tcp option

Others 2020-03-19 13:24:28 views: null

A strange phenomenon:

When shaking hands three times, the first two syn | syn + window size ack is obviously great, but the third handshake when window size has suddenly become very small,

And the subsequent process of data transmission, window size is still small, and syn | syn + ack does not match, for our tcp Study of learners,

Will be confused, in fact, we only focus on the important points tcp, but did not understand the small details of tcp.


Two, tcp option:

tcp packets of 20 bytes in addition to the standard, in fact, can reach a maximum of 60 bytes, the HL (4 bits up to 15 * 32/8 = 60 bytes), the extra bytes are tcp Option,

That tcp optional fields in the format:

| type(1-byte) | length(1-byte) | values(length - 2 byte) |

The above strange phenomenon is due to the tcp syn | using the window scale factor syn + ack in the value of the expansion can be expanded,

At this stage (syn | syn + ack) from the window size window factor affecting scale, ie the window size is how much, how much it is,

However, subsequent data transmission window size comprises a third handshake are left to move the window scale factor,

That window size * (2 ** scale_factor) or window size << scale_factor is the actual window size


Third, examples:

Access Baidu as an example:

sudo tcpdump -i eth0 host www.baidu.com -S -xx -n

12:15:02.145424 IP 172.18.192.125.36028 > 115.239.210.27.80: Flags [S], seq 4200731336, win 29200, options [mss 1460,sackOK,TS val 105544669 ecr 0,nop,wscale 7], length 0
    0x0000:  eeff ffff ffff 0016 3e08 b134 0800 4500
    0x0010:  003c 6915 4000 4006 1f0c ac12 c07d 73ef
    0x0020:  d21b 8cbc 0050 fa62 12c8 0000 0000 a002
    0x0030:  7210 b2c9 0000 0204 05b4 0402 080a 064a
    0x0040:  7bdd 0000 0000 0103 0307
syn:

Ethernet packets: eeff ffff ffff 0016 3e08 b134 0800

ip packet: 4500 003c 6915 4000 4006 1f0c ac12 c07d 73ef d21b

tcp packets: 8cbc fa62 12c8 0050 0000 0000 A002 7210 0000 0204 b2c9 05b4 080A 064A 7bdd 0402 0000 0000 01 03 0307
A002 is in a HL (10 32-bit length of the head), so that the head 40 bytes tcp, standard 20 bytes, so the extra 20 bytes tcp option,

Of which 030 307 for the window scale factor, 07 for value

0x7210 = 29200, for the window size, this case does not affect the window scale factor of the subject


12:15:02.172269 IP 115.239.210.27.80 > 172.18.192.125.36028: Flags [S.], seq 439811744, ack 4200731337, win 8192, options [mss 1452,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 5], length 0
    0x0000:  0016 3e08 b134 eeff ffff ffff 0800 4514
    0x0010:  003c 6915 4000 3606 28f8 73ef d21b ac12
    0x0020:  c07d 0050 8cbc 1a36 fea0 fa62 12c9 a012
    0x0030:  2000 c554 0000 0204 05ac 0402 0101 0101
    0x0040:  0101 0101 0101 0103 0305
syn + ack:

Ethernet packets: 0016 3e08 b134 eeff ffff ffff 0800

ip packet: 4514 003c 6915 4000 3606 28f8 73ef d21b ac12 c07d

tcp packets: 0050 8cbc 1a36 fea0 fa62 12c9 A012  2000 0000 0204 05ac c554 0402 0101 0101 0101 0101 0101 01 03 0305
A012 is in a HL (32-bit length of the head portion 10), so the head 40 bytes tcp, standard 20 bytes, so the extra 20 bytes tcp option,

Of which 030 305 for the window scale factor, 05 for value

0x2000 = 8192, as the window size, this case does not affect the window scale factor of the subject


12:15:02.172312 IP 172.18.192.125.36028 > 115.239.210.27.80: Flags [.], ack 439811745, win 229, length 0
    0x0000:  eeff ffff ffff 0016 3e08 b134 0800 4500
    0x0010:  0028 6916 4000 4006 1f1f ac12 c07d 73ef
    0x0020:  d21b 8cbc 0050 fa62 12c9 1a36 fea1 5010
    0x0030:  00e5 b2b5 0000
ack:

Ethernet packets: eeff ffff ffff 0016 3e08 b134 0800

ip packet: 4500 0028 6916 4000 4006 1f1f AC12 C07D 73ef D21B
tcp packets: 8cbc 0050 fa62 12c9 1a36 fea1 5010   00e5 b2b5 0000

The 50105 is HL, a standard 20-byte packets, no tcp option,

0x00e5 = 229, the current transmission window size is 229, but since there syn preceding window scale factor (7),

Thus the actual window 229 = 29312 << 7,

Another way to verify, because the window syn 29200, during transmission, you need to right 7, 29200 >> 7 = 228 (on a shift), 229


So this explains why Why syn of window size is 29200, and in the subsequent window size just send back only a few hundred of which only 229, (empathy syn + ack of the case)

In fact, we are not aware of tcp option, which has a tcp window scale factor this thing

Gonyaet
Published 140 original articles · won praise 28 · views 180 000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_16097611/article/details/79062987
Recommended
Ranking
Reason Codes enhanced accounting documents
The first test case appium
Force command and dispatch emergency communication plan
Interview - What is concurrent programming
21 classic Python interview questions [recommended collection]
[Dahua Data Structure-Introduction to Data Structure ①]
Spring @ConfigurationProperties
Why do we want to broadcast live on WeChat public account? What are the advantages?
How to bring up the toolbar under the desktop of Apple laptop
Dialog: Manually enter information
Daily
More
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)

Code World

© 2018 codetd.com