Tcp/ip-tcp

tcp/ip-tcp

Author: Danbo 2015-8-23

TCP provides reliability in the following ways:
-The application data is split into a block of data that TCP considers most appropriate to send.
-When TCP sends a segment, it initiates a timer, waiting for the destination to acknowledge receipt of this segment. If a confirmation cannot be received in time, the message segment will be re-sent.
-When TCP receives data from the other end of the TCP connection, it sends an acknowledgment. This acknowledgement is not sent immediately and will typically be deferred for a fraction of a second.
-TCP will maintain the checksum of its header and data. Note that IP only covers the head, the upper layer such as UDP, ICMP and so on have to cover their own head and data checksum, this single IP is not necessary to verify again.
-Since the T-C p message segment is transmitted as an I-P datagram, and the arrival of the I-P datagram may be out of order, the arrival of the T-C P-segment may also be out of sequence. If necessary, T C p will reorder the received data and hand the received data to the application layer in the correct order.
-Since the I P datagram will be duplicated, the receiver side of T C P must discard the duplicated data.
The-t C P can also provide flow control. Each side of the T C p connection has a fixed-size buffer space. The receiver side of T C p only allows the other end to send data acceptable to the receiving buffer. This prevents faster hosts from causing buffer overruns for slower hosts.
-Two applications to exchange byte streams consisting of 8 bit bytes via a T-C p connection. T C p does not insert a record identifier in the byte stream. We'll call this the byte stream service.

The header of TCP:

Note The serial Number field refers to the successful transmission of a byte sequence number plus 1.
The Syn/fin flag consumes an ordinal number . The other signs are not counted.
The target host can be attacked by an attacker with a 6bit transport control signaling that is reserved by TCP.
The serial number should be the last successfully received data byte sequence number plus 1. Only the ACK flag position 1 o'clock confirms that the ordinal field is valid.
Send ACK without any generation. ACK except for the first SYN packet, the ACK bit of any other packet is set to 1.
TCP is full duplex and has a byte stream in all two directions, with serial numbers.
TCP is a sliding window protocol that does not have an option to confirm or choose to deny , and cannot choose to confirm that a packet in the middle of the received packet is forfeited to the last packet received, and there is no choice to deny that a packet in the received packet has a CRC checksum failure, then TCP cannot tell the sending side, This package is wrong, he can only also send the error report before the package's serial number +1 ACK sequence packet.
The most common option field for TCP is MSS (Maximum Segment Size), which is typically indicated in each connection direction in the first segment of the communication (the segment where the SYN flag is set to establish the connection). It indicates the maximum length of the message segment that can be received on this side, because this parameter is negotiated prior to the contract, which causes TCP packets to not be fragmented in general.
The data portion of the TCP segment is optional, and we know that when a connection is established and a connection terminates, the message segments exchanged by both parties have only TCP headers. If a party has no data to send, it also uses the header without any data to confirm the received data. In many cases where the timeout is processed, a segment of the message without any data is also sent.

When a connection is established, each party has an M S option to advertise its desired reception (the M S S option can only appear in the S Y-n message segment). If one party does not receive the M S S value from the other, then M S S is set to the default value of 5 3 6 bytes (this default allows 2 0 bytes of I p header and 2 0 bytes of T C P header to fit 5 7 6 bytes I P datagram). Telnet Direct Connect device is 1460, non-direct link is 536. are generally less than 1500. This is why TCP is generally not fragmented, unless the intermediate routers deliberately adjust the MTU value.

The client sends the SYN packet, which contains the serial number, but the serial number is chaotic. You want to intercept a TCP connection is still very difficult, you need to know the source IP, source port number, but also know the serial number, and this initial sequence number is random, and then the serial number of the packet with this side of the data transferred how much has a relationship. And why the firewall to disturb the serial number, because this serial number in the operating system seems to have a certain algorithm implementation, so that the serial number range (1024-5000), so that the firewall to disrupt the initialization of the serial number.

TCP establishes a connection that has a time-out, a first time of approximately 6s, and a second

We want to clear a TCP connection on the router first: Show TCP brief to find the TCP number, and then: Clear TCP TCB + number can clear the connection.

Reset Message segment:
In general, TCP sends a reset message segment whenever a message segment is sent to a baseline connection (referenced Connection) (the reference connection here refers to a four-tuple-determined connection.) ) to terminate this connection.

Open at the same time:
That is, with four handshakes, it is important to note that we do not refer to any end as a customer or server, because each side is both a client and a server. Also note that the issue of opening its port number at the same time: a port number of 8000 connected to the other end of the 80 ports, and the other end of the 80 port connection to the 8000 port of this paragraph, this port number and three times the handshake, this can not be misunderstood.

Also close:
Both sides of the fin, both sides will enter the TIME_WAIT state.

Interactive Data flow for TCP
TCP is divided into interactive data stream and block data flow, interactive data flow We give an example: Rlogin application, when we input data at this side, the data is sent to the peer, and then to the end of the received after the return, and then the local application to print out the previously entered data, This is the reason for the delay in the input and display when the network card is present.

The steps are shown in the following figure:

(1) Interactive keys from the customer;
(2) Key confirmation from the server;
(3) The key is echoed from the server (note that the password is not echoed and will only reply to confirmation.) )
(4) The key echo confirmation from the customer.

Usually T C P does not immediately send a C K when it receives data, instead it delays sending so that a C K is sent along with the data that needs to be sent in that direction (sometimes called this phenomenon as data piggyback a C K). Most implementations use a delay of up to a maximum of MS, that is, T C p will wait for the data to be sent together with a delay of up to Ms.

The NAG algorithm requires a maximum of one unacknowledged packet on a TCP connection, so that TCP collects the small packets in the wired time before sending them, and then sends them together. This is generally used on low-speed links, and the fast link is not available.
The Router enable command is: Service Nagle

Both Telnet and TFTP are transmitted in plaintext.