1. Start → → run the CMD, the pop-up command window, enter ping ***, *** grasp the package on behalf of the URL, such as www.baidu.com, this time will be the URL into an IP address, such as Baidu IP address: 39.156.66.18.
2. Open the software Wireshark, click "Capture" → "Start", began packet capture.
3. Open your browser and enter the URL just ping, that URL should pay attention to the package, such as www.baidu.com, wait for some time, until the data transfer is complete, close the page and return to Wireshark, wait for some time, click "Capture" → "stop", stop packet capture.
4. Set the filter, the filter bag caught. Since it is intended to establish a TCP connection, the client sends a connection request to the server segment, this time the header synchronization bit SYN = 1, so only to find packet SYN = 1. Click on the top right corner of the "Filter" → "Expression" → "TCP" → "tcp.flags.syn == 1" → "Apply", this time the filter is completed.
5. Locate the Destination URL column is the desired IP address 39.156.66.18 data for that row, click to select the row data, click on the "Clear", Clear Filter, then caught the packets are arranged in the order, to after the find, it has been found so far the rest of the two-way handshake. Three-way handshake flags are: SYN = 1, SYN = 1, ACK = 1, ACK = 1. We must pay attention to find a temporary three-way handshake belonging to the same port number.
Three-way handshake were as follows:
6. Find four times and waved. Remember that three-way handshake in the temporary port number, 63237, to set a filter that is the figure above, top right, click "Filter" → "Expression" → "TCP" → "tcp.flags.fin == 1" → "Apply "At this time, the completion of filtration.
After filtration is complete, find the port number 63237 for the first frame, click "Clear", as shown below:
Four waving results are as follows:
