C:\>windump -i 2 -t -n host www.163.com
windump: listening on \Device\NPF_{D5CDDF21-0585-4DCC-9D2C-2E6DC1B5E5ED}
IP 192.168.111.27.1027 > 220.181.28.51.80: S 1883479384:1883479384(0) win 65535
<mss 1460,nop,nop,sackOK>
IP 192.168.111.27.1027 > 220.181.28.51.80: S 1883479384:1883479384(0) win 65535
<mss 1460,nop,nop,sackOK>
IP 220.181.28.51.80 > 192.168.111.27.1027: S 3496801410:3496801410(0) ack 188347
9385 win 5840 <mss 1452,nop,nop,sackOK>
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 1 win 65535
IP 192.168.111.27.1027 > 220.181.28.51.80: P 1:781(780) ack 1 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: S 3496801410:3496801410(0) ack 188347
9385 win 5840 <mss 1452,nop,nop,sackOK>
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 1 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 1:1453(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 1453 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 1453:2905(1452) ack 781 win 7020
IP 220.181.28.51.80 > 192.168.111.27.1027: . 2905:4357(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 4357 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 4357:5809(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 5809 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 8713:10165(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 5809 win 65535 <nop,nop,sack 1
{8713:10165}>
IP 220.181.28.51.80 > 192.168.111.27.1027: . 5809:7261(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 7261 win 65535 <nop,nop,sack 1
{8713:10165}>
IP 220.181.28.51.80 > 192.168.111.27.1027: . 7261:8713(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 10165 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 10165:11617(1452) ack 781 win 7020
IP 220.181.28.51.80 > 192.168.111.27.1027: . 11617:13069(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 13069 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 13069:14521(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 14521 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 17425:18877(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 14521 win 65535 <nop,nop,sack 1
{17425:18877}>
IP 220.181.28.51.80 > 192.168.111.27.1027: . 14521:15973(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 15973 win 65535 <nop,nop,sack 1
{17425:18877}>
IP 220.181.28.51.80 > 192.168.111.27.1027: . 15973:17425(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 18877 win 65535
IP 192.168.111.27.1040 > 220.181.28.51.80: S 1302097957:1302097957(0) win 65535
<mss 1460,nop,nop,sackOK>
IP 220.181.28.51.80 > 192.168.111.27.1040: S 3543462101:3543462101(0) ack 130209
7958 win 5840 <mss 1452,nop,nop,sackOK>
IP 192.168.111.27.1040 > 220.181.28.51.80: . ack 1 win 65535
IP 192.168.111.27.1040 > 220.181.28.51.80: P 1:922(921) ack 1 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1040: . ack 922 win 7368
IP 220.181.28.51.80 > 192.168.111.27.1040: P 1:211(210) ack 922 win 7368
IP 192.168.111.27.1040 > 220.181.28.51.80: . ack 211 win 65325
IP 220.181.28.51.80 > 192.168.111.27.1027: . 18877:20329(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 20329 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 20329:21781(1452) ack 781 win 7020
IP 220.181.28.51.80 > 192.168.111.27.1027: . 21781:23233(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 23233 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1040: F 211:211(0) ack 922 win 7368
IP 192.168.111.27.1040 > 220.181.28.51.80: . ack 212 win 65325
IP 220.181.28.51.80 > 192.168.111.27.1027: . 23233:24685(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 24685 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 24685:26137(1452) ack 781 win 7020
IP 220.181.28.51.80 > 192.168.111.27.1027: . 26137:27589(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 27589 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 27589:29041(1452) ack 781 win 7020
IP 220.181.28.51.80 > 192.168.111.27.1027: . 29041:30493(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 30493 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 30493:31945(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 31945 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 31945:33397(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 33397 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: . 33397:34849(1452) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 34849 win 65535
IP 220.181.28.51.80 > 192.168.111.27.1027: FP 34849:35152(303) ack 781 win 7020
IP 192.168.111.27.1027 > 220.181.28.51.80: . ack 35153 win 65232
IP 192.168.111.27.1027 > 220.181.28.51.80: R 781:781(0) ack 35153 win 0
IP 192.168.111.27.1040 > 220.181.28.51.80: R 922:922(0) ack 212 win 0



上面是抓包的内容，过程是我访问www.163.com的网页。目的是通过这个内容供大家讨论学习网络知识。希望大大们指点。比如第一行是请求连接，但1883479384不知是syn 序列号，还是什么，(0) win 65535 <mss 1460,nop,nop,sackOK>这个又代表什么意思？

S 1883479384:1883479384    syn 序列號
win 65535  <mss 1460,nop,nop,sackOK> 窗口大小跟mss值的協商！

windump: listening on \Device\NPF_{D5CDDF21-0585-4DCC-9D2C-2E6DC1B5E5ED}
IP 192.168.111.27.1027 > 220.181.28.51.80: S 1883479384:1883479384(0) win 65535
<mss 1460,nop,nop,sackOK>
IP 192.168.111.27.1027 > 220.181.28.51.80: S 1883479384:1883479384(0) win 65535
<mss 1460,nop,nop,sackOK>
IP 220.181.28.51.80 > 192.168.111.27.1027: S 3496801410:3496801410(0) ack 188347
9385 win 5840 <mss 1452,nop,nop,sackOK>

第一行和第二行怎么都是我的机器发出请求。第二行应该是服务器回应我的机器，然后在序列号+1啊，还有mss最终协商的结果应该是1452吧，还有nop  sackok是什么意思

还有既然我的机器既然发出两个包，那服务器就应该要回应两个包才对

[ 本帖最后由 deng9401 于 2008-7-16 08:57 编辑 ]

1.MSS: Maxitum Segment Size 最大分段大小
2.MSS最大传输大小的缩写，是TCP协议里面的一个概念。
3.MSS就是TCP数据包每次能够传输的最大数据分段。为了达到最佳的传输效能TCP协议在建立连接的时候通常要协商双方的MSS值，这个值TCP协议在实现的时候往往用MTU值代替（需要减去IP数据包包头的大小20Bytes和TCP数据段的包头20Bytes）所以往往MSS为1460。通讯双方会根据双方提供的MSS值得最小值确定为这次连接的最大MSS值。

如果是想通过抓包学习，建议使用带专家系统的，比如sniffer pro,omnipeek等，wireshark虽然没有专家系统，但是解码的系统也很不错，都可以考虑