TCP报文格式
TCP(Transmission Control Protocol)用于在包交换网络中主机之间,或者互联系统之间的高可靠传输。
一、TCP报文首部格式
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-------------------------------+-------------------------------+
| Source Port | Destination Port |
+-------------------------------+-------------------------------+
| Sequence Number |
+---------------------------------------------------------------+
| Acknowledgment Number |
+-------+-----------+-+-+-+-+-+-+-------------------------------+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-------+-----------+-+-+-+-+-+-+-------------------------------+
| Checksum | Urgent Pointer |
+-------------------------------+---------------+---------------+
| Options | Padding |
+-----------------------------------------------+---------------+
| data |
+---------------------------------------------------------------+
二、TCP报文首部格式解释
| 字段 | 长度 | 含义 |
|---|---|---|
| Source Port | 16比特 | 源端口,标识哪个应用程序发送。 |
| Destination Port | 16比特 | 目的端口,标识哪个应用程序接收。 |
| Sequence Number | 32比特 | 序号字段。TCP链接中传输的数据流中每个字节都编上一个序号。序号字段的值指的是本报文段所发送的数据的第一个字节的序号。 |
| Acknowledgment Number | 32比特 | 确认号,是期望收到对方的下一个报文段的数据的第1个字节的序号,即上次已成功接收到的数据字节序号加1。只有ACK标识为1,此字段有效。 |
| Data Offset | 4比特 | 数据偏移,即首部长度,指出TCP报文段的数据起始处距离TCP报文段的起始处有多远,以32比特(4字节)为计算单位。最多有60字节的首部,若无选项字段,正常为20字节。 |
| Reserved | 6比特 | 保留,必须填0。 |
| URG | 1比特 | 紧急指针有效标识。它告诉系统此报文段中有紧急数据,应尽快传送(相当于高优先级的数据)。 |
| ACK | 1比特 | 确认序号有效标识。只有当ACK=1时确认号字段才有效。当ACK=0时,确认号无效。 |
| PSH | 1比特 | 标识接收方应该尽快将这个报文段交给应用层。接收到PSH = 1的TCP报文段,应尽快的交付接收应用进程,而不再等待整个缓存都填满了后再向上交付。 |
| RST | 1比特 | 重建连接标识。当RST=1时,表明TCP连接中出现严重错误(如由于主机崩溃或其他原因),必须释放连接,然后再重新建立连接。 |
| SYN | 1比特 | 同步序号标识,用来发起一个连接。SYN=1表示这是一个连接请求或连接接受请求。 |
| FIN | 1比特 | 发端完成发送任务标识。用来释放一个连接。FIN=1表明此报文段的发送端的数据已经发送完毕,并要求释放连接。 |
| Window | 16比特 | 窗口:TCP的流量控制,窗口起始于确认序号字段指明的值,这个值是接收端期望接收的字节数。窗口最大为65535字节。 |
| Checksum | 16比特 | 校验字段,包括TCP首部和TCP数据,是一个强制性的字段,一定是由发端计算和存储,并由收端进行验证。在计算检验和时,要在TCP报文段的前面加上12字节的伪首部。 |
| Urgent Pointer | 16比特 | 紧急指针,只有当URG标志置1时紧急指针才有效。TCP的紧急方式是发送端向另一端发送紧急数据的一种方式。紧急指针指出在本报文段中紧急数据共有多少个字节(紧急数据放在本报文段数据的最前面)。 |
| Options | 可变 | 选项字段。TCP协议最初只规定了一种选项,即最长报文段长度(只包含数据字段,不包括TCP首部),又称为MSS。MSS告诉对方TCP“我的缓存所能接收的报文段的数据字段的最大长度是MSS个字节”。
新的RFC规定有以下几种选型:选项表结束,空操作,最大报文段长度,窗口扩大因子,时间戳。
|
| Padding | 可变 | 填充字段,用来补位,使整个首部长度是4字节的整数倍。 |
| data | 可变 | TCP负载。 |
三、TCP报文示例
Frame 1: 153 bytes on wire (1224 bits), 153 bytes captured (1224 bits)
Encapsulation type: Ethernet (1)
Arrival Time: May 12, 2015 17:29:30.289263000
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1431422970.289263000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 153 bytes (1224 bits)
Capture Length: 153 bytes (1224 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:telnet]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: 18:c5:8a:17:b6:b3 (18:c5:8a:17:b6:b3), Dst: 90:e2:ba:96:08:07 (90:e2:ba:96:08:07)
Destination: 90:e2:ba:96:08:07 (90:e2:ba:96:08:07)
Address: 90:e2:ba:96:08:07 (90:e2:ba:96:08:07)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 18:c5:8a:17:b6:b3 (18:c5:8a:17:b6:b3)
Address: 18:c5:8a:17:b6:b3 (18:c5:8a:17:b6:b3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.10.144.1 (10.10.144.1), Dst: 192.168.128.110 (192.168.128.110)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 139
Identification: 0x19f5 (6645)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: TCP (6)
Header checksum: 0xc595 [validation disabled]
[Good: False]
[Bad: False]
Source: 10.10.144.1 (10.10.144.1)
Destination: 192.168.128.110 (192.168.128.110)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: telnet (23), Dst Port: 63217 (63217), Seq: 1, Ack: 1, Len: 99
Source Port: telnet (23)
Destination Port: 63217 (63217)
Sequence number: 1 (relative sequence number)
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
.... 0000 0001 1000 = Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 40960
[Calculated window size: 40960]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xed6d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[Bytes in flight: 99]
Telnet
Data: \r\n
Data: Info: The max number of VTY users is 10, and the number\r\n
Data: of current VTY users on line is 1.
四、TCP协议栈结构
+---------------------+
| higher-level |
+---------------------+
| TCP |
+---------------------+
| internet protocol |
+---------------------+
|communication network|
+---------------------+
发表评论