TCP/IP protocol stack

1. TCP three-way handshake

The client sends a SYN request to the server to establish a connection packet. After receiving the request, the server sends an ACK to confirm receiving the SYN packet from the client. Then, the server sends the SYN packet, indicating that the server also wants to establish a TCP connection, when the client receives the SYN packet from the server, it will send an ACK packet to confirm a TCP connection with the server.
(Syn, ack in the flags field of the TCP packet) in wrieshark, the display is usually relative seq and ACK, rather than true. (Tracing is easier)
More official statement:
The first handshake: the client sends the SYN packet to the server and enters the syn_sent status. Wait for the server to confirm.
The second handshake: the server receives the SYN packet from the client, sends an ACK, and sends its own syn. At this time, the server enters the syn_rcvd status.
The third handshake: after the client receives the SYN + ACK sent by the server, it enters the established status, and sends the confirmation ack of the server SYN Packet. After the server receives the ACK from the client, it enters the established status.
When both the client and the server enter the established status, the client and the server can start two-way data transmission.

2. Four TCP Waves

The client actively sends a fin package and requests to disconnect. The server receives an ACK package and confirms that the connection is disconnected. Then, it sends a fin package request to disconnect. After the client receives ack confirmation, it disconnects. The session ends.
More official statement:
Wave for the first time: actively close the party to send a fin and enter the fin_wai ×× status
The second wave: the passive closing party receives the fin sent by the active closing party and sends the ACK. At this time, the passive closing party enters the close_wait status. After the active closing party receives the ACK from the passive closing party, fin_wait2 status
Third wave: passively close the Party sends a fin and enters the last_ack status
The fourth wave: the active closing party receives the fin sent by the passive closing party and sends the ACK. At this time, the active closing party enters the time_wait status and closes the connection after 2msl; the passive closing party closes the connection after receiving the ACK from the active closing party.

3. TCP retransmission mechanism timeout retransmission mechanism:

When the sender finds that the ACK (ACK 4) waiting for seq 3 times out, it will think that seq 3 sends "failed" and re-transmits seq 3. Once the receiver receives seq 3, it immediately returns ack 4

Fast retransmission mechanism:

If the packet does not arrive consecutively, the last packet that may be lost will be ack. If the sender receives the same ack three times in a row, the corresponding seq will be re-transmitted.
When timeout retransmission and fast retransmission are combined to trigger fast re-transmission, only a small part of seq (local principle, or even only one SEQ) is re-transmitted, and other seq re-transmitted after timeout.

4. TCP Window Mechanism (Windows will slide)

For the sender, the window includes the sending window (which has been sent but has not received the ACK response) and the available window. The receiving end allows the sending but not sending the message.
Window sliding principle:
Not every packet segment in TCP will reply to ack. One ack may be sent to two packet segments, or one Ack [accumulative ack] may be sent to multiple packet segments ], for example, if the sender has 1/2/3 packets, the sender first sends two or three packets, but the receiver expects to receive one packet, at this time, the second and second packet segments can only be placed in the cache and the empty wait packet 1 is filled. If the second packet does not arrive, the second packet will be discarded. If the second packet comes, an ACK is sent to confirm the three packets.
52444277

5. TCP Header

Header Length: generally 20 bytes. The option can be up to 40 bytes, and the limit is 60 bytes.
Source Port, destination port, validation number, serial number, header length, retention, tcpflags (marking the attributes of data packets, such as SYN and ACK), sliding window (solving traffic control congestion ), data, checksum (check value), Urgent Pointer: Emergency pointer, can tell the emergency data location, need to be used with the flag U flag; options Option (if any)

6. TCP serial number and validation number

SEQ: serial number, which prevents disorder (the first random (usually the first seq at both ends starts from 0), and the second starts to check the size of the previous ACK)

Ack: Check number, anti-packet loss (data size + serial number)
The serial number is the number of data records successfully sent by the front end. If the positive number is the number of data records successfully received by the front end, the SYN flag and FIN flag also occupy one position.

7. TCP and UDP

TCP: Transmission Control Protocol, connection-oriented, reliable transmission, support for traffic control and window mechanisms, HTTP, FTP, etc.
UDP: User Datagram Protocol, no connection, unreliable transmission, does not support traffic control and window mechanisms, TFTP, DNS, DHCP, etc.
The fixed length of a TCP packet is 20 bytes, and that of UDP is 8 bytes.

8. UDP Header

Source Port, destination port, length, Data, checksum (check value ),

9. Port Number

Source Port is randomly allocated (greater than 1023). The destination port is a well-known port (1-1023)

10. IP header information of the IP package:

Header Length: usually 20 bytes. It can be longer than 60 bytes in total.
IP datagram length: 65535 bytes.
Version, header length, service type, total length, identifier, flag, slice offset, TTL, upper-layer protocol, header check value, source IP address, destination IP address, option, Data

11. IP data sharding and reorganization sharding:

Identifier: identifies the data packet shards belonging to the same data packet, which is different from the data packet shards of the same host or other hosts;

Flag:

Determine whether to receive the last part. The flag field of the last part is 0 and the remaining part is 1. When the target side receives the flag field 0, it starts to reorganize the packet. The part offset: the position of each shard in the original packet.
Why sharding: When the IP data packet is larger than MTU, it must be sharded.

12. TTL Mechanism

Number of Route hops allowed before the datagram arrives at the destination. Skip and subtract 1 to get 0 to discard.
65664309

13. UDP Protocol Number 17, TCP protocol number 6, ICMP protocol number 114. ARP flood

ARP requests are constantly sent, occupying Internet resources, and thus users cannot access the Internet. A little similar to DDoS x×x, causing the server to fail to work normally.

15. ARP spoofing XXX (man-in-the-middle XXX)

××× Bind your Mac to A. The destination IP address of the ARP request sent to B is B. Bind the destination IP address returned by B to. (It's a bit difficult to say. The level is limited. Please forgive me .)

16. IP option value

Supports IP record routing, timestamp, and origin site Routing
Origin route technology: the origin route reflects the idea of providing a way for the source host to specify a path over the Internet.
(IP supports two types of Origin Site routing: 1: loose Origin Site routing: it provides a series of IP address sequences of router interfaces, and the packets must be transmitted along the IP Address Sequence, however, multiple routers can be skipped between two successive addresses. 2: strict origin route: it provides a series of IP address sequences of router interfaces. packets must be forwarded in strict accordance with the route. If the next hop is not in the list, an error will occur. Note: In general work, loose source station routing is called loose routing. It is called a strict source station route .)

TCP/IP protocol stack