计算机网络——自顶向下方法（第七版）Wireshark Lab4:TCP

这部分回顾Wireshark Lab4，该实验主要目标是了解TCP协议。

参考资料：

• https://github.com/moranzcw/Computer-Networking-A-Top-Down-Approach-NOTES
• https://github.com/jzplp/Computer-Network-A-Top-Down-Approach-Answer/blob/master/Chapter-3/Wireshark_TCP/Wireshark_TCP-Answer.md
• https://github.com/moranzcw/Computer-Networking-A-Top-Down-Approach-NOTES/tree/master/WiresharkLab/Wireshark%E5%AE%9E%E9%AA%8C-TCP

Wireshark Lab4: TCP

2. A first look at the captured trace

1

• 源ip：192.168.1.102
• 端口号：1161

2

• gaia.cs.umass.edu ip：128.119.245.12
• 端口号：80

3

略过。

3. TCP Basics

4

SYN区段的序列号为0(232129012)：

Transmission Control Protocol, Src Port: 1161, Dst Port: 80, Seq: 0, Len: 0
    Source Port: 1161
    Destination Port: 80
    [Stream index: 0]
    [TCP Segment Len: 0]
    Sequence Number: 0    (relative sequence number)
    Sequence Number (raw): 232129012
    [Next Sequence Number: 1    (relative sequence number)]
    Acknowledgment Number: 0
    Acknowledgment number (raw): 0
    0111 .... = Header Length: 28 bytes (7)
    Flags: 0x002 (SYN)
    Window: 16384
    [Calculated window size: 16384]
    Checksum: 0xf6e9 [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    Options: (8 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted
    [Timestamps]

作用是建立连接。

5

对应No为1的报文：

Transmission Control Protocol, Src Port: 80, Dst Port: 1161, Seq: 0, Ack: 1, Len: 0
    Source Port: 80
    Destination Port: 1161
    [Stream index: 0]
    [TCP Segment Len: 0]
    Sequence Number: 0    (relative sequence number)
    Sequence Number (raw): 883061785
    [Next Sequence Number: 1    (relative sequence number)]
    Acknowledgment Number: 1    (relative ack number)
    Acknowledgment number (raw): 232129013
    0111 .... = Header Length: 28 bytes (7)
    Flags: 0x012 (SYN, ACK)
    Window: 5840
    [Calculated window size: 5840]
    Checksum: 0x774d [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    Options: (8 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted
    [SEQ/ACK analysis]
    [Timestamps]

序列号为0(883061785)；Acknowledgment的值是1(232129013)；Acknowledgment为客户端的Sequence Number + 1，表示从下次接收信息的开始编号。

6

对应No为4的报文：

Transmission Control Protocol, Src Port: 1161, Dst Port: 80, Seq: 1, Ack: 1, Len: 565
    Source Port: 1161
    Destination Port: 80
    [Stream index: 0]
    [TCP Segment Len: 565]
    Sequence Number: 1    (relative sequence number)
    Sequence Number (raw): 232129013
    [Next Sequence Number: 566    (relative sequence number)]
    Acknowledgment Number: 1    (relative ack number)
    Acknowledgment number (raw): 883061786
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x018 (PSH, ACK)
    Window: 17520
    [Calculated window size: 17520]
    [Window size scaling factor: -2 (no window scaling used)]
    Checksum: 0x1fbd [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    [SEQ/ACK analysis]
    [Timestamps]
        [Time since first frame in this TCP stream: 0.026477000 seconds]
        [Time since previous frame in this TCP stream: 0.003212000 seconds]
    TCP payload (565 bytes)
    [Reassembled PDU in frame: 199]
    TCP segment data (565 bytes)

序列号为1，其中http post相关信息包含在[Reassembled PDU in frame: 199]。

7

序列号	No	发送时间	No	ACK时间	RTT	EstimatedRTT
1	4	0.026477	6	0.053937000	0.027460000	0.02746
566	5	0.041737	9	0.077294000	0.035557000	0.028472125
2026	7	0.054026	12	0.124085000	0.070059000	0.033670484375
3486	8	0.054690	14	0.169118000	0.114428000	0.043765173828125
4946	10	0.077405	15	0.217299000	0.139894000	0.05578127709960937
6406	11	0.078157	16	0.267802000	0.189645000	0.07251424246215821

说明：

ACK时间在SEQ/ACK analysis字段：

[SEQ/ACK analysis]
    [This is an ACK to the segment in frame: 4]
    [The RTT to ACK the segment was: 0.027460000 seconds]
    [iRTT: 0.023265000 seconds]

EstimatedRTT计算代码：

rtt = [0.027460000, 0.035557000, 0.070059000,
       0.114428000, 0.139894000, 0.189645000]

n = len(rtt)
estimated_rtt = rtt[0]
alpha = 0.125

print(estimated_rtt)
for i in range(1, n):
    estimated_rtt = (1 - alpha) * estimated_rtt + alpha * rtt[i]
    print(estimated_rtt)

运行结果：

0.02746
0.028472125
0.033670484375
0.043765173828125
0.05578127709960937
0.07251424246215821

8

长度为：

• 566 - 1 = 555
• 2026 - 566 = 1460
• 3486 - 2026 = 1460
• 4946 - 3486 = 1460
• 6406 - 4946 = 1460
• 7866 - 6406 = 1460

9

这题其实没有完全理解，感觉是对应Win的最小值：

2	0.023172	128.119.245.12	192.168.1.102	TCP	62	80 → 1161 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1

即最小可用缓冲区间为5840。

10

没有重传，因为序号在增加：

备注：作图时需要主要流量的方向，使用切换方向可以转向。

11

没有理解，先略过。

12

搜索http：

[Timestamps]
    [Time since first frame in this TCP stream: 5.297341000 seconds]
    [Time since previous frame in this TCP stream: 0.000084000 seconds]

[122 Reassembled TCP Segments (164090 bytes): #4(565), #5(1460), #7(1460), #8(1460), #10(1460), #11(1460), #13(1147), #18(1460), #19(1460), #20(1460), #21(1460), #22(1460), #23(892), #30(1460), #31(1460), #32(1460), #33(1460), #34(1460), #3]

所以吞吐量为：

$$164090/5.297341000\approx 30975.91791806493\text{ bype/s}$$

统计图结果：

13

一开始是慢启动，后续应该没有拥塞的情形。

14

略过。