九行: 客戶端發(fā)送FIN關(guān)閉連接,seq:3255498568 ack:4195434206
第十行: 服務(wù)端發(fā)送客戶端FIN的確認(rèn),由此,整個(gè)連接關(guān)閉 ack:3255498569
從分析來看,這是一個(gè)正常的三次握手建立連接之后傳輸數(shù)據(jù),但是說好的四次揮手呢?
第七行、第九行、第十行,其實(shí)只有三次揮手
把上面最后斷開連接的包放下來看
6 12:43:46.906265 IP 172.16.196.145.60000 > 172.16.196.142.41334: Flags [P.], seq 4195434199:4195434205, ack 3255498568, win 114, options [nop,nop,TS val 1425611003 ecr 1412272238], length 6 7 12:43:46.906305 IP 172.16.196.145.60000 > 172.16.196.142.41334: Flags [F.], seq 4195434205, ack 3255498568, win 114, options [nop,nop,TS val 1425611003 ecr 1412272238], length 0 8 12:43:46.906406 IP 172.16.196.142.41334 > 172.16.196.145.60000: Flags [.], ack 4195434205, win 115, options [nop,nop,TS val 1412272239 ecr 1425611003], length 0 9 12:43:46.906487 IP 172.16.196.142.41334 > 172.16.196.145.60000: Flags [F.], seq 3255498568, ack 4195434206, win 115, options [nop,nop,TS val 1412272239 ecr 1425611003], length 0 10 12:43:46.906500 IP 172.16.196.145.60000 > 172.16.196.142.41334: Flags [.], ack 3255498569, win 114, options [nop,nop,TS val 1425611004 ecr 1412272239], length 0
看看上面最后關(guān)閉tcp連接抓到的封包
為什么上面抓包只有三次揮手呢,因?yàn)榉?wù)端在conn.send("200 ok")后馬上就調(diào)用cnn.close()發(fā)起關(guān)閉連接了,而客戶端收到后還得調(diào)用s.recv(1024),還沒有發(fā)收到數(shù)據(jù)包的確認(rèn)就馬上又收到了服務(wù)端的FIN,于是客戶端先是回復(fù)了服務(wù)端[P.]的ACK確認(rèn),然后此時(shí)客戶端已經(jīng)知道了服務(wù)端要關(guān)閉連接了,所以干脆合并FIN和ACK回復(fù)一個(gè)包,省掉一步,減少通信
既然知道是因?yàn)榉?wù)端太快的關(guān)閉了連接,因此修改服務(wù)端代碼
import socket import time s = socket.socket() s.bind(("172.16.196.145",60000)) s.listen(5) while 1: conn, addr = s.accept() date = conn.recv(1024) if date == "get": conn.send("200 ok") time.sleep(0.1) #暫停0.1秒后關(guān)閉連接 conn.close() print "Connected by",addr,"now closed"
我們暫停1秒后關(guān)閉連接,再抓包
1 20:01:49.251026 IP 172.16.196.142.41424 > 172.16.196.145.60000: Flags [S], seq 3935290883, win 14600, options [mss 1460,sackOK,TS val 1524954581 ecr 0,nop,wscale 7], length 0 2 20:01:49.251069 IP 172.16.196.145.60000 > 172.16.196.142.41424: Flags [S.], seq 3178165011, ack 3935290884, win 14480, options [mss 1460,sackOK,TS val 1538293348 ecr 1524954581,nop,wscale 7], length 0 3 20:01:49.251291 IP 172.16.196.142.41424 > 172.16.196.145.60000: Flags [.], ack 3178165012, win 115, options [nop,nop,TS val 1524954581 ecr 1538293348], length 0 4 20:01:49.251334 IP 172.16.196.142.41424 > 172.16.196.145.60000: Flags [P.], seq 3935290884:3935290887, ack 3178165012, win 115, options [nop,nop,TS val 1524954582 ecr 1538293348], length 3 5 20:01:49.251358 IP 172.16.196.145.60000 > 172.16.196.142.41424: Flags [.], ack 3935290887, win 114, options [nop,nop,TS val 1538293349 ecr 1524954582], length 0 6 20:01:49.251544 IP 172.16.196.145.60000 > 172.16.196.142.41424: Flags [P.], seq 3178165012:3178165018, ack 3935290887, win 114, options [nop,nop,TS val 1538293349 ecr 1524954582], length 6 7 20:01:49.251663 IP 172.16.196.142.41424 > 172.16.196.145.60000: Flags [.], ack 3178165018, win 115, options [nop,nop,TS val 1524954582 ecr 1538293349], length 0 8 20:01:49.251781 IP 172.16.196.142.41424 > 172.16.196.145.60000: Flags [F.], seq 3935290887, ack 3178165018, win 115, options [nop,nop,TS val 1524954582 ecr 1538293349], length 0 9 20:01:49.291441 IP 172.16.196.145.60000 > 172.16.196.142.41424: Flags [.], ack 3935290888, win 114, options [nop,nop,TS val 1538293389 ecr 1524954582], length 0 10 20:01:49.351812 IP 172.16.196.145.60000 > 172.16.196.142.41424: Flags [F.], seq 3178165018, ack 3935290888, win 114, options [nop,nop,TS val 1538293449 ecr 1524954582], length 0 11 20:01:49.352041 IP 172.16.196.142.41424 > 172.16.196.145.60000: Flags [.], ack 3178165019, win 115, options [nop,nop,TS val 1524954682 ecr 1538293449], length 0
6 服務(wù)端調(diào)用conn.send("200 ok"),seq:3178165012:3178165018
7 客戶端收到封包的確認(rèn),ack:3178165018
8 此時(shí)發(fā)現(xiàn)跟之前不一樣了,由于服務(wù)端暫停了0.1秒,因此主動(dòng)關(guān)閉發(fā)送FIN標(biāo)記的變成了客戶端(172.16.196.142),seq:3935290887
9 服務(wù)端回復(fù)客戶端的FIN確認(rèn)ACK,ack:3935290888
10 服務(wù)端發(fā)起FIN關(guān)閉,seq:3178165018
11 行客戶端回復(fù)服務(wù)端的FIN確認(rèn)ACK,ack:3178165019
因此以上抓包抓到了TCP完整的四次揮手
CLOSING狀態(tài)的tcpdump包由于CLOSING狀態(tài)是兩邊同時(shí)發(fā)FIN,而且還要在收到對(duì)方的ACK前收到FIN,因此代碼很難實(shí)現(xiàn),我倒是在web上面很容易就抓到了這種封包
1 19:40:34.831216 IP 10.29.64.142.443 > 10.25.137.230.46556: Flags [F.], seq 3633446994, ack 1764274713, win 131, length 0 2 19:40:34.832085 IP 10.25.137.230.46556 > 10.29.64.142.443: Flags [F.], seq 1764274713, ack 3633446994, win 480, length 0 3 19:40:34.832107 IP 10.29.64.142.443 > 10.25.137.230.46556: Flags [.], ack 1764274714, win 131, length 0 4 19:40:34.832395 IP 10.25.137.230.46556 > 10.29.64.142.443: Flags [.], ack 3633446995, win 480, length 0
1 10.29.64.142 發(fā)起了FIN,seq: 3633446994
2 10.25.137.230 發(fā)起了FIN,seq: 1764274713
3 10.29.64.142 發(fā)送確認(rèn)ACK,ack: 1764274714
4 10.25.137.230 發(fā)送確認(rèn)ACK,ack: 3633446995
這種封包就是同時(shí)發(fā)FIN,沒有先收到ACK,而是收到對(duì)方的FIN,雙方進(jìn)入CLOSING狀態(tài)的封包,不過隨著對(duì)方很快發(fā)送ACK,因此雙方進(jìn)入TIME_WAIT狀態(tài)
文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請注明本文地址:http://specialneedsforspecialkids.com/yun/45089.html
摘要:本文原發(fā)于個(gè)人博客在英文中的含義為連接兩個(gè)物品的凹槽,像,意為眼窩,此外還有插座的意思。協(xié)議,所是用的傳輸協(xié)議,目前有三種。,也稱為無連接的,使用協(xié)議。當(dāng)函數(shù)返回時(shí),意味著對(duì)端已經(jīng)關(guān)閉。 本文原發(fā)于個(gè)人博客 Socket 在英文中的含義為(連接兩個(gè)物品的)凹槽,像the eye socket,意為眼窩,此外還有插座的意思。在計(jì)算機(jī)科學(xué)中,socket 通常是指一個(gè)連接的兩個(gè)端點(diǎn),這里的...
摘要:目錄源碼分析之番外篇的前生今世的前生今世之一簡介的前生今世之二小結(jié)的前生今世之三詳解的前生今世之四詳解源碼分析之零磨刀不誤砍柴工源碼分析環(huán)境搭建源碼分析之一揭開神秘的紅蓋頭源碼分析之一揭開神秘的紅蓋頭客戶端源碼分析之一揭開神秘的紅蓋頭服務(wù)器 目錄 Netty 源碼分析之 番外篇 Java NIO 的前生今世 Java NIO 的前生今世 之一 簡介 Java NIO 的前生今世 ...
閱讀 1637·2021-09-26 09:55
閱讀 1371·2021-09-23 11:22
閱讀 2726·2021-09-06 15:02
閱讀 2640·2021-09-01 11:43
閱讀 3951·2021-08-27 13:10
閱讀 3676·2021-08-12 13:24
閱讀 2069·2019-08-30 12:56
閱讀 2991·2019-08-30 11:22