About Ethereal network protocol analysis operations essays.

The Ethereal network protocol analysis work mainly we need to combine the knowledge learned a few months, through the network packet capture the way so that they have a more profound understanding. In a few months we learned the details of the main osi model and where each layer, and associated protocols.

osi mainly composed of several seven protocol layers, respectively, showing the application layer session layer transport network layer data link physical layer. The figure below shows the relationship between osi protocol layers.

The job requires that we use to crawl out of the capture software are some of the application layer protocol transport network data link layer.

I am here to focus on finishing what I consider the more important three-way handshake, and its release ip packet analysis.

First, the application layer:

Application layer

The application layer is the highest layer in the OSI model is a direct user-oriented layer, the content of the user's communication to be solved by the application process, which requires the application layer using different application protocols to solve different types of application requirements, and to ensure that these different low-level communication protocol used by the application type is the same. The application layer contains a number of generic service independent of user protocol module, a dedicated network for communication between the user program service. Note that the application layer is not the application, but to provide services for applications.

Application layer

Packet capture www

HTTP protocol running over TCP protocol. Select an HTTP packet analysis in the captured data.

After I typed www.baidu.com address in a browser can grab the client makes a request to the ip address.

http request packet.

http response packets

The next important point concerns the knowledge is the transport layer protocol tcp established three-way handshake process.

Transport Layer

The transport layer is the network architecture of the interface between a high and low interfacial layer. Transporting layer is not only a single layer structure, but the core of the whole assay system protocol. The main transport layer to provide users with End-to-End (end) service, transmission problems datagram processing errors, packet ordering the like. Transport layer is a critical computer communication architecture layer, which shields the details of the underlying data communication to the high-level, so that users need not consider the physical layer, data link layer and the details of the work of the network layer. The transport layer using a network connection service provided by the network layer, using a service-oriented system according to the coupling requirements may be selected when the data transfer or connectionless oriented services.

Three-way handshake

The so-called "three-way handshake": In order for the amount of data sent each time tracking and consultation to ensure that send and receive data synchronization section, based on the amount of data received and confirmation data transmission, when the Undo link After acceptance, and establish a virtual connection.

the first time

The first handshake: connection is established, the client transmits syn packets (syn = j to the server , and enters the SYN_SENT state, waiting for the server to confirm; SEQ ID synchronizing the SYN (Synchronize Sequence Numbers).

the second time

Second handshake : server receives syn packets, must confirm the customer's SYN ( ACK = J + while themselves. 1 sends a SYN packet (seq = k i.e. SYN + ACK packet, then the server enters SYN_RECV state.

the third time

Third handshake: The client receives the service 's SYN + ACK packet, the server sends an acknowledgment packet the ACK ( ACK = K +. 1 of this packet been sent, the client and the server into the ESTABLISHED (the TCP connection succeeds) state, complete the three-way handshake .

Complete three-way handshake, the client and the server begins transmitting data .

In addition to the three-way handshake The test also relates to the process of the release of four

Connection has been established. After receiving confirmation of TCP server, also notify its parent process: TCP connection has been established.

Release the connection:

The first release: the application A issues a connection release Xianxiang its TCP packet segment, and stops resending data, actively closed tcp connection.

At this time, the connection release message A segment header FIN = 1, which sequence number seq = u, waiting for an acknowledgment of B

Second release:

Acknowledgment sent by B, confirmation number ack = u + 1, the segment sequence number seq = v. TCP server process notifies the high-level application process. Connection from A to B on the release.

Third release: A if B has no data to be transmitted to, the application process will inform the release of TCP link.

Fourth release: A receives a connection release segment, it must send a confirmation.

In the acknowledgment message ACK = 1 segment

Confirmation Number

Ack=w+1, seq=u.

Then also it relates to the analysis of ip packets.

It can be known from the figure:

Ip packet version number is: ipv4

Header length is: 20bytes

Datagram length: 40

Identifier: 0xrca5

Life: 116

Upper-layer protocols: TCP

Header checksum: 0x7bb0

Source ip address: 202.89.233.100

The purpose ip address is: 192.168.43.19

Now I would like to use two graphs summarize wire shark packet analysis

This is the relationship wireshark layers corresponding to the packet.

This is the format of each wireshark tcp packets corresponding to the following parameters

The testing process for wireshark I use is completely from zero to find video online self-study. I learned how to use wireshark filters for analysis. Generally speaking through a job not just familiar with the protocol network-related knowledge, but also a self-study software, it can be said that the benefits greatly.