Wireshark use

Catalog

Frame: Overview of data frames in physical layer

Ethernet ||: Data link layer Ethernet frame header information

Internet Protocol Version 4： The Internet layer IP Baotou department information

Transmission Control Protocol： Data segment header information of the transport layer ——TCP agreement

Seven layer network model

Frame: Overview of data frames in physical layer

Frame 13147: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{E636F559-A995-4D93-8FDB-3158655D963E}, id 0

##13147 Frame number ; line 54 byte ; Actual capture 54 byte ( stay 432 position );

Interface id: 0 (\Device\NPF_{E636F559-A995-4D93-8FDB-3158655D963E})

## Interface id：

     Interface name: \Device\NPF_{E636F559-A995-4D93-8FDB-3158655D963E}

## Interface name path

     Interface description: WLAN

## Interface description ：

Encapsulation type: Ethernet (1)

## Package type

Arrival Time: Mar 21, 2022 15:09:17.698070000 China standard time

## Capture time

[Time shift for this packet: 0.000000000 seconds]

## The time offset of this packet

Epoch Time: 1647846557.698070000 seconds

## Epoch time

[Time delta from previous captured frame: 0.000259000 seconds]

## The time increment of the previously captured frame

[Time delta from previous displayed frame: 0.000259000 seconds]

## Time difference from the previous display frame

[Time since reference or first frame: 807.317262000 seconds]

## The time since the reference or the first frame

Frame Number: 13147

## Frame number

Frame Length: 54 bytes (432 bits)

## The length of the frame

Capture Length: 54 bytes (432 bits)

## Capture length

[Frame is marked: False]

## Whether the frame is marked

[Frame is ignored: False]

## Whether the frame is ignored

[Protocols in frame: eth:ethertype:ip:tcp]

## Protocol hierarchy encapsulated within the frame

[Coloring Rule Name: TCP SYN/FIN]

## Shading rules

[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]

## Characters displayed by shading rules

Ethernet ||: Data link layer Ethernet frame header information

Ethernet II, Src: IntelCor_20:04:ef (50:e0:85:20:04:ef), Dst: NewH3CTe_b6:55:93 (60:db:15:b6:55:93)

## Ethernet protocol version II, source address ： Factory name _ Serial number （ network address ）, Purpose ： Factory name _ Serial number （MAC Address ）

Destination: NewH3CTe_b6:55:93 (60:db:15:b6:55:93)

## The goal is MAC Address

        Address: NewH3CTe_b6:55:93 (60:db:15:b6:55:93)

        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)

Source: IntelCor_20:04:ef (50:e0:85:20:04:ef)

## Source MAC Address

        Address: IntelCor_20:04:ef (50:e0:85:20:04:ef)

        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)

Type: IPv4 (0x0800)

## The upper layer protocol type encapsulated in the frame

Internet Protocol Version 4： The Internet layer IP Baotou department information

Internet Protocol Version 4, Src: 10.231.113.85, Dst: 221.194.154.216

## Internet Protocol , Source IP Address , Purpose IP Address

    0100 .... = Version: 4

    .... 0101 = Header Length: 20 bytes (5)

    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)

        0000 00.. = Differentiated Services Codepoint: Default (0)

        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)

Total Length: 40

##IP The total length of the bag

Identification: 0x4ef5 (20213)

## Flag fields

    Flags: 0x40, Don't fragment

        0... .... = Reserved bit: Not set

        .1.. .... = Don't fragment: Set

        ..0. .... = More fragments: Not set

## Tag field

Fragment Offset: 0

## Segment offset

Time to Live: 128

## Life span TTL

Protocol: TCP (6)

## The upper layer protocol encapsulated in this package is TCP

Header Checksum: 0x0000 [validation disabled]

## Checksum of header data

[Header checksum status: Unverified]

## Header checksum status

Source Address: 10.231.113.85

## Source IP Address

Destination Address: 221.194.154.216

## Purpose IP Address

Transmission Control Protocol： Data segment header information of the transport layer ——TCP agreement

Other agreement information ： Hypertext Transfer Protocol： Application layer information —— Such as HTTP agreement

Transmission Control Protocol, Src Port: 52887, Dst Port: 443, Seq: 83355, Ack: 108722, Len: 0

##  Transmission control protocol TCP The content of

Source Port: 52887

## Source port

Destination Port: 443

## Destination port

[Stream index: 392]

## Flow index

[TCP Segment Len: 0]

##TCP Length of message segment

Sequence Number: 83355    (relative sequence number)

## Serial number ( Relative serial number )

Sequence Number (raw): 3079323668

## Serial number ( The original )

[Next Sequence Number: 83356    (relative sequence number)]

## Next serial number

Acknowledgment Number: 108722    (relative ack number)

## Confirm serial number

Acknowledgment number (raw): 2089134501

## Confirm serial number ( The original )

0101 .... = Header Length: 20 bytes (5)

## Head length

Flags: 0x011 (FIN, ACK)

##TCP Tag field

        000. .... .... = Reserved: Not set

        ...0 .... .... = Nonce: Not set

        .... 0... .... = Congestion Window Reduced (CWR): Not set

        .... .0.. .... = ECN-Echo: Not set

        .... ..0. .... = Urgent: Not set

        .... ...1 .... = Acknowledgment: Set

        .... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set

        .... .... ..0. = Syn: Not set

        .... .... ...1 = Fin: Set

            [Expert Info (Chat/Sequence): Connection finish (FIN)]

                [Connection finish (FIN)]

                [Severity level: Chat]

                [Group: Sequence]

        [TCP Flags: ·······A···F]

Window: 514

## Flow control window

    [Calculated window size: 131584]

    [Window size scaling factor: 256]

Checksum: 0xf4f1 [unverified]

##TCP Checksum of data segment

    [Checksum Status: Unverified]

    Urgent Pointer: 0

    [Timestamps]

        [Time since first frame in this TCP stream: 46.749102000 seconds]

        [Time since previous frame in this TCP stream: 0.000259000 seconds]

Seven layer network model

TCP Message format ：

transmission( spread )：

1.SYN To establish a connection ,

2.FIN Indicates that the connection is closed ,

3.ACK Indicate response ,

4.PSH Express DATA The data transfer ,

5.RST Indicates connection reset .

Refer to  wireshark Use the tutorial 【 A novice must see 】_IT Memorandum (itmemo.cn)

(15 Bar message ) About wireshark Packet capture Frame： Physical layer data frame overview notes _ Kiss my son Ang's blog -CSDN Blog _ Overview of data frames in physical layer

https://www.cnblogs.com/xiaojing-/p/10535192.html