学习正常的流量，部份三 tcp报头（外文文献翻译）.doc

This is the final article in a three-part series devoted to studying normal traffic. As was explained in Studying Normal Traffic, Part One and Studying Normal Traffic,Part Two: Studying FTP Traffic, we often focus our attention on the characteristics of suspicious packets without first becoming familiar with the characteristics of normal traffic. A good and easy way of doing this is to generate, capture and examine your own normal traffic. The first two articles in this series showed how to capture packets using WinDump and reviewed some of the basics of normal TCP/IP traffic. In this article, we will be looking at two other aspects of normal TCP traffic: the structure of TCP packets, and the use of TCP options. Note that in order to understand this material, you should already know the fundamentals of TCP/IP.
TCP Packet Structure
If you've read the previous articles in this series or worked with tcpdump or WinDump, you are probably familiar with the format of their output for TCP traffic. If not, here's a quick review of the meaning of the fields:
这是一个学习正常的流量三个部份的最后一章。正如在讲第一部分和第二部分：FTP流量研究一样,我们要将我们的注意力集中在那些还没有被我们熟悉其流量特征的可疑的数据报。一个简单而又实用的方法是去产生,捕获并且检查你自己的正常流量。上两章展现了如何用WinDump捕获数据报，并且回顾了TCP/IP的一些基础知识。在这一个文章中,我们将会看着正常TCP流量的其他二个方面: TCP的结构打包, 和TCP选择项的使用。在此之前，为了更好地了解材料,你应该已经知道TCP/IP 的基本原理。
TCP包的结构
如果你已经看这一系列的早先文章或者合作或者有tcpdump或WinDump编程经验, 你应该熟悉他们的输出格式。如果还不熟悉，下面进行简单的回顾: