Contents
  1. 1. IP 数据报格式

IP 数据报格式

Frame 7576: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface 0
Ethernet II, Src: Apple (马赛克), Dst: Hiwifi (马赛克)
Internet Protocol Version 4, Src: 192.168.199.146, Dst: 10.32.5.141
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 64
    Identification: 0x0000 (0)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
        ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0xa2d0 [validation disabled]
    [Header checksum status: Unverified]
    Source: 192.168.199.146
    Destination: 10.32.5.141
Transmission Control Protocol, Src Port: 56112, Dst Port: 80, Seq: 0, Len: 0


0000   00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00   ...Nw.`...-T..E.
0010   00 40 00 00 40 00 40 06 a2 d0 c0 a8 c7 92 0a 20   .@..@.@........ 
0020   05 8d db 30 00 50 55 5c ee 17 00 00 00 00 b0 02   ...0.PU\........
0030   ff ff 4f cb 00 00 02 04 05 b4 01 03 03 06 01 01   ..O.............
0040   08 0a 96 1c 9a 37 00 00 00 00 04 02 00 00         .....7........

随便抓一个 tcp 包出来看,上半段是解析后的结果,下半段是 hex 表示。

https://akaedu.github.io/book/ch36s04.html 这里有个格式描述以及图。

ip 报是从第一行倒数第二个字节开始,也就是 45.

45 二进制就是 01000101,再拆开就是 0100 和 0101,前四位就是四位版本,代表 IPv4,后四位就是首部长度 5.首部长度的单位是“四字节”,5 就是首部有 20 字节长。同时首部长度最小值是 20,就是这里的 0101. 四位最大值是 1111 是 15,也就是 60 字节。

现在新的 wireshark 还挺好用的,比之前用 homebrew 下载的好用的多

Contents
  1. 1. IP 数据报格式