物联网TCP 握手数据包分析 - Powered by Discuz! Archiver

半亩花草 发表于 2025-1-25 09:24:01

TCP 握手数据包分析

一、客户端数据分析：

spu@spu:~/code/pcap$ tcpdump -r client_all.pcap -X
reading from file client_all.pcap, link-type EN10MB (Ethernet)
17:58:56.346748 IP 192.168.1.178.55814 > 192.168.1.117.socks: Flags , seq 2615205588, win 64240, options , length 0
   0x0000:4500 003c 6c75 4000 4006 49cf c0a8 01b2E..<lu@.@.I.....
   0x0010:c0a8 0175 da06 0438 9be0 ded4 0000 0000...u...8........
   0x0020:a002 faf0 7da0 0000 0204 05b4 0402 080a....}...........
   0x0030:b06e 4194 0000 0000 0103 0307          .nA.........
17:58:56.354743 IP 192.168.1.117.socks > 192.168.1.178.55814: Flags , seq 3996464281, ack 2615205589, win 65160, options , length 0
   0x0000:4500 003c 0000 4000 4006 b644 c0a8 0175E..<..@.@..D...u
   0x0010:c0a8 01b2 0438 da06 ee35 3499 9be0 ded5.....8...54.....
   0x0020:a012 fe88 6b5a 0000 0204 05b4 0402 080a....kZ..........
   0x0030:35d1 b5fc b06e 4194 0103 0307          5....nA.....
17:58:56.354773 IP 192.168.1.178.55814 > 192.168.1.117.socks: Flags [.], ack 1, win 502, options , length 0
   0x0000:4500 0034 6c76 4000 4006 49d6 c0a8 01b2E..4lv@.@.I.....
   0x0010:c0a8 0175 da06 0438 9be0 ded5 ee35 349a...u...8.....54.
   0x0020:8010 01f6 96b1 0000 0101 080a b06e 419c.............nA.
   0x0030:35d1 b5fc                            5...
spu@spu:~/code/containrc$ ./test/pcap_parse ../pcap/client_all.pcap
Capturing packets from ../pcap/client_all.pcap...
Source IP: 192.168.1.178, Destination IP: 192.168.1.117 syn 1 ack 0 check a07d seq 9be0ded4 ack_seq 0
Source IP: 192.168.1.117, Destination IP: 192.168.1.178 syn 1 ack 1 check 5a6b seq ee353499 ack_seq 9be0ded5
Source IP: 192.168.1.178, Destination IP: 192.168.1.117 syn 0 ack 1 check b196 seq 9be0ded5 ack_seq ee35349a
二、服务端数据分析：

spu@spu:~/code/pcap$ tcpdump -r server_all.pcap -X
reading from file server_all.pcap, link-type EN10MB (Ethernet)
17:58:47.812796 ARP, Request who-has 192.168.1.178 tell 192.168.1.1, length 46
   0x0000:0001 0800 0604 0001 7439 8998 c0f9 c0a8........t9......
   0x0010:0101 0000 0000 0000 c0a8 01b2 0000 0000................
   0x0020:0000 0000 0000 0000 0000 0000 0000    ..............
17:58:57.302898 IP 192.168.1.178.55814 > 192.168.1.117.socks: Flags , seq 2615205588, win 64240, options , length 0
   0x0000:4500 003c 6c75 4000 4006 49cf c0a8 01b2E..<lu@.@.I.....
   0x0010:c0a8 0175 da06 0438 9be0 ded4 0000 0000...u...8........
   0x0020:a002 faf0 7da0 0000 0204 05b4 0402 080a....}...........
   0x0030:b06e 4194 0000 0000 0103 0307          .nA.........
17:58:57.302957 IP 192.168.1.117.socks > 192.168.1.178.55814: Flags , seq 3996464281, ack 2615205589, win 65160, options , length 0
   0x0000:4500 003c 0000 4000 4006 b644 c0a8 0175E..<..@.@..D...u
   0x0010:c0a8 01b2 0438 da06 ee35 3499 9be0 ded5.....8...54.....
   0x0020:a012 fe88 84a6 0000 0204 05b4 0402 080a................
   0x0030:35d1 b5fc b06e 4194 0103 0307          5....nA.....
17:58:57.312199 IP 192.168.1.178.55814 > 192.168.1.117.socks: Flags [.], ack 1, win 502, options , length 0
   0x0000:4500 0034 6c76 4000 4006 49d6 c0a8 01b2E..4lv@.@.I.....
   0x0010:c0a8 0175 da06 0438 9be0 ded5 ee35 349a...u...8.....54.
   0x0020:8010 01f6 96b1 0000 0101 080a b06e 419c.............nA.
   0x0030:35d1 b5fc                            5...
spu@spu:~/code/containrc$ ./test/pcap_parse ../pcap/server_all.pcap
Capturing packets from ../pcap/server_all.pcap...
Source IP: 192.168.1.178, Destination IP: 192.168.1.117 syn 1 ack 0 check a07d seq 9be0ded4 ack_seq 0
Source IP: 192.168.1.117, Destination IP: 192.168.1.178 syn 1 ack 1 check a684 seq ee353499 ack_seq 9be0ded5
Source IP: 192.168.1.178, Destination IP: 192.168.1.117 syn 0 ack 1 check b196 seq 9be0ded5 ack_seq ee35349a
这里服务端发送的syn ack数据包的check 与客户端收到的syn ack数据包的check 不知道为什么差异。

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。

页: [1]

IT评测·应用市场-qidao123.com技术社区's Archiver

TCP 握手数据包分析