重新组装TCP段 [英] Reassembling TCP Segments

问题描述

在wireshark中观察网络流量时，我看到wireshark会像以下那样重组数据包:

While observing network traffic in wireshark, i see that wireshark reassembles packets like:

[Reassembled TCP Segments (4233 bytes): #1279(2133), #1278(2100)]

Packet #1278: blahblah, Seq: 1538, Ack:3074, Len: 2133
Packet #1279: blahblah, Seq: 2998, Ack:3074, Len: 2100

(长度是虚构的值)

我希望重新组合我通过sharppcap收到的tcp数据包

Im looking to reassemble tcp packets that i receive through sharppcap

wireshark是否使用Ack来知道哪些段彼此属于?

Does wireshark use Ack to know what segments belong to each other?

Seq值是指什么?

如果没有，它将如何重新组装它们?

If not, how does it reassemble them?

推荐答案

SEQ值以字节为单位，因此，如果收到带有SEQ == 5的100字节段，则知道序列中的下一个段将具有.

SEQ values are counted in bytes, so if you receive a 100 byte segment with SEQ == 5, you know the next segment in the sequence will have a SEQ == 105.

ACK指示发送方希望从其对等方看到的下一个SEQ值.因此，您在多个数据包中看到相同的ACK值的唯一原因是因为只有一侧正在传输.通过使ACK保持不变，对于每次传输，主机基本上是在说它没有收到任何新消息.

The ACK indicates the next SEQ value that the sender expects to see from its peer. So the only reason you're seeing the same ACK value in multiple packets is because only one side is transmitting. By keeping the ACK the same, With each transmission, the host is basically saying it hasn't received anything new.

这篇关于重新组装TCP段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！