What is TCP?
TCP (transmission Control Protocol Transmission Protocol) is a reliable, IP-based transport layer protocol that is oriented towards connectivity (connection-oriented). The protocol number for TCP in IP packets is 6. TCP is a super-troublesome protocol, and it is the foundation of the Internet, but also the basic skills required of every programmer. First look at the OSI seven-layer model:
OSI seven-layer model
We need to know that TCP works in the network OSI seven layer model fourth layer--transport layer, IP in the third layer--network layer, ARP in the second Layer--data link layer, on the second layer of data, we call it frame, The data on the third layer is called packet, and the fourth layer of data is called segment. At the same time, we need to simply know that the data from the application layer is sent down, each layer will be added header information, encapsulation, and then sent to the data receiving end. The basic process you need to know is that each data is packaged and packaged in a data package. In the OSI seven layer model, the role of each layer and the corresponding protocol are as follows:
In the OSI seven layer model, the role of each layer and the corresponding protocol
TCP is a protocol, how is this protocol defined, and what is its data format like? To do a deeper analysis, you need to understand, and even memorize, the meaning of each field in the TCP protocol. Oh, come on.
The face is the format of the TCP protocol header, because it is too important to understand the basis of other content, the following will be a detailed description of each field information.
Source port and Destination port: 16 bits each, representing the source port number and destination port number, used to distinguish between different processes in the host, and the IP address is used to distinguish between different hosts, The source port number and destination port number match the source IP address and destination IP address in the IP header to uniquely determine a TCP connection;
Sequence number: Used to identify the data stream sent from the TCP originator to the TCP receiver, which represents the ordinal of the first data byte in the data flow in this segment, and is mainly used to solve the problem of the chaotic sequence of the network report;
Acknowledgment number:32 bit confirms that the serial number contains the next sequence number expected to be received at the end of the send acknowledgement, so the confirmation sequence number should be the last data byte sequence number plus 1. However, the confirmation Sequence Number field is valid only if the ACK flag in the flag bit (described below) is 1 o'clock. Mainly used to solve the problem of not losing packets;
Offset: To the number of first, this value is required because the length of the optional field is variable. This field accounts for 4bit (up to 15 32bit of words, that is, the first ministerial of 4*15=60 bytes), so TCP has a maximum of 60 byte headers. However, there is no optional field and the normal length is 20 bytes;
There are 6 flag bits in the TCP flags:tcp header, many of which can be set to 1 at the same time, mainly for manipulating TCP's state machine, in turn, Urg,ack,psh,rst,syn,fin. Each flag bit means the following:
URG: This flag indicates that the TCP packet's emergency pointer field (which is about to be said immediately) is valid to ensure that the TCP connection is not interrupted and that the middle-tier device is being processed as soon as possible;
ACK: This flag indicates that the answer domain is valid, that is, the preceding TCP answer number will be included in the TCP packet, there are two values: 0 and 1, the time of 1 indicates that the answer domain is valid, and vice versa is 0;
PSH: This flag bit indicates the push operation. The so-called push operation means that the packet is delivered to the application immediately after it arrives at the receiving end, rather than queued in the buffer;
RST: This flag indicates a connection reset request. Used to reset the connection that generated the error and is also used to reject errors and illegal packets;
SYN: Indicates the synchronization sequence number used to establish the connection. The SYN flag bit and the ACK flag bit are used together, when the connection request, Syn=1, ack=0; When the connection is responded to, syn=1,ack=1; the packet of this flag is often used for port scanning. The scanner sends a packet with only SYN, and if the host responds with a packet back, it indicates that the host has this port, but since this scan is only the first handshake of the TCP three handshake, the success of this scan indicates that the machine being scanned is not safe, a safe Host will be forced to require a tightly connected three-time handshake of TCP;
Fin: Indicates that the sender has reached the end of the data, that is to say, the data transfer is complete, no data can be transferred, send the FIN flag bit TCP packets, the connection will be disconnected. The packet of this flag is also often used for port scanning.
Windows: Window size, which is known as a sliding window, for flow control; This is a complex issue that will not be summarized in this blog post;
Well, the basics are ready, so let's start the next journey.
What is the three-time handshake?
TCP is connection-oriented, and you must first establish a connection between the two parties in either direction before the other party sends the data. In the TCP/IP protocol, the TCP protocol provides a reliable connection service, which is initialized by a three-time handshake. The purpose of the three-time handshake is to synchronize the serial number and confirmation number of both parties and Exchange TCP window size information. This is the TCP three handshake that is often asked in the interview. Just understanding the concept of the TCP three handshake is not helpful for you to get a job, you need to understand some of the details of the TCP three handshake. Take a look at the diagram first.
1. First handshake: Establish a connection. The client sends the connection request message segment, the SYN position is 1,sequence number x, and then the client enters the Syn_send state, waiting for the server to confirm;
2. Second handshake: The server receives a SYN message segment. The server receives the SYN message segment of the client, needs to confirm this SYN segment, set acknowledgment number to x+1 (Sequence number+1), and send the SYN request information yourself, with the SYN position at 1 Sequence number is Y; the server will put all of the above information into a message segment (that is, the Syn+ack message segment), a concurrent send to the client, when the server entered the SYN_RECV state;
3. Third handshake: The client receives the server's Syn+ack message segment. Then the acknowledgment number is set to Y+1, send an ACK message to the server segment, after the message segment is sent, the client and server side both enter the established state, complete the TCP three handshake.
Three handshakes are completed, and the client and server can begin transmitting data. The above is the general introduction of the TCP three handshake.
What about the four breakup?
After the client and server have established a TCP connection through three handshake, when the data transfer is complete, it is bound to disconnect the TCP connection. For the disconnection of TCP, there is a mysterious "four breakup".
1. First Breakup: Host 1 (Can make the client, can also be the server side), set sequence number and acknowledgment number, to host 2 send a fin message segment; At this time, the host 1 into the fin_wait_1 State; This indicates that the host 1 has no data to be sent to host 2;
2. Second breakup: Host 2 received a host 1 sent fin message segment, 1 back to the host an ACK message segment, acknowledgment number is sequence number plus 1; Host 1 enters Fin_wait_2 state; Host 2 tells Host 1, I have no data to send, you can close the connection;
3. Third breakup: Host 2 to the host 1 send fin message segment, request to close the connection, while the host 2 into the close_wait State;
4. Fourth break-up: Host 1 received the Host 2 sends the FIN message segment, sends the ACK message segment to host 2, then the Host 1 enters the TIME_WAIT state, the host 2 receives the host 1 ACK message segment, closes the connection, at this time, the host 1 waits for 2MSL to still not receive the reply, This proves that the server side has shut down properly, so the host 1 can also shut down the connection.
At this point, TCP's four breakup is so enjoyable to complete. When you see here, your mind will have a lot of questions, a lot of don't understand, feel very messy; All right, we continue to summarize.
Why do you have to shake hands three times?
Now that you have summed up the three-time handshake for TCP, why do you have to do it three times? How do you think two times can be done. So why does TCP have to connect three times? In Shehiren's computer network, it says:
In order to prevent the failed connection request packet suddenly transmitted to the service side, resulting in an error.
In the book, we also cite an example, as follows:
"Invalid connection request message segment" is generated in a situation where the first connection request message segment sent by the client is not lost,
Instead, a network node is stuck for a long time so that it is delayed until a certain time after the connection is released to the server. Originally this is a
A message segment that has already failed. However, after the server receives this failed connection request message segment, it is mistaken that the client again sends a new
Connection request. The client is then sent a confirmation message segment, agreeing to establish a connection. Assuming that the "three-time handshake" is not used, as long as the server
Confirm that the new connection is established. Because the client is now not making a connection request, the server's acknowledgement is not ignored.
Data is not sent to the server. But the server thought the new transport connection had been established and waited for the client to send the data. Such
A lot of the server's resources are wasted. The use of "three-time handshake" method can prevent the above phenomenon. For example, in that case,
The client does not issue a confirmation to the server confirmation. The server knows that the client does not require a connection because it cannot receive a confirmation. "
This is clear, preventing server-side waiting and wasting resources.
Why did you break up four times?
What about the four breakup? TCP protocol is a connection-oriented, reliable, byte-stream-based Transport layer communication protocol. TCP is full-duplex mode, which means that when the host 1 is issued fin segment, only indicates that the host 1 has no data to send, Host 1 tells the host 2, its data has all been sent, but this time the host 1 can still accept data from host 2, when Host 2 returns an ACK segment, It is known that the Host 1 no data sent, but host 2 can still send data to host 1, when the host 2 also sent fin segment, this time indicates that the host 2 also no data to send, will tell the host 1, I have no data to send, and then each other will happily interrupt this TCP connection. If you want to understand the principle of four break-up correctly, you need to understand the state changes during the four breakup process.
Fin_wait_1: This state should be well explained, in fact, the real meaning of fin_wait_1 and fin_wait_2 state is to wait for each other's fin message. The difference between the two states is: The fin_wait_1 state is actually when the socket in the established state, it would like to actively close the connection, send a FIN message to the other side, when the socket is entered into the fin_wait_1 state. And when the other party responds to the ACK message, then into the fin_wait_2 state, of course, under the actual normal circumstances, regardless of the circumstances of each other, should immediately respond to the ACK message, so fin_wait_1 state is generally more difficult to see, and Fin_wait_ 2 states can also sometimes be seen with netstat. (Active side)
Fin_wait_2: The above has explained in detail this state, in fact, the fin_wait_2 state of the socket, that is, the semi-connection, that is, one side requires close connection, but also tell the other side, I temporarily have a bit of data to send you (ACK information), and then close the connection. (Active side)
Close_wait: The meaning of this state is actually expressed in waiting to be closed. How do you understand that? When the other side close a socket to send fin message to yourself, your system will undoubtedly respond to an ACK message to the other side, this time into the close_wait state. Next, the real thing you really need to consider is whether you still have the data sent to the other person, if not, then you can close the SOCKET, send fin messages to each other, that is, close the connection. So what you need to accomplish in the close_wait state is waiting for you to close the connection. (Passive side)
Last_ack: This state is still relatively easy to understand, it is the passive close side after sending fin messages, and finally wait for each other's ACK message. When an ACK message is received, it is also possible to enter the closed available state. (Passive side)
Time_wait: Said to receive the other side of the fin message, and sent out an ACK message, just wait for 2MSL to return to the closed usable state. If the FINWAIT1 state, received the other side with the FIN flag and the ACK flag message, you can directly into the time_wait state, without having to go through the fin_wait_2 state. (Active side)
CLOSED: Indicates a connection interruption.
Hope that the students to summarize it.
Linux under the Disk Management Artifact LVM command use and TCP protocol