Use WireShark to view TCP's three-way handshake

Others 2020-10-03 21:17:57 views: null

    WireShark is a very convenient network packet capture tool. The following demonstration uses WireShark to capture the TCP three-way handshake process.

1. The three-way handshake process of TCP is as follows:

    1) The client sends a SYN packet with a sequence number of Seq = c to the server;
    2) After receiving the packet, the server responds (or returns) a SYN with a sequence number of Seq = s and an acknowledgement number of Ack = c+1 +ACK packet to the client;
    3) After the client receives the response from the server, it will reply to the server with an ACK packet with sequence number Seq = c+1 and confirmation number Ack = s+1, and the three-way handshake is completed .

2. WireShark captures the TCP three-way handshake process

    1. Download WireShark
    address: https://dl.softmgr.qq.com/original/System/Wireshark-win64-3.2.5.exe

    2. Install WireShark and
    click the default all the way until the installation is complete;
    3. Click [Start] in the lower left corner of the desktop -->WireShark -->double-click the column of [Ethernet], as shown in Figure (1):

Figure (1) Double-click the [Ethernet] column in WireShark

    4. Enter the http format webpage in the browser, for example: http://www.xitongcheng.com / jiaocheng /xtazjc_article_32713.html and press
Enter.

    5. According to the file directory /jiaocheng in the URI ( the third level directory in the URI is the file directory ), find the IP of the corresponding HTTP server,
as follows:
    5.1) Press Ctrl+F, and enter the search keyword " GET /jiaocheng" ", first click the first line of the list, and then click the [Find] button to get the IP of the HTTP server, as shown in Figure (2) and Figure (3):

Figure (2) Press Ctrl+F to set the filtered file directory

Figure (3) Find the corresponding HTTP server IP according to the file directory

    5.2) In the input box, set the source and destination addresses of the IP to the IP of the HTTP server, and press Enter, as shown in Figure (4):
    //Enter the source and destination addresses to be filtered

ip.dst==219.159.84.45 or ip.src==219.159.84.45
Figure (4) FTP three-way handshake

    The explanation is as follows:
    1) The client with the IP address of 192.168.0.101 sends a packet with the sequence number Seq=0 to the server with the IP address of 219.159.84.45, this is the first handshake;
    2) The server receives the packet After that, it returns a SYN+ACK message with an acknowledgement number of Ack=1 and sequence number of Seq=0 to the client. This is the second handshake;
    3) The client receives the response message from the server and will Add 1 to the sequence number inside to assign the new Ack, and assign the Ack inside to the new Seq at the same time, that is, reply an ACK message with Seq=1, Ack=1 to the server, which is the third handshake.

Guess you like

Origin blog.csdn.net/sanqima/article/details/108025304
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com