table of Contents
TCP
TCP is connection-oriented and can guarantee no data loss. Flow control, congestion control. Provide reliable data services. One to one
16-bit port number
Source port
Destination port
Indicate where the message comes from (source port) and to which upper-layer protocol or application (destination port)
When tcp communication is performed, the client is generally a temporary port number automatically selected by the system, and the server generally uses a well-known service port number or a port number designated by itself
32-bit serial number
Sequence number
Represents the number of each byte of the byte stream in a certain transmission direction during a tcp communication process (from establishing a connection to disconnecting)
Assuming that host A and B are in tcp communication, A transmits to B in a tcp segment, the sequence number value is initialized to a random value ISN by the system, then in the transmission direction (from A to B), all subsequent tcp packets The sequence number value in the segment will be set to ISN plus the offset of the first byte of the data carried in the segment in the entire byte stream
For example, the data transmitted by a TCP segment is the 1025 to 2048 bytes in the byte stream, then the sequence number value of the segment is ISN+1025
TCP is a byte stream-oriented protocol. Each byte of the byte stream transmitted through TCP is assigned a sequence number. The sequence number refers to the sequence number of the first byte of this segment.
Serial number wrap
https://blog.csdn.net/liufuchun111/article/details/86301587
32-bit confirmation number
Used as a response to the tcp segment sent by the other party.
Its value is the serial number value of the tcp segment received from the other party + 1. Assuming that host A and B are in tcp communication, then the tcp segment sent by A not only has its own sequence number, but also contains the confirmation number of the tcp segment sent by B. The reverse is also true.
4-digit header length
Indicates how many 32bit words (4 bytes) are in the tcp header. Because the maximum value of 4 bits is 15, there are 15 32bits at most, that is, 60 bytes is the maximum length of the tcp header.
6-bit flag
URG
Whether the emergency pointer is valid
ACK
Indicates whether the confirmation is valid. The segment with the ack flag is also called the confirmation segment
PA
Prompt that the receiving application should immediately read the data from the tcp receiving buffer to make room for the subsequent received data
RST
Indicates that the other party is required to re-establish the connection. The tcp segment with the RST flag is also called the reset segment
SYN
Indicates that a connection is established, and the tcp segment carrying SYN is a synchronization segment
END
Means to inform the other party that the connection is to be closed.
16 is the window size
It is a means of TCP flow control. The window mentioned here refers to the receiving notification window. It tells the other party how many bytes of data can be accommodated in the local tcp receiving buffer, so that the other party can control the speed of sending data.
16-bit checksum
It is filled by the sender, and the receiver executes the CRC algorithm on the tcp segment to check whether the TCP segment is damaged during transmission. Note that this check includes not only the tcp header, but also the data part. This is also an important guarantee for reliable TCP transmission.
16-bit urgent pointer
Is a positive offset. It is added to the value of the sequence number field to indicate the sequence number of the next byte of the last urgent data
Therefore, this field is the offset of the emergency pointer relative to the current sequence number. May call it emergency cheap, it will be used when sending urgent data
size
There is no source ip and destination ip address in the TCP packet header, only the source port number and destination port number
To filter the ip address, use ip.addr == the address to be filtered
There is no source ip and destination ip in the TCP message, because that is the matter of the IP layer protocol, and the TCP layer only has the source port and the destination port.
The source IP, source port, destination IP, and destination port form the "quadruple" of
a TCP connection. A quadruple can uniquely identify a connection
UDP
Udp is non-connection-oriented, try to ensure data delivery, non-sequential arrival. Head overhead is small, easy to implement
- Source port number
- Destination port number
- udp length
- udp checksum