TCP/IP three times handshake detailed

TCP Handshake Protocol

In the TCP/IP protocol, the TCP protocol provides a reliable connection service, and a three-time handshake is used to establish a connection.

First handshake: When the connection is established, the client sends the SYN packet (SYN=J) to the server and enters the Syn_send state, waiting for the server to confirm;

Second handshake: The server received the SYN packet, must confirm the customer's SYN (ACK=J+1), but also send a SYN packet (syn=k), that is Syn+ack packet, at this time the server into the SYN_RECV state;

Third handshake: The client receives the server Syn+ack packet, sends the confirmation packet ack (ACK=K+1) to the server, this packet sends completes, the client and the server enters established state, completes three times handshake.

After three handshake, the client and the server begin to transmit data, in the process, there are some important concepts:

Disconnected queues: In the three handshake protocol, the server maintains an disconnected queue, which is listed as the SYN package (SYN=J) for each client to open an entry indicating that the server received the SYN package and issued a confirmation to the customer, waiting for the customer's confirmation package. The connection identified by these entries is in the SYN_RECV state, and when the server receives the customer's confirmation package, the entry is deleted and the server enters the established state.
Backlog parameter: Represents the maximum number of disconnected queues.

Syn-ack retransmission times the server sends the Syn-ack package, if you do not receive a customer confirmation package, the server for the first retransmission, waiting for a period of time has not received a customer confirmation package, for a second retransmission, if the number of retransmissions exceeded the system specified maximum retransmission number, the system will remove the connection information from the semi-connected queue. Note that the time for each retransmission wait is not necessarily the same. Semi-connection survival: the longest time that an item in a semi-connected queue survives, or the longest time that a service receives a SYN packet to confirm that the message is invalid, which is the sum of the maximum wait times for all retransmission request packets. Sometimes we also call the timeout time, syn_recv survival time.
====================================================================
Now, let's look at a complete process of how the system call connect on a TCP socket actually establishes a connection to the end-to-end. As an example, we will initiate a connection request to 172.16.48.1 Port 5002 with the experimental environment 172.16.48.2.
In the first step, 172.16.48.2 initiates a connection request to 172.16.48.1, sends a SYN segment, indicates the destination port 5002, informs its own initial sequence number (ISN, a 32-digit number randomly generated by the protocol stack), and sets the confirmation number to 0 (since no data has been received on the end-to-end), Notice that your sliding window size is 5840 (on the end is 5792). This seems to be a problem that needs to be further detailed, the window expansion factor is 2 (in the first option), the maximum message segment length is 1460 (local area network), the following is the data content (has stripped the link layer of the Ethernet header and the IP header of the network layer) ：
Meaning of data content
Basic Header
0e Source Ports (32782)
8a Destination Port (5002)
BC Initial serial number isn
00 00 00 00 Confirmation Serial Number
A header length
0 02 Sign bit, syn=1
D0 sliding window size (5840)
9e Checksum
00 00 Emergency Pointers
TCP Options
B4 Maximum length of message segment (1460)
04 02 Allow Sack
0a 0a 79 14 00 00 00 00 Timestamp (0x000a7914), Echo time stamp (0)
01 occupies the position.
03 03 02 Window Expansion factor (2)
In the second step, 172.16.48.1 receives the request package, checks the flag bit, discovers the syn=1, considers this as a request to initialize the connection, responds to this SYN, and also sends its own SYN segment (that is, Ack,syn simultaneously). Because SYN itself takes an ordinal number (and a flag fin also takes an ordinal). Therefore, the confirmation number is set to 172.16.48.2 isn plus 1 (that is, 172.16.48.1 expects to receive the first ordinal number of the next package from 172.16.48.2 as 0X07BD. At the same time also to notify their initial serial number, sliding window size, window expansion factor, the maximum length of the segment, and so on, the following is the data content:
Meaning of data content
Basic TCP Header
8a Source Port (5002)
0e Destination Port (32782)
8e 40 91 initial serial number isn
Number of BD confirmed serial numbers (to end isn+1)
A header length
0 12 sign bit, ack=1, syn=1
a0 sliding window size
D7 Checksum
00 00 Emergency Pointers
TCP Options
B4 Maximum length of message segment (1460)
04 02 Allow Sack
0A 3c 8a 0a 79 14 timestamp (0X003C258A), Echo time stamp (000a7914)
01 placeholder
03 03 02 Window Expansion factor (2)
The third step, 172.16.48.2 from the 172.16.48.1 of the SYN section to confirm, so far, TCP three handshake protocol completed, connection established, in the 172.16.48.2 received SYN paragraph, the corresponding state of the socket by Tcp_syn_ Sent change to tcp_established, enter the connection establish state, the following is the data content:
Meaning of data content
0e Source Ports (32782)
8a Destination Port (5002)
BD Serial number (no longer isn)
8e 40 92 Confirmation serial number (to end isn+1)
8 Ministerial degrees (8*4=32, 12-byte option)
0 10 Sign, ack=1
B4 sliding window size (1460, there is a problem.) Pending confirmation)
A5 8a Checksum
00 00 Emergency Pointers

01 placeholder
01 placeholder
0a 0a 3c 8a timestamp (0x0a007914), Echo time stamp (0X003C258A)
=====================================================================
7, a brief description of TCP three handshake process, and explain why 3 times to shake hands TCP three handshake TCP connection is through three times handshake to initialize. The purpose of the three handshake is to synchronize the serial number and confirmation number of both sides of the connection and to exchange the TCP window size information. The following steps outline the usual process for client computers to contact the server computer: 1. The client sends a SYN-bit TCP message to the server that contains the initial serial number x and a window size of the connection (representing the size of the buffer on the client to store incoming segments sent from the server). 2. After the server receives the SYN message sent by the client, sends a TCP message with a SYN and ACK location to the client, which contains the initial serial number y of its choice, the confirmation of the serial number of the client x+1, and a window size indicating the buffer on the server to store the incoming segments sent from the client Size). 3.. After receiving the Syn+ack message returned by the server, the client returns a confirmation number y+1 and a serial x+1 ACK message to the server side, and a standard TCP connection completes. TCP uses a similar handshake process to end the connection. This ensures that all two hosts can complete the transmission and that all data is received

TCP Client	Flags	TCP Server
1 Send SYN (seq=x)	----SYN--->	SYN Received
2 Syn/ack Received	<---syn/ack----	Send SYN (seq=y), ACK (x+1)
3 Send ACK (y+1)	----ACK--->	ACK Received, Connection established
W:ISN (Initial Sequence number) of the Client
X:isn of the Server

==========================================================
Handshake phase:
Ordinal direction seq Ack
1 a->b 10000 0
2 B->a 20000 10000+1=10001
3 A->b 10001 20000+1=20001
Explain:
1: A connection request to B, initialized with a random number of a SEQ, here is assumed to be 10000, at this time ack=0

2: B After receiving a connection request, also initialize B's seq with a random number, which is assumed to be 20000, meaning: Your request I have received, my side of the data flow from this number began. The Ack of B is a SEQ plus 1, or 10000+1=10001.

3: A receives B's reply, its SEQ is its last request SEQ plus 1, namely 10000+1=10001, means also: your reply I received, my this side data flow starts from this number. A The ACK at this point is B's SEQ plus 1, which is 20000+1=20001


Data transfer phase:
Ordinal direction seq ACK size
A->b 40000 70000 1514
B->a 70000 40000+1514-54=41460 54
A->b 41460 70000+54-54=70000 1514
Num B->a 70000 41460+1514-54=42920 54
Explain:
23:b received a seq=40000,ack=30000,size=1514 packet from a
24: So B sends a packet to a also, tells B, your last packet I received. The seq of B is filled with the ACK of the packet it received, the ACK is the data packet's SEQ plus the packet size (excluding Ethernet protocol head, IP header, TCP header), to confirm that the data sent by B has been received.
When 25:a received a 41460 packet of seq from B, when he saw 41460, it was the SEQ of its last packet and the size of the packet, and it was clear that the last packet sent had arrived safely. So it sends another packet to B. The SEQ of the packet being sent is also filled with the ACK of the packet it received, and the ACK is filled with the packet's SEQ (70000) and the package's size (54), which is ack=70000+54-54 (all head length, no data items).
26: the same.