三次握手与四次分手图解
三次握手
三次握手的作用:确定通行双方的发送与接收功能是否正常,同步通信序列号,交换tcp通信窗口大小与最大报文段长度(mss)
四次挥手
正常情况下,由客户端来决定何时关闭连接。四次挥手的意义在于确保数据能够完整传输。
使用tcpdump进行抓包
- 测试命令
curl www.google.com
- 抓包命令 网卡:wlo1 端口:80
tcpdump -nn -i wlo1 port 80
- 输出(已添加注释)
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlo1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
# 三次握手
## SYN = 1 | seq = 3464472424 | mss = 1460
23:59:04.224062 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [S], seq 3464472424, win 64240, options [mss 1460,sackOK,TS val 388526343 ecr 0,nop,wscale 7], length 0
## ACK = 1 | ack = 3464472424 + 1 | seq = 2089195576 | mss = 1460
23:59:04.225261 IP 142.250.217.132.80 > 192.168.50.43.49312: Flags [S.], seq 2089195576, ack 3464472425, win 28960, options [mss 1460,sackOK,TS val 612064231 ecr 388526343,nop,wscale 6], length 0
## ACK = 1
23:59:04.225273 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [.], ack 1, win 502, options [nop,nop,TS val 388526344 ecr 612064231], length 0
# 发送HTTP GET请求
23:59:04.225323 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [P.], seq 1:79, ack 1, win 502, options [nop,nop,TS val 388526344 ecr 612064231], length 78: HTTP: GET / HTTP/1.1
23:59:04.229628 IP 142.250.217.132.80 > 192.168.50.43.49312: Flags [.], ack 79, win 453, options [nop,nop,TS val 612064235 ecr 388526344], length 0
# 服务器响应
23:59:04.593391 IP 142.250.217.132.80 > 192.168.50.43.49312: Flags [.], seq 1:1449, ack 79, win 453, options [nop,nop,TS val 612064598 ecr 388526344], length 1448: HTTP: HTTP/1.1 200 OK
23:59:04.593433 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [.], ack 1449, win 493, options [nop,nop,TS val 388526713 ecr 612064598], length 0
23:59:04.594312 IP 142.250.217.132.80 > 192.168.50.43.49312: Flags [P.], seq 1449:8175, ack 79, win 453, options [nop,nop,TS val 612064598 ecr 388526344], length 6726: HTTP
23:59:04.594348 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [.], ack 8175, win 441, options [nop,nop,TS val 388526713 ecr 612064598], length 0
23:59:04.594367 IP 142.250.217.132.80 > 192.168.50.43.49312: Flags [P.], seq 8175:12081, ack 79, win 453, options [nop,nop,TS val 612064598 ecr 388526344], length 3906: HTTP
23:59:04.594378 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [.], ack 12081, win 411, options [nop,nop,TS val 388526713 ecr 612064598], length 0
23:59:04.597658 IP 142.250.217.132.80 > 192.168.50.43.49312: Flags [.], seq 12081:13529, ack 79, win 453, options [nop,nop,TS val 612064603 ecr 388526713], length 1448: HTTP
23:59:04.597682 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [.], ack 13529, win 493, options [nop,nop,TS val 388526717 ecr 612064603], length 0
23:59:04.597989 IP 142.250.217.132.80 > 192.168.50.43.49312: Flags [P.], seq 13529:14883, ack 79, win 453, options [nop,nop,TS val 612064603 ecr 388526713], length 1354: HTTP
23:59:04.598013 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [.], ack 14883, win 493, options [nop,nop,TS val 388526717 ecr 612064603], length 0
# 四次挥手 (@优化 三次挥手) 因为关闭连接有两种方式,当一方关闭连接,另外一方没有数据发送时,马上关闭连接,也就将第二步的ack与第三步的fin合并为一步了,这个优化在RFC793 3.5节
## FIN =1 | seq = 79 | ack = [ last seq ] + 1 = 14883
23:59:04.598320 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [F.], seq 79, ack 14883, win 501, options [nop,nop,TS val 388526717 ecr 612064603], length 0
## ACK = 1 | FIN =1 | ack = 79 +1 | seq = 14883
23:59:04.600734 IP 142.250.217.132.80 > 192.168.50.43.49312: Flags [F.], seq 14883, ack 80, win 453, options [nop,nop,TS val 612064605 ecr 388526717], length 0
## ACK = 1 | ack = 14883 +1
23:59:04.600768 IP 192.168.50.43.49312 > 142.250.217.132.80: Flags [.], ack 14884, win 501, options [nop,nop,TS val 388526720 ecr 612064605], length 0
复制代码© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
