Capture packet Analysis TCP three handshake and four breakup

One: three-time handshake

The three-time handshake process is:

1. The initiator Hosta sends the request message segment to the called party HostB, at which point the synchronization bit in the header syn=1, and a serial number seq=x is selected. TCP Specifies that theSYN message (that is, the Syn=1 message segment) cannot carry data, but consumes a serial number . At this point, the TCP client process enters the syn-sent (synchronous sent) state.

2.HostB after receiving the connection request message, if you agree to establish a connection, send confirmation to Hosta. The SYN and ACK should be set to 1 in the confirmation message section, and the confirmation number is ack=x+1, and a serial number seq=y is selected for itself. Please note that this message segment is also not able to carry any data, but it also consumes a serial number . At this point the TCP server process enters the SYN-REVD (synchronously received) state.

3.TCP the client receives HOSTB confirmation, but also to the HOSTB to confirm. Confirm the ACK of the Message section 1, the confirmation number ack=y+1, and its own serial number seq=x+1.

At this point the value of SYN is 0 (as can be seen from the captured message). TCP Specifies that the ACK message segment can carry data. However, if you do not carry the data, the serial number is not consumed, in which case the sequence number of the next data segment is still seq=x+1.

Three-time handshake first step:

Three-time handshake step Two:

Three-time handshake step Three:

Two: Why do you have to shake hands three times

In the book, the podcast found a lot of three reasons to shake hands, but the explanation is not particularly clear, asked around the network engineer's classmate, recommended a

"Routing switching," this is the students to participate in the three companies in the examination of the textbook, inside the three-time handshake explained more clearly.

Three: four breakup

The four-time breakup process is:

1.A application process to its TCP to send a connection to release the message segment, and stop sending the data, the active shutdown TCP connection a connection to release the header of the Fin 1, its ordinal seq = u, it is equal to the previous transmitted data of the last byte ordinal plus 1, then a into Fin-wait-1 (terminating wait 1) status , waiting for confirmation of B Please note that TCP specifies that the fin segment consumes a sequence number even if it does not carry data .

2.B received the connection to release the message section is issued confirmation, the confirmation number is Ack=u + 1, and this segment of its own sequence number is V, equal to the last byte of the data transmitted in front of B plus 1 and then b into the close-wait (shutdown wait) state. The TCP server process should then notify the high-level application process, thus the connection from A to B is released, when the TCP connection is in the semi-closed (half-close) state , that a has no data to send, but b if the data sent, a still to receive. In other words, the connection from B to a is not closed. This state may persist for some time. A after receiving confirmation from B, enter fin-wait-2 (terminating wait 2) status, waiting for the connection release message segment from B.

3. If B has no data to send to a, its application process notifies TCP to release the connection. At this point, the connection release message segment sent by B must make fin = 1, it is assumed that B's ordinal is w (in the semi-closed State B may have sent some data). B must also repeat the last confirmation number ack= u+1, at which point B enters the last-ack (final confirmation) state and waits for a confirmation.

4.A This must be confirmed after receiving the connection release message section of B. In the confirmation message section, the ACK is set to 1, the confirmation number ack = W + 1, and its ordinal is seq = U + 1 (according to the TCP standard, the previously sent fin message segment to consume a serial number). Then enter into the time-wait (time Wait) state. Note that the TCP connection is not released yet. After the time waits for the timer (time-wait timer) to set the time to 2MSL, a only enters the closed state. The time MSL is called the longest message segment life (maxium Segment Lifetime), and theRFC793 is recommended to be set to 2 minutes. But this is all about engineering, and for the current network, MSL = 2 minutes may be a bit too long. So TCP allows different implementations to use smaller MSL values depending on the situation. Therefore, after entering the time-wait state from A, it takes 4 minutes to enter the closed state before the next new connection can be established. When a revokes the corresponding transfer control block TCB, it ends the TCP connection.

Four break the first step:

Four breaking up the second step:

Four breakup step three:

Four break Fourth step:

Capture packet Analysis TCP three handshake and four breakup