=== ch05.docx
[chap]5ϡWiresharkι٤ʵǽ

WiresharkδŪȤǡΥƥåפȤƲϤȥյǽξϤǤϡɥݥȤ[Conversation]ɥ̾ξܺ١ץȥʬϡȥ꡼ΥեIOդʤɤޤදϤʵǽΰü򸫤Ƥޤ

ͥåȥΥɥݥȤ
ͥåȥ̿ԤǤϡǤ2Ĥε֤ǥǡȤꤵƤɬפޤ֥ɥݥȡפȤϡͥåȥˤǡ뵡򼨤ޤȤTCP/IP̿ˤϡ2ĤΥɥݥȤޤ192.168.1.25192.168.1.30Ȥäǡ륳ԥ塼IPɥ쥹Ǥ
2ؤǡ2ĤʪNICMACɥ쥹֤̿ԤƤͤƤߤޤǡNICΥɥ쥹00:ff:ac:ce:0b:de00:ff:ac:e0:dc:0fξ硢5-1˼褦ˡΥɥ쥹ɥݥȤȤʤޤ

5-1ͥåȥΥɥݥ
̿A
ɥݥAɥݥB
̿B
ɥݥAɥݥB

ͥåȥΡáפϡͤβäΤ褦2ĤΥԥ塼ʥɥݥȡ˴֤ǹԤޤȤС֤䤡סָ!ʤ?ס֤ȤƤ⸵!פȤȥ꡼βä192.168.1.5Υԥ塼192.168.0.8Υԥ塼ä֤ȡSNYסSYN/ACKסACKפȤʤޤTCP/IP̿ˤĤƤξܺ٤6ϤǳؤӤޤˡ

ɥݥȤ򻲾Ȥ
ȥեåϤݤˡͥåȥΥɥݥȤ˥ȥ֥ʤ¿Ǥ礦[Statistics][Endpoints]򤹤WiresharkEndpointsɥɽ졢ƥɥݥȤΥɥ쥹䡢ѥåȿХȿȤäͭѤʾ򻲾Ȥ뤳ȤǤޤʿ5-2ˡɥˤƥ֤ǤϡߤΥץեˤ뤹٤ƤǧǽʥɥݥȤɽޤΥץȥˤĤƤΥɥݥȤ򻲾Ȥϡ֤򥯥åƤ[Endpoints]ɥ[Name resolution]åܥå򥪥ˤȡ̾褬ͭˤʤޤ
[Endpoints]ɥϡPacket ListڥΥѥåȤΤߤɽ뤿Υե륿ȤƻѤ뤳ȤǤޤɥݥȤ򱦥åȡ򤷤ɥݥȤΤߤޤࡢ⤷Ͻȥեåɽե륿Ȥäץ󤬤Ĥɽޤޤ򤷤ɥݥȤ˿ʬ롼ľŬѤ뤳ȤǽǤʿʬ롼ˤĤƤ3ϤƤޤˡ

5-2[Endpoints]ɥ饭ץեγƥɥݥȤɽ

ͥåȥä򸫤
[Statistics][Conversations]򤹤ȿ5-3Τ褦[Conversations]ɥɽ졢Address AפȡAddress BפȤäԤƤ륨ɥݥȤΥɥ쥹ȡƥԥ塼ѥåȿХȿɽޤ
äϥץȥ̤ɽƤꡢ ɥˤ륿֤ڤؤ뤳ȤǤޤä򱦥åȡɥݥAΥȥեåΤߤɽɥݥBȥեåΤߤɽɥݥAB֤ΥȥեåΤߤɽȤäե륿뤳ȤǤޤ

5-3[Conversations]ɥǤ줾äɽ

ɥݥȤåɥѤȥ֥륷塼ƥ
ȥ֥륷塼ƥ󥰤ˤơ[Endpoints][Conversations]ɥ˽פǤä˥ͥåȥ̤Υȥեåȯͤߤ᤿ꡢ̤̿äȤ¿ФǧȤäݤˤԲķǤ
ȤСlotsofweb.pcapȤե򳫤ȡĤΥ饤Ȥ󥿡ͥåȤ֥饦󥰤Ƥ뤳Ȥ򼨤̤HTTPȥեåܤޤ[Endpoints]ɥ򳫤СܤˤƤȥեåʬϤǤ
IPv4֤򸫤ȡʿ5-4ˡХȽ˥Ȥƺǽɽ륢ɥ쥹ϥ172.16.16.128Ǥꡢ줬ͥåȥǤäȤ⤪٤ʡ̤̿äȤ¿˵Ǥ뤳Ȥʬޤ2ܤΥɥ쥹Ǥ74.125.103.163ϥ륢ɥ쥹ǤϤʤΤǡʳǤϡ륯饤ȤIPɥ쥹̤ΥǡƤΤ뤤ʣΥ饤Ȥ餽ʤ̤ΥǡƤΤʬޤWHOIShttp://whois.arin.net/ui/ˤ򤫤ФIPɥ쥹GoogleΤΤǤʬꡢѥåȤĴ٤Ф줬YouTubeΥȥեåǤʬǤ礦

IPɥ쥹γƤϡϰˤäưۤʤȿʥ쥸ȥˤޤ嵭ǤAmerican Registry for Internet NumbersARINˤȤäƤޤARINƹ񤪤ӼչˤIPɥ쥹ƤôƤޤŪIPɥ쥹ƤȿWebȤǡIPWHOIS¹ԤƤϰ褬褯ʬʤȤˡŬڤʥ쥸ȥǸԤȡŬڤϰ褬ɽޤɥ쥹ϿԤäƤ쥸ȥˤϡ¾AfriNICʥեꥫˡRIPEʲˡAPNICʥʿΡˤʤɤޤ

5-4[Endpoints]ɥǤɤΥԥ塼̤̿¿ʬ

ξǡ̿ԤäƤ륨ɥݥȤäԤäƤȹͤƤפǤ礦٤[Conversations]ɥIPv4֤򳫤ХȽΥȤǳǧƤߤޤ礦ȥȥեåưΥɤȴϢƤ뤳Ȥʬޤɥ쥹A74.125.103.163ˤƤХȿɥ쥹B172.16.16.128ˤƤХȿ⤫ʤ¿Ǥʿ5-5ˡ

5-5[Conversations]ɥǡäȤ̤̿¿ɥݥ2Ĥߤ̿Ƥ뤳ȤǧǤ

[Endpoints][Conversations]ɥ򸽾ǤɤΤ褦˻ȤϡΤۤޤ


ץȥ볬
ʥץեϤȤˡȤХץ㤷ѥåȤΤѡȤTCPǡѡȤIPѡȤDHCPʤɡƥץȥ뤬ɤΤ褦ʬˤʤäƤ뤫İ뤳Ȥɬפʾ礬ޤκݡѥåȤ11ĿɬפϤޤ[Protocol Hierarchy Statistics]ɥ򸫤Ф褤ΤǤΥɥϥͥåȥΥ٥ޡİݤˤȤƤΩޤȤʤARPΥȥեåΤ10ʤΤˡ줬50ˤʤäƤ顢꤬Ƥͽ¬Ǥޤ
lotsofweb.pcapե򳫤顢ᥤ˥塼[Statistics][Protocol Hierarchy]򤷤ơ[Protocol Hierarchy Statistics]ɥ򳫤Ƥߤޤ礦ʿ5-6ˡѡͤιפ100礦ɤˤʤʤ礬ޤ¿ΥѥåȤˤϤޤޤؤǤĤΥץȥ뤬ޤޤƤ뤿ᡢѥåȿιפȥץȥΥѡͤιפϰۤʤ礬ޤȤϤץեˤץȥγȤƤϡʤΤͤǧǤޤ


5-6[Protocol Hierarchy Statistics]ɥǤϳƥץȥγ礬ɽ
(Figure05-6.tiff)

ȥեåĴݤ˺ǽ˻Ȥ뤳Ȥ¿ɥΤҤȤĤ[Protocol Hierarchy Statistics]ɥǤΥɥ򸫤СͥåȥȯƤݤ褯ʬ뤫Ǥȥեå̤褦ˤʤȡȤƤץȥγ򸫤ǡͥåȥΥ桼䵡γʬ褦ˤʤޤɮԼȡͥåȥȤΥȥեå򸫤СȤICMPSNMPʤɤδץȥ뤬¸ߤIT硢SMTPȥեå̤¿м硢World of Warcraftʴ饤󥲡ˡפΥȥեåӤʥ󥿡ѤζȤäˡΥͥåȥȤɤΤΤ¨ȽǤǤ뤳Ȥ⤷ФФǤ

̾
ͥåȥΥǡϡ00:16:CE:6E:8B:24Ȥʪɥ쥹Τ褦ˡФˤĹѿΥɥ쥹ηϤѤ̿Ƥޤ̾Ȥϡץȥ뤬ΤΥɥ쥹̤Υɥ쥹Ѵ뤿ѤΤȤǤȤ00:16:CE:6E:8B:24ȤMACɥ쥹Υԥ塼ϡDNSARPץȥˤäMarketing-2.domain.comȤ̾ǻȤǽȤʤäꤷޤŹΤ褦ʥɥ쥹ɤߤ䤹ɥ쥹Ѵ뤳Ȥˤäơԥ塼̤䤹褦ˤ櫓Ǥ

̾ͭˤ
̾ͭˤˤϡᥤ˥塼[Capture][Options]򤷤[Capture Options]ɽƤ5-7Τ褦ˡWiresharkˤ3̾褬ǽǤ

MACؤ̾
ARPץȥȤäơ00:09:5B:01:02:03Ȥä2ؤMACɥ쥹10.100.12.1Ȥä3ؤΥɥ쥹ѴޤѴǤʤ硢Wiresharkϥץ֤줿ǥ쥯ȥˤethersեȤäѴߤޤˤ⼺ԤȡNetgear_01:02:03Τ褦MACɥ쥹Ƭ3ХȤIEEE᤿᡼̾Ѵޤ

ͥåȥؤ̾
IPɥ쥹192.168.1.50Ȥä3ؤΥɥ쥹MarketingPC1.domain.comȤäɤߤ䤹DNS̾Ѵޤ

ȥ󥹥ݡؤ̾
ݡֹ̾ѴޤȤ80֥ݡȤhttpѴޤ

5-7[Capture Options]̾ͭˤ

̾赡ǽϤڤƥץեɤߤ䤹뤳ȤǡϤפ֤ŪǤ⤢ޤȤDNS̾ȤСѥåȤȤꤷԥ塼֤̾ǳǧ뤳ȤǤޤ


̾η
̾Ϥ褤ȤŤΤ褦˸ޤʲΤ褦ʷޤ
Υ͡ॵФ̾ǤʤȤäͳǡ̾˼Ԥ뤳Ȥޤ
̾褷ϥץե¸ʤᡢץե򳫤Ӥ̾褬ԤʤޤΤᥭץե򳫤Ȥ˥͡ॵФ³Ǥʤ̾Ǥޤ
DNS˰¸뤳Ȥˤʤ뤿ᡢ;ʬʥѥåȤȯޤDNS̾̾ȥեåȯ뤿ᡢץե뤬ˤʤ뤫⤷ޤ󡣷и塢ȥ֥ϤƤȤˤϼʬȤΥȥեåϸʤΤǤ
̾Τ;ʬʽȯޤʥץե򰷤äƤƥ꤬­ƤȤˤϡƥ꥽ͭѤ뤿̾ϹԤʤۤ褤Ǥ礦


ץȥʬϵ
WiresharkǤϡץȥʬϵprotocol dissectorˤˤꡢץȥ򤵤ޤޤǤʬ򤷤Ʋϲǽʾ֤ƤޤȤСICMPΥץȥʬϵϡWiresharkͥåȥǡICMPѥåȤȤɽޤ
ʬϵϡͥåȥήΥѥåȤWiresharkȤδ֤Τ褦ʤΤǤWiresharkץȥ򥵥ݡȤǤϡΥץȥʬϵWireshark¢Ƥɬפޤʤ뤤C줫PythonȤäƼʬǵҤɬפޤˡWiresharkϳƥѥåȤʬϤݤˡĤʬϵ¹ԤѤޤѤʬϵϥץΥåˤ¬Ƿꤵޤ

ʬϵѹ
ǰʤ顢WiresharkĤʬϵ򤹤Ȥϸ¤ޤ󡣤äˡʥͥåȥԤˤäƥƥкȤꤵ줿ꡢȰˤäƥ¤򱪲󤹤뤿˹Ԥ줿ꤵɸΥݡȤλѤȤäŪǤʤ꤬ԤƤݤ˸뤳ȤǤʤȤˡWireshark򤷤ʬϵѹ뤳ȤǽǤ
wrongdissector.pcap򳫤Ƥߤޤ礦Υեˤ2Υԥ塼֤Ǥ̤SSL̿ϿƤޤSSLSecure Socket Layerץȥάǡ륪ԥ塼֤ǤΰŹ沽줿̿Τ˻Ѥޤ̤ξǤСSSLϰŹ沽Ƥ뤿ᡢWiresharkǥȥեå򻲾ȤƤ⤢ޤͭפʾޤ󡣤ʤ鲿Τ餫ǤѥåȤ򥯥åơPacket Bytesڥ򻲾ȤơΥѥåȤƤ褯ƤߤȡʿʸΥȥեå뤳ȤˤŤǤ礦¡4ܤΥѥåȤߤȡFileZillaȤFTPФΥץꥱ˴ؤʸ¸ߤƤ뤳Ȥʬޤ³ѥåȤǤϡ桼̾ȥѥɤ˴ؤꥯȤȥ쥹ݥ󥹤ƤɽƤޤ
줬SSLȥեåǤСѥåȤ˴ޤޤƤǡϰɤʤϤǡƤ桼̾ѥɤΤɽʤϤǤʿ5-8ˡ˼Ƥ򸫤¤ꡢϤ餯SSLȥեåǤϤʤFTPȥեåǤȲꤷʤǤ礦FTPȥեåHTTPSHTTP over SSLˤɸǤ443֥ݡȤȤäƤ뤿ˡΤ褦ʻ֤ȯƤޤäΤǤ

5-8ʿʸΥ桼̾ȥѥɡġĤSSLǤϤʤFTPΤ褦!

褹뤿ˤϡFTPʬϵȤ褦Wireshark˻ؼɬפޤʲμ˽äꤷƤ

1SSLѥåȤΤҤȤĤ򱦥å[Decode As]򤷤ޤɤΥץȥʬϵȤ򤹤ɽޤ
2[Transport]֤ǥɥåץ˥塼[destination(443)]򤷡ʴ1ǥТ饤ȤΥѥåȤ򤷤ϡɥåץ˥塼[source(443)]򤷤ޤˡ[FTP]򤷤ޤǡTCPݡȤ443֤ΥȥեåǡʴݡȡפϡݡȡפθȻפޤFTPʬϵѤޤʿ5-9ˡ

5-9[Decode As]ʬϵꤹ

3[OK]ܥ򥯥åСץե¨¤ѹŬѤޤ

ǡŬڤ˲ϤƤꡢХǧʤƤ⡢Packet Listڥ򸫤ǡѥåȤϤǤϤǤ

ʬϵѹϥץեˤ¸줺Wiresharkλȼޤץե򳫤Ӥˡʬϵѹɬפޤ

ƱץեʬϵѹٹԤäƤ⹽ޤ󡣤륭ץեʬϵѹ٤ԤäƤޤȡФƤΤѤˤʤޤWireshark˳ФƤƤޤ[Decode As][Show Current]ܥ򥯥åСޤǤ˹Ԥäѹΰɽޤʿ5-10ˡ[Clear]ܥ򲡤Ȥǡѹõ뤳ȤǽǤ

5-10[Show Current]ܥ򲡤ȺޤǤ˹Ԥäѹΰɽ

ʴܽǺǿ1.8.0ǳǧȤ5-10bΤ褦[Save]ȤܥɲäƤޤŪʬϵѹΥݡȡݡȤ¸빽ۤȻפޤܽǤϤΥܥϵǽƤʤ褦ǡƤⲿưޤǤ

5-10b5-10Ʊ̤1.8.0ɽΡ


ʬϵΥɤ򸫤
ץ󥽡ץꥱȤ̣ϡʤʤäƤΤʬʤʤäȤɤ򸫤ƤθΤ˳ǧǤ뤳ȤǤϡΥץȥ뤬ְäʬϤƤͳǧȤäǤ

ץȥʬϵΥɤǧˤϡWiresharkWebȤǡ[Develop]Υ󥯤ξ˥ޥäƤ[Browse the Code]򥯥åޤWiresharksubversionݥȥؤȰưСΥɤǤʤΥСΥɤ⸫ޤ[releases]ե򥯥åȡ٤ƤθWiresharkʤEthereal˥꡼ΰŤɽޤǧ꡼򤹤ȡepan/dissectorsե˥ץȥʬϵĤϤǤʬϵpackets-ץȥ̾.cȤ̾ΤˤʤäƤޤ
եȤϤäʣǤɸŪʥƥץ졼ȤѤƤꡢ˭٤ʥȤĤƤ뤳Ȥ˵ŤǤ礦C˾ܤʤƤ⡢ʬϵδŪʵǽǤޤWiresharkǻȤǤƤ򿼤򤷤ʤСñʥץȥǤ褤Τǡʬϵ򤭤򤷤ƤȤ򤪴ᤷޤ

TCPȥ꡼ɽ
WiresharkΤäȤΩĵǽΤҤȤĤϡTCPȥ꡼ɤߤ䤹Ƥ뵡ǽǤ饤Ȥ饵Ф줿ǡ̤ξǡȤƸˡ[Follow TCP Stream]ǽǡޤȤƸ䤹ƤޤϡHTTPFTPʤɤʿʸΥץꥱإץȥ򻲾ȤݤäͭפǤʤŪʥץȥưˤĤƤϼϤǾܤƤޤˡ
ñHTTPȥ󥶥ͤƤߤޤ礦http_google.pcapե򳫤եTCPޤHTTPѥåȤΤɤ줫򥯥åե򱦥åơ[Follow TCP Stream]򤷤ޤΩɥTCPȥ꡼बɽޤʿ5-11ˡ

5-11ɤߤ䤹̿ɽ[Follow TCP Stream]ɥ

ΥɥΥƥȤ2˿ʬƤޤ֤ؤΥȥեåĤȿĤޤ褫ؤΥȥեå򼨤Ƥޤɤ餫ȯ줿ǿʬƤΤǤǤϡ饤ȤWebФФƥͥ򳫻ϤƤΤǡ֤ɽƤޤ
TCPȥ꡼Ǥϡ2ĤΥԥ塼֤Ǥ̿ΤۤȤɤ򸫤뤳ȤǤޤ̿WebΥ롼ȥǥ쥯ȥ/ˤؤGETꥯȤǻϤޤꡢФϥꥯȤäȤHTTP/1.1 200 OKȤ֤ƤޤʹߤǤϡ饤ȤեꥯȤФФƱȤäƱͤΥѥ󤬥ȥ꡼Ƿ֤Ƥޤϥ桼ºݤGoogleۡڡ֥饦ƤȤǤ桼ƤΤ¦鸫ƤΤǤ
TCPȥ꡼ϡɥΥǡȤƸǤʤƥ򸡺ꡢƥȥեȤ¸ޤϰꤹ뤳ȤǤޤޤʸASCIIEBCDIC16ʿCѴ뤳ȤǽǤΥץ[Follow TCP Stream]ɥβˤޤ
TCPȥ꡼ɽϡΥץȥ򰷤ݤΩĤǤ礦

ѥåĹ
ñΡ⤷ϤĤΥѥåȷΥ餵ޤޤʤȤʬޤŪʾǤСͥåȤκե졼ॵ1518ХȤǤοͤ饤ͥåȡIPTCPΥإå򺹤1460ХȤ7ؤΥץȥإåӥǡΤȤ˻ȤȤǤޤƬ줿ǡѥåĹʬۤ顢ץ㤷ȥեåˤĤƿ¬Ƥߤޤ礦download-slow.pcapե򳫤[Statistics][Packet Lengths]򤷤ơ[Create Stat]򥯥åȡ5-12Τ褦ʥɥɽޤ

5-12ץեΥȥեåο¬Ω[Packet Lengths]ɥ

Ǥϥ1280ХȤ2559ХȤΥѥåȤפ򼨤Ƥʬϥ饤ȤƤޤ礭ʥѥåȤ̾ǡž򡢾ʥѥåȤϥץȥΥ򼨤ƤޤǤϡ礭ʥѥåȤΨʤ礭ʤäƤޤ66.43%ˡΤեΥѥåȤ򸫤ʤƤ⡢ץեˤ1İʾΥǡžޤޤƤ뤳Ȥ狼ޤĤޤꤳHTTPɤFTPåץɡ뤤Ϥ¾Υԥ塼֤ǥǡžԤ̿ȤȤˤʤޤ
ĤΥѥåȤȾ33.44%ˤϡ40ХȤ79ХȤǤΥΥѥåȤϡ̾ǡޤޤʤTCPѥåȤǤŪʥץȥإåΥͤƤߤޤ礦ͥåȥإå14Хȡʥץ饹4ХȤCRCˡIPإåϺǾ20Хȡƥǡ䥪ץΤʤTCPѥåȤ20ХȤǤĤޤɸŪTCPѥåȡSYNACKRSTFINʤɡˤ54Х٤ǤꡢϰϤ˼ޤ뤳ȤˤʤޤIPTCPץղäƤХޤ
ѥåĹĴ٤ȡץ褯ʬޤ礭ʥѥåȤ󤢤СǡžƤȹͤƤ褤Ǥ礦ޤѥåȤȾʤ顢ǡžޤԤƤʤץȥ̿ǹƤȹͤޤϳμ¤ʵ§ǤϤޤ󤬡˺٤ʬϤԤˡΩƤƤΤͭפʾ礬¿ޤ

ɽ
դʬϤδܤǤꡢǡγפİŬˡΤҤȤĤǤWiresharkǤϥץ㤷ǡİ륰յǽĤޤΤҤȤĤIOյǽǤ

IOդ򸫤
WiresharkǤϡ[IO Graphs]ɥƤǡΥ롼ץåȤ򥰥ղ뤳ȤǤޤǤϥǡΥ롼ץåȤˤ륹ѥ侮֤ǧꡢƥץȥΥѥեޥٱǧꡢʣΥǡȥ꡼ƱӤꤹ뤳ȤǽǤ

IOդȤơ󥿡ͥåȤΥեΥɤ򸫤Ƥߤޤ礦download-fast.pcap򳫤ơTCPѥåȤΤɤ줫򥯥åƥϥ饤Ȥ[Statistics][IO Graphs]򤷤ޤ
[IO Graphs]ɥǤϡץեΥǡή򡢥դȤƸ뤳ȤǤޤ5-13Ǥϡɤˤʿ500ѥå/äž³Ū³Ǹ˸Ƥ뤳Ȥդʬޤ

5-13ꤷ®ɤ򼨤IO

®٤٤ɤΤΤӤƤߤޤ礦ߤΥե򳫤ޤޡWireshark̤Υ󥹥󥹤򳫤ơdownload-slow.pcap򳫤ޤΥɤIOդˤƤߤȡ5-14Τ褦˰㤤ϤäȤ狼ޤ

5-14ꤷƤʤ٤ɤ򼨤IO

ΥɤΥǡž졼Ȥ0100ѥå/äǡ꤫󤯡1Υѥåȿۤ0ˤʤäƤޤ2ĤΥɤΥդ¤٤Ƥߤȡ԰ꤵϰǤʿ5-15ˡ

5-15ʣIOդ¤٤Ȱ㤤μ̤Ω

ɥβˤĤꥪץ¸ߤޤ5ĤޤǤΥե륿Ǥ6Ϥ7Ϥޤɽ䥭ץǤƱʸȤޤˡե륿οʬǤޤȤСARP֡DHCPĤɽե륿ơ֤ĤޤդɽС2ĤΥץȥΥ롼ץåȤñ˸ʬ뤳ȤǽǤ

饦ɥȥåץ॰
WiresharkˤϡץեΥ饦ɥȥåץɽ륰յǽäƤޤ饦ɥȥåץRTTˤȤϡѥåȤμǧޤǤˤ֤ؤޤϡѥåȤϤʬäƤΤˤä֤ǤRTTʬϤϡ̿ٱ䤬ȯݥȤܥȥͥå򸫤Ĥơٱ̵ͭǧ뤿ˤ褯Ԥޤ

εǽȤäƤߤޤ礦download-fast.pcapե򳫤ơTCPѥåȤΤ줫Ǥ顢[Statistics][TCP Stream Graph][Round Trip Time Graph]򤹤ȡ5-16Τ褦RTTդɽޤ

5-16ΥɤRTTդϤۤܰꤷƤꡢͤʬϤ鷺ʤ

դΤ줾ƥѥåȤRTTɽƤޤǥեȤǤϥֹˤäƥȤ줿ͤɽޤ򥯥åȡPacket ListڥγѥåȤľܰưǤޤ
RTTդ򸫤ȡ®ɤRTTͤϤۤ0.05ðʲǡ٤Ǥ0.10ä0.25٤Ǥ뤳ȤʬޤϰϤĶƤͤ鷺ˤΤΡRTTͤΤۤȤɤ꤬ʤΤǡեΥɤȤƤʤRTTȤߤʤǤ礦

ե
ͥвƻַвȼǡή򼨤ΤȤơեյǽǤեդϡŪ˥ԥ塼֤Υͥ򼨤ӥ塼ȤʤäƤꡢŪ˥ȥեåİǤ褦ˡȥեåƤޤ
եդˤϡhttp_google.pcapե򳫤[Statistics][Flow Graph]򤷤ޤоݤΥѥåȤȥեΥפˤĤƤΥץ򤹤뾮ʥɽޤǤϥǥեȤΤޤޤʤΤǡ[OK]򥯥åƥեդޤʿ5-17ˡ

5-17TCPեդǥͥвǤ

ѡȾ
WiresharkγƥץȥʬϵǤϡΥץȥΥѥåȤξ֤Ȥʤäݤ˷ٹ򤢤뤿Ѥ֥ѡȾפꤹ뤳ȤǤޤ֤ϰʲ4Ĥʬ뤳ȤǤޤ

Chat̿δܾ
Note̾̿ΰǤȹͤ۾ʥѥå
Warning̾̿ΰǤȤϹͤʤ۾ʥѥå
ErrorѥåȤ⤷ϤϤϵǥ顼ȯ

򸫤Ƥߤޤ礦download-slow.pcapե򳫤[Analyze][Expert Info Composite]򤷤ơʴ1.8.0Ǥ[Expert Info]򤷤ޤˡ[Expert Infos]ɥɽޤʿ5-18ˡ

5-18[Expert Infos]ɥϥץȥϵˤ륨ѡȥƥफξɽ

ɥˤʬव줿֤Ȥ˥֤ꡢErrorϥWarning3Note18Chat3뤳Ȥ狼ޤ֤˼줿åγοϽʣʤåηåοϽʣΤޤ᤿åη򼨤Ƥޤ
ΥץեΥå٤TCPϢȤʤäƤΤϡɮǤϡ¾Υץȥ˥ѡȾ󥷥ƥबƳƤʤäǤɮǤTCPϢ14ĤΥѡȾå¸ߤȥ֥륷塼ƥ󥰤κݤͭѤǤΥåϡʲ˼ݤˡġΥѥåȤ˥ե饰ΩƤƤޤ

Chatå
Window UpdateTCPɥΥѹ줿ȤԤΤ뤿ˡԤˤä

Noteå
TCP RetransmissionѥåȾüη̤Ȥȯ롣ACKʣƼ줿ޤϥѥåȤκޡॢȤȤʤäȯ
Duplicate ACKԥ塼˴Ԥ륷ֹʤä硢Ǹ˼ǡνʣACK
Zero Window ProbeɥѥåȤ줿ˡTCPɥξ֤ƻ뤹Τ˻Ȥ9Ϥ
Keep Alive ACKץ饤֥ѥåȤ˱줿
Zero Window Probe ACKZero Window ProbeѥåȤ˱줿
Window is FullԤTCPɥäѤξ֤Ǥ뤳ȤΥԥ塼Τ餻ݤ˻Ȥ

Warningå
Previous Segment LostѥåȾụ̈롣ǡȥ꡼ˤƴԤ륷ֹ椬åפ줿ȯ
ACKed Lost PacketACKѥåȤˤäãǧ줿ϤΥѥåȤ夷Ƥʤȯ
Keep AliveͥΥץ饤֥ѥåȤǧ줿
Zero WindowTCPɥΥͤãZero WindowΤơԤ˥ǡߤ褦׵ᤵ줿ȯ
Out-of-OrderֹˤꡢѥåȤΥ󥹤줬Τ줿
Fast RetransmissionʣACK20ߥðȯ

Errorå
äˤʤ

6ϤTCPؽ9Ϥ٤ͥåȥΥȥ֥륷塼ƥ󥰤ˤĤƳؤ٤СΥåΰ̣ΤˤʤǤ礦
ܾϤĤεǽϡä˵ʤǤȤʤ褦˸뤫⤷ޤ󤬡ʾˤѤ뤳ȤˤʤȻפޤɥȥץ˴ƤƤθξϤǲ٤⿨뤳Ȥˤʤޤ


