compute:42967我正在监视controller:5672上两个进程之间的网络活动(controller.amqp)。它捕获了compute.42967三个 SYN(它们具有相同的 seq 号),而接收方仅 ACK 第三个。
这是我得到的:
18:53:46.777127 IP compute.42967 > controller.amqp: Flags [S], seq 3580103820, win 14600, options [mss 1460,sackOK,TS val 101569289 ecr 0,nop,wscale 7], length 0
18:53:47.779406 IP compute.42967 > controller.amqp: Flags [S], seq 3580103820, win 14600, options [mss 1460,sackOK,TS val 101570292 ecr 0,nop,wscale 7], length 0
18:53:49.783411 IP compute.42967 > controller.amqp: Flags [S], seq 3580103820, win 14600, options [mss 1460,sackOK,TS val 101572296 ecr 0,nop,wscale 7], length 0
18:53:52.786097 IP controller.amqp > compute.42967: Flags [S.], seq 796283360, ack 3580103821, win 14480, options [mss 1460,sackOK,TS val 97164912 ecr 101572296,nop,wscale 7], length 0
18:53:52.786139 IP compute.42967 > controller.amqp: Flags [.], ack 1, win 115, options [nop,nop,TS val 101575298 ecr 97164912], length 0
18:54:02.788808 IP controller.amqp > compute.42967: Flags [R.], seq 1, ack 1, win 114, options [nop,nop,TS val 97174914 ecr 101575298], length 0
三个SYN的区别在于val XXXXX,就是括号里的,比如
[mss 1460,sackOK,TS val 101569289 ecr 0,nop,wscale 7]
是否val区分不同的TCP段?如果不是,那意味着什么?
答案1
该TS值为TCP时间戳;它有助于确定数据包发送的顺序 - 请参阅https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_struct
它不是严格地区分 TCP 段;这就是序列号这是在seq.