0x0000: 4500 003e 6b68 4000 3f06 1a28 8c71 66a5 E..>kh@.?..(.qf.
0x0010: c0a8 026b ad0a b71d 6183 1a2f 7d66 3155 ...k....a../}f1U
0x0020: 8018 016d 0180 0000 0101 080a 8c57 7f5a ...m.........W.Z
0x0030: a044 62e7 6865 6c6c 6f77 6f72 6c64 .Db.helloworld
15:19:03.018317 ==> timestamp
IP (tos 0x0, ttl 63, id 27496, offset 0, flags [DF], proto TCP (6), length 62)
==> ip header
tos 0x0 ==> tos value 0x0
ttl 63 ==> ttl value is 63
id 27496==> ip id is 27496
offset 0 ==> offset is 0
flags [DF] ==> IP flag don't flagment
proto TCP (6) ==> trasnport protocol is tcp (6)
length 62) ==> ip length is 62 (include ip header)
140.113.102.165.44298 > 192.168.2.107.46877
==> source ip/port from 140.113.102.165.44298 to destination ip/port 192.168.2.107.46877
: P, cksum 0x0180 (correct), 1:11(10) ack 12 win 365
:P ==> TCP flag, PUSH flag is on, ACK will not show, S indicate SYN, F indicate FIN, R indicate RST
cksum 0x0180 (correct) ==> tcp check sum is 0x0180, validate it is correct
1:11(10) ==> sequence number diff is from 1:11 total 10 bytes
ack 12 ==> the data had been received is 12-1 bytes, next expected bytes is 12th byte
win 365 ==>
0101 080a 8c57 7f5a a044 62e7
01 => no operation, nop
01 => no operation, nop
08 => timestamp
0a => 10 bytes (in the tomestamp option, 8 bytes for data)
8c57 7f5a => Timestamp value, 2354544474
a044 62e7 => Timestamp echo reply, 2688836327
沒有留言:
張貼留言