WireShark is a very convenient network packet capture tool. The following demonstration uses WireShark to capture the TCP three-way handshake process.
1. The three-way handshake process of TCP is as follows:
1) The client sends a SYN packet with a sequence number of Seq = c to the server;
2) After receiving the packet, the server responds (or returns) a SYN with a sequence number of Seq = s and an acknowledgement number of Ack = c+1 +ACK packet to the client;
3) After the client receives the response from the server, it will reply to the server with an ACK packet with sequence number Seq = c+1 and confirmation number Ack = s+1, and the three-way handshake is completed .
2. WireShark captures the TCP three-way handshake process
1. Download WireShark
address: https://dl.softmgr.qq.com/original/System/Wireshark-win64-3.2.5.exe
2. Install WireShark and
click the default all the way until the installation is complete;
3. Click [Start] in the lower left corner of the desktop -->WireShark -->double-click the column of [Ethernet], as shown in Figure (1):
4. Enter the http format webpage in the browser, for example: http://www.xitongcheng.com / jiaocheng /xtazjc_article_32713.html and press
Enter.
5. According to the file directory /jiaocheng in the URI ( the third level directory in the URI is the file directory ), find the IP of the corresponding HTTP server,
as follows:
5.1) Press Ctrl+F, and enter the search keyword " GET /jiaocheng" ", first click the first line of the list, and then click the [Find] button to get the IP of the HTTP server, as shown in Figure (2) and Figure (3):
5.2) In the input box, set the source and destination addresses of the IP to the IP of the HTTP server, and press Enter, as shown in Figure (4):
//Enter the source and destination addresses to be filtered
ip.dst==219.159.84.45 or ip.src==219.159.84.45
The explanation is as follows:
1) The client with the IP address of 192.168.0.101 sends a packet with the sequence number Seq=0 to the server with the IP address of 219.159.84.45, this is the first handshake;
2) The server receives the packet After that, it returns a SYN+ACK message with an acknowledgement number of Ack=1 and sequence number of Seq=0 to the client. This is the second handshake;
3) The client receives the response message from the server and will Add 1 to the sequence number inside to assign the new Ack, and assign the Ack inside to the new Seq at the same time, that is, reply an ACK message with Seq=1, Ack=1 to the server, which is the third handshake.