Generation of tcp seq and ACK

Tcp seq and ACK Generation 1. summary and functions of serial numbers and validation numbers TCP protocol works on the OSI transport layer, is a reliable connection-oriented data stream protocol, the reason why TCP is reliable, it ensures the order of transmitted packets. The sequence is ensured by a serial number. The response package also contains a serial number, indicating that the receiver has prepared the packet with this serial number. When a packet is transmitted over TCP, it puts the packet into the resend queue and starts the timer. If the packet is confirmed, the packet is deleted from the queue, if you still do not receive the confirmation message when the timer times out, You Need To resend the packet. In addition, TCP uses serial numbers in data segments to ensure that all transmitted data can be reorganized in the normal order, thus ensuring the integrity of data transmission. 2. the TCP communication process involves connection establishment, data transmission, and connection closure! Each process completes different work, and the serial number and validation number change in each process is different. 2.1 TCP establishes a connection, that is, the three-way handshake that we often say, which requires three steps. In the TCP three-way handshake, one end that sends the first SYN is actively opened. The other end that receives the SYN and returns it to the next SYN for passive opening. The client initiates a connection to the server. 1) Step 1: the client sends a synchronous data packet request to the server to establish a connection. In this data packet, the initial serial number (ISN) is a random value generated by the client, and the confirmation number is 0. 2) step 2: After the server receives the synchronization request packet, it will perform a synchronization confirmation on the client. In this packet, the serial number (ISN) is a random value generated by the server. The serial number is the initial serial number of the client + 1; 3) Step 3: after the client receives the synchronous validation packet, then, confirm the server. In this packet, the serial number is the confirmation number value in the previous synchronous request packet, and the confirmation number is the initial serial number of the server + 1. Note: because a SYN occupies a sequence number, you must add 1. The initial serial number (ISN) varies with time, and different operating systems have different implementation methods. Therefore, the initial serial number of each connection is different. When the two ends of the TCP connection establish a connection, some information will be exchanged, such as the window size and MSS, so as to prepare for subsequent data transmission. RFC793 indicates that ISN can be regarded as a 32-bit counter, and 1 is added every 4 ms. In this way, the sequence number is selected to prevent delayed groups from being transmitted repeatedly in the network, this causes the end of a connection to make an incorrect judgment on it. 2.2 After a TCP connection is established, the TCP Data Transmission starts. TCP works in full duplex mode, which can be used for two-way data transmission at the same time. To simplify the process, we only talk about the situation where the server sends data to the client. The principle of sending data from the client to the server is similar to that of the server. After the server sends a packet to the client, the client sends a confirmation packet to the server after receiving the packet. The brief process of data transmission is as follows: 1) Sending data: the server sends a data packet to the client, the serial number and confirmation number in this packet are the same as the serial number and confirmation number in the packet in step 3 after the connection is established; 2) Confirm receipt: the client receives the packet and sends a confirmation packet to the server, in this packet, the serial number is the validation number value in the previous packet, and the validation number is the serial number in the previous packet sent by the server + the size of the data contained in the packet. The serial number in the Data Segment ensures that all transmitted data is reorganized in normal order, and the integrity of data transmission is ensured through confirmation. 2.3 TCP closes a connection as we mentioned earlier, it takes three steps to establish a connection, but it takes four steps to close a connection. Because TCP connections work in full duplex mode, they need to be closed separately in each direction. When the TCP closes the connection, the first party that closes (that is, the first party that sends the first termination packet) will take the initiative to close the connection, and the other party (who receives the termination packet) will then passively close the connection. Step 4: After the server completes its data sending task, it will actively send a termination packet to the client, to close the TCP connection in this direction. In this packet, the serial number is the confirmation number value of the previous packet sent by the client, and the confirmation number is the serial number of the previous packet sent by the server + the data size of the packet; 2) step 2: After the client receives the termination packet sent by the server, it will send a confirmation message to the server to close the TCP connection in this direction. In this case, the serial number in the data packet is the confirmation number value in step 1st, while the serial number in the data packet with the confirmation number in step 1st is + 1; 3) Step 3rd: Likewise, after the client completes its data sending task, it will also send a termination packet to the server to close the TCP connection in this direction. In this packet, the serial number is the confirmation number value in the previous packet sent by the server, and the confirmation number is the serial number in the previous packet sent by the client + the size of the data contained in the packet; 4) Step 4th: after receiving the termination packet sent by the client, the server sends a confirmation message to the client to close the TCP connection in this direction. At this time, the serial number in the data packet is the confirmation number value in step 3rd, and the confirmation number is the serial number + 1 in the data packet in step 3rd. Note: Because FIN and SYN are the same, they also occupy a serial number. Theoretically, In the termination packet sent by the server when the TCP connection is closed, only the termination bit is set to 1, and then the client confirms. However, in the actual TCP implementation, in the termination packet, the confirmation bit and the termination bit are set to 1 at the same time, and the confirmation position is 1, which indicates that the last transmitted data is confirmed, if the end position is 1, the TCP connection in this direction is closed. 3. the actual data packet analysis is combined with the above theory. Next we visit the web page to capture data packets. The actual data packet is used to verify the changes in the serial number and validation number when the TCP connection is established, the data is transmitted, and the connection is closed. To reduce data interference, set the filter to capture only TCP data, and then start capturing data. At the same time, access the system and stop the capture after the page is downloaded. In this environment, the client is 192.168.0.92 and the server is 222.77.187.23. 3.1 TCP establishes a connection in the captured data packet. First, we can view the three-way handshake information of the established connection, and observe the changes of the serial number and validation number in the data packet. To make everyone better understand, I used the "add packet comment" function here. (Step 1) the client initiates a synchronous request packet to the server to request port 80 of the server. The client randomly generates an initial serial number (ISN) of 2712239078, and the confirmation number is 0. Note: In actual situations, domain name resolution is the first thing we visit the website. Here we set a filter so no DNS packets are captured. (Step 2) after the server receives the synchronous request data packet from the client, it sends a synchronous confirmation data to the client. In this packet, the server generates an initial serial number (1288781508) at random, and adds the initial serial number (ISN) sent by the client to 1 (2712239078 + 1 = 2712239079) send it back to the customer segment as the confirmation number for confirmation. (Step 3) after the client receives the synchronous validation packet, it will confirm the server again. In this packet, the serial number is the confirmation number (2712239079) of the previous packet, the confirmation number is the initial serial number of the server (ISN) plus 1 (1288781508 + 1 = 1288781509 ), to confirm the synchronous validation data packets of the server, so that the TCP connection is established. 3.2 after the TCP connection is established, data transmission starts immediately. Here, the client sends a GET request to the server to submit its own request information. (Data Transmission) Figure 4 shows the GET request data packet sent from the client to the server. Check the value of the serial number and validation number! In this packet, the serial number is 2712239079 and the validation number is 1288781509, which is the same as the serial number in the packet in step 3 of the three-way handshake. As shown in figure 4, the packet size is 1018 bytes, with 14 bytes removed from the Ethernet header and 20 bytes of the IP header, 20-byte TCP header and 4-byte FCS (1018-14-20-20-4 = 960), the size of the transmitted data is 1432. We add the data size (2712239079 + 960 = 2712240039) to the serial number in the data packet, and find that it is exactly consistent with the value of the next serial number, that is, the confirmation number in the packet sent from the server to the client in the next packet. (Confirm receipt) Note: The "next serial number" is automatically calculated based on the serial number and validation Number of the data packet to facilitate the user's search for the next continuous packet, this field does not exist in the actual data packet. 3.3 TCP close connection after data transmission is complete, TCP closes the connection. Here, the server closes the TCP connection in this direction. Let's continue to observe the captured data packets. First, let's take a look at the first step of closing the connection. Here, the server initiates a shutdown (the first step of closing the connection) the server initiates a data packet with both the validation bit and the termination bit set to 1 to the client. The confirmation position 1 indicates that the data transmitted last time is confirmed, the termination position 1 indicates closing the TCP connection in this direction and closing the TCP connection between the server and the client. In this packet, the serial number is the confirmation number (1288781777) in the previous packet sent by the client ), the confirmation number is the serial number in the previous packet sent by the server + the size of the data contained in the packet (2712238597 + 1432 = 2712240039); then the client receives the termination packet, A validation packet is sent to the server. In this packet, the serial number is the validation number value (1st) in step 1 ), the serial number + 1 (1st + 1 = 1288781777) in the data packet whose validation number is Step 1; observe the changes of the serial number and validation number. (Step 2 of closing the connection) the next step is the passive shutdown initiated by the client, which is the same as the active shutdown initiated by the server, but this time the TCP connection is passively closed to the client, we will not repeat the description. Based on the packet capture Analysis of TCP connection establishment, data transmission, and connection closure, we have successfully verified the theory mentioned above.