TCP / IP study notes Addendum Author: Xiao Jin
Source code download After I trace IP packet on the network, I added "TCP / IP Learning Notes" I wrote. Through this article, you can deepen your understanding of TCP / IP.
● Network environment: ADSL broadband ● IP packet content: Send mail through Outlook, account is xiaojin8039@163.com, give me other mailbox xiaoj@njb.swirebev.com Send mail, system to capture IP packets. ● All IP packets are TCP protocols
1. About the Split of IP Packages: All IP packets do not slide, that is, the IP package transmission process never performs fragmentation, and keep the original IP package size. This may be better related to the network environment.
2, the size of the IP header and TCP header: The size of the IP head is 20, and the case including the option is not seen. However, the TCP header sometimes includes options, the size is 24 to 44, and the negotiation when establishing a connection has an option data, typically 28.
3. Steps to TCP Connection: (1) The client sends a TCP packet for the establishment message to the server side; (2) The server is sent to the client to establish a TCP connection to the client; (3) The client will confirm again (4) Server-side transmission server information; (5) Client transmission data, server-side sends data; (6) The client sends a command to end the connection; (7) The server side sends the end connection TCP packet to the client; (8) The client sends a TCP packet that agrees to end the connection to the server;
4, the specific process of the TCP connection, including the unique identifier ID, TCP packets connected to the SEQUENCE and ACK data, which is a complete TCP connection establishment and ending process:
No. Data size of the client server IPIDsequenceACKIPIDsequenceACK1027320986600280 20 54707390467112420986600293027420986600293904671125 456 547083904671125209866002951427520986600293904671181 60 54709390467118120986600437113 547103904671181209866004381227620986600433904671294 918 5471139046712942098660055101827720986600553904671312 1118 5471239046713122098660073121027820986600733904671330 1331 547133904671330209866008314027920986600833904671361 153428020986600833904671361 168 5471439046713612098660117173528120986601173904671369 188 547153904671369209866015219628220986601523904671377 2037 547163904671377209866015821141428320986601583904671414 220 54717390467141420986615722399328420986615723904671414 240 547183904671414209866257025528520986625653904671414 2638 547193904671414209866257027628620986625703904671452 289 5472039046714522098662576290 547213904671452509866257630028720986625763904671462 31028820986625763904671462 (1) size of the data does not include IP header and the TCP header the size of. (2) In addition to the establishment of the connection, each Sequence is equal to the last sequence value to add data size. The SYN tag that starts the negotiation should take up one byte. (3) 1 and 2 lines of data set the SYN flag. (4) 30 and 31 lines of data set the FIN logo. (5) Each data includes the start byte sequence of the sender data and the ACK value of the other party to send the data location. 5, program description:
(1) The program collects all protocols of the NMA as the IP package for TCP.
(2) For unencrypted mail content, you can identify and get the header content. (3) For the acquired data packets, the file name is scan.bin, or file that meets the format can also be imported. Please see the source program in the data format. (4) The source program also includes other functions, some have not been completed, and interested readers can help me complete and modify. 6, because the author's level is limited, the above content is inevitable, there is a mistake, welcome to criticize, thank you. .
Author: Xiao Jin: Nanjing BC Foods Co., Ltd. Information Department e-mail: xiaoj@njb.swirebev.com
