书名：Network Analysis Using Wireshark 2 Cookbook（Second Edition）
作者名：Nagendra Kumar Nainar Yogesh Ramdoss Yoram Orzach
本章字数：445字
更新时间：2025-02-24 00:28:56

How it works...

The following are diagrams of the TCP and IP header structure. UDP is quite simple—only source and destination port numbers, length, and checksum:

Some important things in the IP packet:

Ver: Version 4 or 6.
Header length: 20 to 24 bytes with options.
Type of Service (ToS): Usually implemented with Differentiated Services (DiffServ), and provide priority to preferred services.

TCP standard (RFC 793 from October 1981) has named this field ToS, and defined its structure. Differentiated Services standards that were published later (RFCs 2474, 2475 from December 1998 and others) are used for the implementation of the ToS byte in the majority of applications.

Length: Total datagram length in bytes.
Identifier, flags and fragment offset: Every packet has its own packet ID. When fragmented, along with the flags and offset, it will enable the receiver to reassemble it.
Time to Live: Start with 64, 128, or 256 (depends on the operating system that sends the packet), when every router on the way decrements the value by one. This prevents packets from traveling endlessly through the network. The router that sees one in the packet decrements it to zero and drops the packet.
Upper layer: The upper layer protocol—TCP, UDP, ICMP, and some others.
Internet checksum: The idea here is that the sender uses an error-checking mechanism to calculate a value over the packet. This value is set in the checksum field, while the receiver of the packet will calculate it again. If the sent value is not equal to the received value, it will be considered a checksum error.
Source and destination IP addresses: As the name implies.
Options: Usually not in use in IP Version 4.

The IP header is followed by TCP header. The format is as follow:

Some important things in the TCP packet:

Source and destination ports: These are the application codes at the two ends.
Sequence numbers: Counts the bytes that the sender sends to the receiver.
Acknowledgement number: ACK's received bytes. We will discuss this in detail in the Chapter 11, Transport Layer Protocol Analysis.
HL: Header length, indicates whether we use the options field or not.
Res: Reserved (for future flags).
Flags: Flags to start a connection (SYN), close a connection (FIN), reset a connection (RST), and push data for fast processing (PSH). Will be discussed in the TCP analysis chapter.
Rcvr window size: The buffer that the receiver has allocated to the process.
Checksum: Packet checksum.
Options: Timestamps, receiver window enhancement (RFC 1323), and MSS extension. Maximum Segment Size (MSS) is the maximum size of the TCP payload. We will discuss this further in Chapter 11, Transport Layer Protocol Analysis.