Analysis of TCP three-way handshake and four-way handshake, analysis of tcp three-way handshake

Source: Internet
Author: User
Tags connection reset

Analysis of TCP three-way handshake and four-way handshake, analysis of tcp three-way handshake

Reprinted from http://www.jellythink.com/archives/705

What is TCP?

I am not going to elaborate on what TCP is. When you see this article, I think you also know the concept of TCP and want to have a better understanding of TCP work, let's continue. It is just a super-troublesome protocol, and it is also the foundation of the Internet, it is also a basic skill for every programmer. First, let's take a look at the OSI Layer-7 model:

 

We need to know the layer-4 -- Transport layer in the layer-7 model of the OSI Network. The IP address is on the layer-3 -- Network layer, and ARP is on the layer-2 -- Data Link layer; the data on the second layer is called Frame, the data on the third layer is called Packet, and the data on the fourth layer is called Segment. At the same time, we need to simply know that when data is sent from the application layer, header information is added to each layer for encapsulation and then sent to the data receiving end. You need to know this basic process, that is, every data is encapsulated and encapsulated. In the OSI Layer-7 model, the role of each layer and corresponding protocols are as follows:

 

TCP is a protocol. How is this protocol defined? What is its data format? To perform a deeper analysis, you need to understand, or even memorize the meaning of each field in TCP. Oh, come on.

 

The above is the format of the TCP Header. Because it is too important, it is the basis for understanding other content. The following describes the information of each field in detail.

  • Source Port and Destination Port: respectively occupy 16 bits, indicating the Source Port number and Destination Port number. They are used to distinguish different processes in the host, while IP addresses are used to distinguish different hosts, the source port number and the destination port number can be used together with the source IP address and the destination IP address in the IP address header to uniquely determine a TCP connection;
  • Sequence Number: indicates the Data byte stream sent from the TCP initiator to the TCP receiver. It indicates the Sequence Number of the First Data byte in the data stream in the packet segment; it is mainly used to solve the problem of disordered network reporting;
  • Acknowledgment Number: The 32-bit validation serial Number contains the next serial Number expected to be received by the sending confirmation end. Therefore, the validation serial Number should be the byte serial Number that was successfully received last time plus 1. However, the field that confirms the serial number is valid only when the ACK mark (described below) in the flag is 1. It is mainly used to solve the problem of no packet loss;
  • Offset: the number of 32-bit characters in the header. This value is required because the length of any field is variable. This field occupies 4 bits (up to 15 32 bits, that is, 4*15 = 60 bytes of header length), so TCP has a maximum of 60 bytes of header. However, there are no optional fields, and the normal length is 20 bytes;
  • TCP Flags: there are 6 flag bits in the TCP header, and multiple of them can be set to 1 at the same time, which is mainly used to manipulate the state machine of TCP.URG,ACK,PSH,RST,SYN,FIN. The meanings of each flag are as follows:
    • URG: this flag indicates that the emergency pointer domain of the TCP packet (which will be mentioned later) is valid to ensure that the TCP connection is not interrupted and urge the middle layer device to process the data as soon as possible;
    • ACK: this flag indicates that the response domain is valid, that is, the TCP response number mentioned above will be included in the TCP packet; there are two values: 0 and 1, if the value is 1, the response domain is valid; otherwise, the value is 0;
    • PSH: this flag indicates the Push operation. The Push operation refers to transmitting data packets to the application immediately after they arrive at the receiving end, rather than queuing in the buffer;
    • RST: indicates the Connection reset request. Used to reset connections that generate errors and reject error and illegal data packets;
    • SYN: indicates the synchronization sequence number, which is used to establish a connection.SYNFlag andACKWhen the flag is used together,SYN= 1,ACK= 0; when the connection is responded,SYN= 1,ACK= 1; packets with this flag are often used for port scanning. The scanner sends only oneSYNIf the other host returns a packet, it indicates that the host has this port. However, this scan method only performs the first handshake of TCP three handshakes, therefore, the success of this scan indicates that the machine to be scanned is not safe. A secure host will force a connection to strictly perform TCP three-way handshake;
    • FIN: indicates that the sender has reached the end of the data, that is, the data transfer between the two parties is complete, no data can be transferred, sendFINThe TCP packet of the flag is disconnected. Packets with this flag are often used for port scanning.
  • Window: Window size, which is also a famous sliding Window, used for traffic control. This is a complicated problem and will not be summarized in this blog;

Now, all the basic knowledge is ready. Start the next journey.

What is a three-way handshake?

TCP is connection-oriented. Before sending data to the other party, a connection must be established between the two parties. In TCP/IP, TCP provides reliable connection services, and the connections are initialized through three handshakes. The purpose of the three-way handshake is to synchronize the serial number and confirmation number of both parties and exchange the TCP window size information. This is the TCP three-way handshake that is frequently asked during the interview. Only understanding the concept of TCP three-way handshake does not help you get a job. You need to understand some details in TCP three-way handshake. Let's first look at the figure.

 

A clear picture, of course, is not drawn by me. I just cited it to illustrate the problem.

After three handshakes are completed, the client and the server can start to transmit data. The above is the general introduction of TCP three-way handshake.

What about the four breaking up?

After a TCP connection is established between the client and the server through three handshakes, the TCP connection must be disconnected after data transmission is completed. For TCP disconnection, there is a mysterious "Four breaks up" here ".

So far, the four breaking up of TCP has been completed so happily. When you see this, you have a lot of questions in your mind, many do not understand, feel very messy; nothing, we will continue to summarize.

Why do we need three handshakes?

Since TCP's three-way handshake is summarized, why do we have to do it three times? I think it can be done twice. So why does TCP have to perform three connections? Xie xiiren's "Computer Network" says this:

Errors are generated to prevent the invalid Connection Request Message segment from being suddenly transmitted to the server.

Here is an example:

"Invalid Connection Request Message segment" is generated in the case that the first connection request message segment sent by the client is not lost, however, a network node is stuck for a long time, so that it will arrive at the server at a certain time after the connection is released. This is a long-overdue packet segment. However, after the server receives the invalid Connection Request Message segment, it is mistaken for a new connection request sent by the client again. Therefore, the client sends a confirmation message segment and agrees to establish a connection. If the "three-way handshake" is not used, a new connection is established as long as the server sends a confirmation message. Because the client does not send a connection request, it does not accept the confirmation from the server or send data to the server. However, the server thinks that the new transport connection has been established and waits for the client to send data. In this way, many server resources are wasted. The "three-way handshake" method can prevent the above phenomenon. For example, in that case, the client will not send confirmation to the server. Because the server cannot receive the confirmation, it will know that the client does not require a connection ."

This makes it clear that it prevents the server from wasting resources while waiting.

Why should I break up four times?

Why did we break up four times? TCP is a connection-oriented, reliable, and byte stream-based transport layer communication protocol. TCP is in full duplex mode, which means that when HOST 1 is sentFINIn the packet segment, it only indicates that host 1 has no data to be sent. HOST 1 tells host 2 that all its data has been sent. However, in this case, HOST 1 can still accept data from host 2. When host 2 returnsACKWhen the packet segment is sent, it indicates that host 1 has no data to send, but host 2 can still send data to host 1; When host 2 also sendsFINWhen the packet segment is sent, it indicates that host 2 has no data to send, and then it will tell HOST 1 that I have no data to send, then they will happily interrupt the TCP connection. If you want to correctly understand the principles of the four breaking up, you need to understand the status changes during the four breaking up process.

  • FIN_WAIT_1: This status should be well explained. In factFIN_WAIT_1AndFIN_WAIT_2The true meaning of the status is the FIN message waiting for the other party. The difference between the two States is:FIN_WAIT_1The status is actually when the SOCKET is in the ESTABLISHED status, it wants to take the initiative to close the connection and sendFINThe SOCKET entersFIN_WAIT_1Status. When the other Party responds to the ACK packetFIN_WAIT_2Status, of course, under normal circumstances, no matter what circumstances the other party should immediately respond to ACK packets, soFIN_WAIT_1The status is generally difficult to see, whileFIN_WAIT_2The status is often seen with netstat. (Active party)
  • FIN_WAIT_2: This status has been explained in detail above. In factFIN_WAIT_2The SOCKET in the status indicates a semi-connection, that is, one party requires a close connection, but also tells the other party that I still have some data to send to you (ACK information ), close the connection later. (Active party)
  • CLOSE_WAIT: The meaning of this state is actually waiting to close. How can this problem be solved? Sent when the other party closes a SOCKETFINPacket to yourself, your system will undoubtedly respond to an ACK packet to the other party, then enterCLOSE_WAITStatus. Next, in fact, what you really need to consider is to check if you still have data to send to the other party. If not, you can close this SOCKET and sendFINPackets are sent to the other party, that is, the connection is closed. So you areCLOSE_WAITThe task to complete is to wait for you to close the connection. (Passive)
  • LAST_ACK: This status is easy to understand. It is passively disabled when one party sendsFINAfter the packet, wait for the other's ACK packet. After receiving the ACK message, you can enter the CLOSED available status. (Passive)
  • TIME_WAIT: Indicates that the other party's FIN packet is received, and the ACK packet is sent concurrently. After 2MSL is sent, it can return to the available state of CLOSED. If FINWAIT1. When the recipient receives a message with both the FIN mark and the ACK markTIME_WAITStatus without passing throughFIN_WAIT_2Status. (Active party)
  • CLOSED: Indicates that the connection is interrupted.
I think you should understand

In conclusion, the TCP learning is far from over. TCP is a very complex protocol. Here we will summarize a little bit about what happened between TCP connection and disconnection, and there are still many pitfalls ", let's continue to fill it out later.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.