{"id":1609,"date":"2024-03-17T01:44:39","date_gmt":"2024-03-16T17:44:39","guid":{"rendered":"http:\/\/www.ccwifi.cc\/blogs\/?p=1609"},"modified":"2024-03-17T01:44:39","modified_gmt":"2024-03-16T17:44:39","slug":"%e6%8a%93%e5%8c%85%e5%b7%a5%e5%85%b7-wireshark%e8%af%a6%e7%bb%86%e4%bb%8b%e7%bb%8d%e4%b8%8etcp%e4%b8%89%e6%ac%a1%e6%8f%a1%e6%89%8b%e6%95%b0%e6%8d%ae%e5%88%86%e6%9e%90","status":"publish","type":"post","link":"https:\/\/www.ccwifi.cc\/blogs\/2024\/03\/17\/%e6%8a%93%e5%8c%85%e5%b7%a5%e5%85%b7-wireshark%e8%af%a6%e7%bb%86%e4%bb%8b%e7%bb%8d%e4%b8%8etcp%e4%b8%89%e6%ac%a1%e6%8f%a1%e6%89%8b%e6%95%b0%e6%8d%ae%e5%88%86%e6%9e%90\/","title":{"rendered":"\u6293\u5305\u5de5\u5177 - Wireshark\uff08\u8be6\u7ec6\u4ecb\u7ecd\u4e0eTCP\u4e09\u6b21\u63e1\u624b\u6570\u636e\u5206\u6790\uff09"},"content":{"rendered":"<div>\n<p>\u5728\u7ebfwifi\u8dd1\u5305 \u91d1\u521a\u5305\u8dd1\u5305 cap\u8dd1\u5305 hccapx ewsa\u5728\u7ebf \u5c31\u6765 <strong><a href=\"https:\/\/ccwifi.cc\" target=\"_blank\" rel=\"noopener\">\u63e1\u624b\u5305\u8dd1\u5305<\/a><\/strong><\/p>\n<p>\u5404\u4f4d\u597d \u53c8\u89c1\u9762\u4e86 \u6211\u662f\u66f9\u64cd \u4eca\u5929\u7ed9\u5927\u5bb6\u5e26\u6765\u4e00\u7bc7\u65b0\u7684\u6559\u7a0b<\/p>\n<p>\u5e0c\u671b\u5404\u4f4d\u7ec6\u5fc3\u5b66\u4e60 \u4f4e\u8c03\u7528\u7f51<\/p>\n<\/div>\n<pre><code>Interface id: 0                                                                                                  #\u63a5\u53e3id\nEncapsulation type: Ethernet (1)                                                                          #\u5c01\u88c5\u7c7b\u578b\nArrival Time: Jun 11, 2015 05:12:18.469086000 \u4e2d\u56fd\u6807\u51c6\u65f6\u95f4          #\u6355\u83b7\u65e5\u671f\u548c\u65f6\u95f4\n[Time shift for this packet: 0.000000000 seconds]\nEpoch Time: 1402449138.469086000 seconds\n[Time delta from previous captured frame: 0.025257000 seconds]   #\u6b64\u5305\u4e0e\u524d\u4e00\u5305\u7684\u65f6\u95f4\u95f4\u9694\n[Time since reference or first frame: 0.537138000 seconds]              #\u6b64\u5305\u4e0e\u7b2c\u4e00\u5e27\u7684\u65f6\u95f4\u95f4\u9694\nFrame Number: 5                                                                                          #\u5e27\u5e8f\u53f7\nFrame Length: 268 bytes (2144 bits)                                                         #\u5e27\u957f\u5ea6\nCapture Length: 268 bytes (2144 bits)                                                      #\u6355\u83b7\u957f\u5ea6\n[Frame is marked: False]                                                                              #\u6b64\u5e27\u662f\u5426\u505a\u4e86\u6807\u8bb0\uff1a\u5426\n[Frame is ignored: False]                                                                              #\u6b64\u5e27\u662f\u5426\u88ab\u5ffd\u7565\uff1a\u5426\n[Protocols in frame: eth:ip:tcp:http]                                                             #\u5e27\u5185\u5c01\u88c5\u7684\u534f\u8bae\u5c42\u6b21\u7ed3\u6784\n[Number of per-protocol-data: 2]                                                                          #\n[Hypertext Transfer Protocol, key 0]\n[Transmission Control Protocol, key 0]\n[Coloring Rule Name: HTTP]                                                                       #\u7740\u8272\u6807\u8bb0\u7684\u534f\u8bae\u540d\u79f0\n<\/code><\/pre>\n<p>\u6839\u636e\u60a8\u63d0\u4f9b\u7684\u4fe1\u606f\uff0c\u6211\u5c06\u91cd\u65b0\u6784\u5efa\u6587\u7ae0\u5185\u5bb9\uff0c\u4ee5\u4fdd\u6301\u539f\u6709\u4fe1\u606f\u7684\u57fa\u7840\u4e0a\uff0c\u786e\u4fdd\u4e0e\u539f\u6587\u7684\u76f8\u4f3c\u5ea6\u4f4e\u4e8e30%\u3002\u8bf7\u6ce8\u610f\uff0c\u5927\u62ec\u53f7\u5185\u7684ID\u5c06\u4fdd\u6301\u4e0d\u53d8\u3002<\/p>\n<p>\u5728\u7f51\u7edc\u6570\u636e\u5305\u5206\u6790\u4e2d\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528Wireshark\u5de5\u5177\u6765\u6355\u83b7\u548c\u5206\u6790\u6570\u636e\u5305\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5e38\u7528\u7684\u8fc7\u6ee4\u5668\u548c\u76f8\u5173\u4fe1\u606f\uff1a<\/p>\n<ol>\n<li>\u8fc7\u6ee4\u5668\u793a\u4f8b\uff1a<\/li>\n<\/ol>\n<ul>\n<li><code>ip.src == 192.168.1.102<\/code>\uff1a\u663e\u793a\u6e90\u5730\u5740\u4e3a192.168.1.102\u7684\u8bb0\u5f55\u3002<\/li>\n<li><code>ip.dst == 192.168.1.102<\/code>\uff1a\u663e\u793a\u76ee\u6807\u5730\u5740\u4e3a192.168.1.102\u7684\u8bb0\u5f55\u3002<\/li>\n<li><code>ip.addr == 42.121.252.58<\/code>\uff1a\u53ea\u663e\u793a\u4e0e\u67d0\u4e3b\u673a\uff0842.121.252.58\uff09\u7684\u901a\u4fe1\u3002<\/li>\n<li><code>tcp.port == 80<\/code>\uff1a\u53ea\u663e\u793a\u7aef\u53e3\u4e3a80\u7684\u8bb0\u5f55\u3002<\/li>\n<li><code>tcp.srcport == 80<\/code>\uff1a\u53ea\u663e\u793a\u6e90\u7aef\u53e3\u4e3a80\u7684TCP\u534f\u8bae\u8bb0\u5f55\u3002<\/li>\n<li><code>http.request.method == \"GET\"<\/code>\uff1a\u53ea\u663e\u793a\u4f7f\u7528HTTP GET\u65b9\u6cd5\u7684\u8bb0\u5f55\u3002<\/li>\n<li><code>eth.type == 0x806<\/code>\uff1a\u53ea\u663e\u793aARP\u62a5\u6587\u3002<\/li>\n<\/ul>\n<ol>\n<li>\n<p>\u5c01\u5305\u5217\u8868\uff08Packet List Pane\uff09\uff1a<br \/>\n\u5c01\u5305\u5217\u8868\u9762\u677f\u663e\u793a\u4e86\u7f16\u53f7\u3001\u65f6\u95f4\u6233\u3001\u6e90\u5730\u5740\u3001\u76ee\u6807\u5730\u5740\u3001\u534f\u8bae\u3001\u957f\u5ea6\u548c\u5c01\u5305\u4fe1\u606f\u3002\u4e0d\u540c\u7684\u534f\u8bae\u4f7f\u7528\u4e0d\u540c\u7684\u989c\u8272\u8fdb\u884c\u663e\u793a\u3002<\/p>\n<\/li>\n<li>\n<p>\u5c01\u5305\u8be6\u7ec6\u4fe1\u606f\uff08Packet Details Pane\uff09\uff1a<br \/>\n\u5c01\u5305\u8be6\u7ec6\u4fe1\u606f\u662f\u6700\u91cd\u8981\u7684\u90e8\u5206\uff0c\u7528\u4e8e\u67e5\u770b\u534f\u8bae\u4e2d\u7684\u6bcf\u4e2a\u5b57\u6bb5\u3002\u6839\u636eOSI\u4e03\u5c42\u6a21\u578b\uff0c\u5c01\u5305\u4fe1\u606f\u4e2d\u7684\u6bcf\u884c\u5bf9\u5e94\u4ee5\u4e0b\u5c42\u7ea7\uff1a<\/p>\n<\/li>\n<\/ol>\n<ul>\n<li>Frame\uff08\u7269\u7406\u5c42\uff09<\/li>\n<li>Ethernet II\uff08\u6570\u636e\u94fe\u8def\u5c42\uff09<\/li>\n<li>Internet Protocol Version 4\uff08\u7f51\u7edc\u5c42\uff09<\/li>\n<li>Transmission Control Protocol\uff08\u4f20\u8f93\u5c42\uff09<\/li>\n<li>Hypertext Transfer Protocol\uff08\u5e94\u7528\u5c42\uff09<\/li>\n<\/ul>\n<p>\u901a\u8fc7\u5206\u6790\u5c01\u5305\u8be6\u7ec6\u4fe1\u606f\uff0c\u6211\u4eec\u53ef\u4ee5\u4e86\u89e3\u6bcf\u4e2a\u5b57\u6bb5\u7684\u542b\u4e49\u548c\u5728OSI\u6a21\u578b\u4e2d\u7684\u5bf9\u5e94\u5173\u7cfb\u3002<\/p>\n<p>\u4ee5\u4e0a\u662f\u5173\u4e8eWireshark\u5de5\u5177\u7684\u4e00\u4e9b\u57fa\u672c\u4fe1\u606f\u548c\u4f7f\u7528\u793a\u4f8b\uff0c\u5e0c\u671b\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\u3002<\/p>\n<pre><code>Source: Giga-Byt_c8:4c:89 (1c:6f:65:c8:4c:89)                                        #\u6e90MAC\u5730\u5740\nType: IP (0x0800)\n<\/code><\/pre>\n<p>[Coloring Rule String: http || tcp.port == 80]<\/p>\n<pre><code>Header length: 20 bytes                                                                               #IP\u5305\u5934\u90e8\u957f\u5ea6\nDifferentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))                                                                                                                                   #\u5dee\u5206\u670d\u52a1\u5b57\u6bb5\nTotal Length: 254                                                                                           #IP\u5305\u7684\u603b\u957f\u5ea6\nIdentification: 0x5bb5 (23477)                                                                    #\u6807\u5fd7\u5b57\u6bb5\nFlags: 0x02 (Don't Fragment)                                                                      #\u6807\u8bb0\u5b57\u6bb5\nFragment offset: 0                                                                                         #\u5206\u7684\u504f\u79fb\u91cf\nTime to live: 64                                                                                               #\u751f\u5b58\u671fTTL\nProtocol: TCP (6)                                                                                            #\u6b64\u5305\u5185\u5c01\u88c5\u7684\u4e0a\u5c42\u534f\u8bae\u4e3aTCP\nHeader checksum: 0x52ec [validation disabled]                                              #\u5934\u90e8\u6570\u636e\u7684\u6821\u9a8c\u548c\nSource: 192.168.0.104 (192.168.0.104)                                                   #\u6e90IP\u5730\u5740\nDestination: 61.182.140.146 (61.182.140.146)                                       #\u76ee\u6807IP\u5730\u5740\n<\/code><\/pre>\n<p>\u5728TCP\u4e09\u6b21\u63e1\u624b\u8fc7\u7a0b\u4e2d\uff0c\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u5efa\u7acb\u8fde\u63a5\u7684\u6b65\u9aa4\u5982\u4e0b\uff1a<\/p>\n<ol>\n<li>\n<p>\u7b2c\u4e00\u6b21\u63e1\u624b\uff1a\u5ba2\u6237\u7aef\u53d1\u9001\u4e00\u4e2aSYN\u5305\uff08SYN=j\uff09\u5230\u670d\u52a1\u5668\uff0c\u5e76\u8fdb\u5165SYN SENT\u72b6\u6001\uff0c\u7b49\u5f85\u670d\u52a1\u5668\u786e\u8ba4\u3002<\/p>\n<\/li>\n<li>\n<p>\u7b2c\u4e8c\u6b21\u63e1\u624b\uff1a\u670d\u52a1\u5668\u6536\u5230SYN\u5305\u540e\uff0c\u786e\u8ba4\u5ba2\u6237\u7aef\u7684SYN\uff08ACK=j+1\uff09\uff0c\u540c\u65f6\u53d1\u9001\u4e00\u4e2aSYN\u5305\uff08SYN=k\uff09\uff0c\u5373SYN+ACK\u5305\uff0c\u670d\u52a1\u5668\u8fdb\u5165SYN RECV\u72b6\u6001\u3002<\/p>\n<\/li>\n<li>\n<p>\u7b2c\u4e09\u6b21\u63e1\u624b\uff1a\u5ba2\u6237\u7aef\u6536\u5230\u670d\u52a1\u5668\u7684SYN+ACK\u5305\u540e\uff0c\u5411\u670d\u52a1\u5668\u53d1\u9001\u786e\u8ba4\u5305ACK\uff08ACK=k+1\uff09\uff0c\u5b8c\u6210\u4e09\u6b21\u63e1\u624b\uff0c\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u8fdb\u5165ESTABLISHED\u72b6\u6001\uff0c\u5efa\u7acbTCP\u8fde\u63a5\u3002<\/p>\n<\/li>\n<\/ol>\n<p>\u901a\u8fc7Wireshark\u5de5\u5177\uff0c\u6211\u4eec\u53ef\u4ee5\u5206\u6790\u6355\u83b7\u7684\u6570\u636e\u5305\u6765\u4e86\u89e3TCP\u4e09\u6b21\u63e1\u624b\u7684\u8fc7\u7a0b\u3002\u5728\u5c01\u5305\u8be6\u7ec6\u4fe1\u606f\u4e2d\uff0c\u53ef\u4ee5\u67e5\u770b\u6bcf\u4e2a\u6570\u636e\u5305\u7684\u5177\u4f53\u5185\u5bb9\uff0c\u5305\u62ec\u6807\u5fd7\u4f4d\u3001\u5e8f\u5217\u53f7\u3001\u786e\u8ba4\u53f7\u7b49\u3002<\/p>\n<p>\u5e0c\u671b\u4ee5\u4e0a\u4fe1\u606f\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\u3002<\/p>\n<pre><code>Destination port: http (80)                                                                             #\u76ee\u6807\u7aef\u53e3\u53f7\nSequence number: 1    (relative sequence number)                                   #\u5e8f\u5217\u53f7\uff08\u76f8\u5bf9\u5e8f\u5217\u53f7\uff09\n[Next sequence number: 215    (relative sequence number)]           #\u4e0b\u4e00\u4e2a\u5e8f\u5217\u53f7\nAcknowledgment number: 1    (relative ack number)                         #\u786e\u8ba4\u5e8f\u5217\u53f7\nHeader length: 20 bytes                                                                               #\u5934\u90e8\u957f\u5ea6\nFlags: 0x018 (PSH, ACK)                                                                             #TCP\u6807\u8bb0\u5b57\u6bb5\nWindow size value: 64800                                                                                    #\u6d41\u91cf\u63a7\u5236\u7684\u7a97\u53e3\u5927\u5c0f\nChecksum: 0x677e [validation disabled]                                                  #TCP\u6570\u636e\u6bb5\u7684\u6821\u9a8c\u548c\n<\/code><\/pre>\n<p><!-- \u6587\u7ae0\u6765\u6e90:https:\/\/blog.csdn.net\/weixin_39577647\/article\/details\/87973079 --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6293\u5305\u5de5\u5177 &#8211; Wireshark\uff08\u8be6\u7ec6\u4ecb\u7ecd\u4e0eTCP\u4e09\u6b21\u63e1\u624b\u6570\u636e\u5206\u6790\uff09ip.src ==192.168.1.102 -&gt;\u663e\u793a\u6e90\u5730\u5740\u4e3a192.168.1.102\u7684\u8bb0\u5f55\uff1bip.dst==192.168.1.102 -&gt;\u76ee\u6807\u5730\u5740\u4e3a192.168.1.10\u7684\u8bb0\u5f55\uff1bip<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"topic":[],"class_list":["post-1609","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts\/1609","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/comments?post=1609"}],"version-history":[{"count":0,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts\/1609\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/media?parent=1609"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/categories?post=1609"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/tags?post=1609"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/topic?post=1609"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}