Network basics: TCP and UDP Basics

Source: Internet
Author: User
TCP Message format

  • source:Source Port for sending TCP Data
  • dest:Destination Port for receiving TCP Data
  • seq:Start serial number that identifies the data bytes contained in the TCP
  • ack_seq:Confirm the serial number, indicating the data serial number accepted by the receiver next time.
  • doff:The length of the Data header. Same as the IP protocol, the unit is 4 bytes. Generally, the value is 5.
  • urg:If an emergency Data Pointer is set, this bit is 1
  • ack:If the confirmation number is correct, it is 1
  • psh:If this parameter is set to 1, the Receiver immediately submits the data to the previous program after receiving the data.
  • rst:If the value is 1, the request is reconnected.
  • syn:When the value is 1, it indicates the request to establish a connection
  • fin:When the value is 1, the request closes the connection window, telling the recipient the size of the check that can be received to compare TCP Data
  • urg_ptr:If URG = 1, it indicates the offset of the serial number of the emergency data starting from the historical data.
Establish a three-way handshake for a TCP connection

  • First handshake: when a connection is established, the client sends the SYN Packet (SEQ = x) to the server and enters the syn_send status. Wait for the server to confirm;
  • The second handshake: when the server receives the SYN packet, it must confirm the customer's Syn (ACK = J + 1) and send a SYN Packet (SEQ = Y), that is, SYN + ACK packet, the server enters the syn_recv status;
  • The third handshake: the client receives the server's SYN + ACK package and sends the ACK (ACK = Y + 1) Confirmation package to the server. After the package is sent, the client and server enter the established status, complete three handshakes.
  • After three handshakes, the client and the server start to transmit data,
TCP advantages and disadvantages

Advantages

  • TCP allows you to explicitly create and terminate connections in an agreed manner.
  • TCP ensures reliable, ordered (packets are received in the sent order), and non-repeated data transmission.
  • TCP manages big data blocks by keeping them continuous and dividing them into smaller shards. No need for programmers to know

Disadvantages

  • TCP must create (and maintain) a connection when passing data. This connection adds overhead to the communication process, making it slower than UDP. Resource Consumption of TCP connections, including packet information, condition status, and serial number.
  • TCP connection has security risks: by deliberately failing to complete the three-way handshake process required for establishing a connection, the resources of the connection party are exhausted.
  • The predictability of serial numbers. The SYN/ack serial numbers returned by the target host when responding to a connection request are predictable TCP session hijacking and SYN Flood (synchronous flood) it is a network attack method based on this weakness of TCP.
TCP Data Structure

Some data structures will be used when a TCP connection is established.

  • Semi-connection queue: In the three-way handshake protocol, the server maintains an unconnected queue, which opens an entry for the SYN Packet (SYN = J) of each client. This entry indicates that the server has received the SYN packet, and sends confirmation to the customer, waiting for the customer's confirmation package. The connection identified by these entries is in the syn_recv state on the server. When the server receives the customer's confirmation packet, it deletes the entry and the server enters the established state.
  • Backlog Parameters: Maximum number of unconnected queues.
  • Number of SYN-ACK retransmissions: The server sends the SYN-ACK package, if not received the customer confirmation package, the server for the first re-transmission, wait for a period of time has not received the customer confirmation package, for the second re-transmission, if the number of retransmission times exceeds the maximum number of retransmission times specified by the system, the system deletes the connection information from the semi-connection queue. Note that the waiting time for each retransmission is not necessarily the same.
  • Semi-join survival time: Indicates the maximum time for a semi-connection queue to survive, that is, the maximum time for the service to receive a SYN Packet and confirm that the packet is invalid, the maximum waiting time of all retransmission request packets. The semi-join survival time is also called timeout time and syn_recv survival time.
TCP flag

It should be the meaning of the bit of the code bit field.

  • Syn (synchronous flag): The synchronize sequence numbers column is valid when the marker is set to top. This flag is valid only when three handshakes are used to establish a TCP connection. It indicates the serial number of the server check sequence of the TCP connection. The serial number is the serial number of the initial client of the TCP connection. Here, we can regard the TCP sequence number as a 32-bit counter ranging from 0 to 4,294,967,295. Each byte in the data exchange over TCP connections is serial number. The serial number column in the TCP header contains the serial number of the first byte in the TCP segment.
  • Ack (validation mark): Make sure that the acknowledgement number column is valid. In most cases, this flag is set. The validation number (W + 1, figure-1) contained in the validation number column in the TCP header is the next expected sequence number, prompting that the remote system has successfully received all data.
  • RST (reset flag): This flag is used to reset the corresponding TCP connection when it is set up.
  • URG (emergency sign): Indicates that the Urgent Pointer mark is valid when it is set to the upper.
  • Psh): When this flag is set, the receiving end does not process the data in the queue, but transfers the data to the application as soon as possible. This flag is always set to a bit when you connect to telnet, rlogin, or other interactive modes.
  • FIN (End mark): A packet with this flag is used to end a TCP session, but the corresponding port is still open and is ready to receive subsequent data.
Intermediate status of the TCP connection process
  • Syn_sent: The client sends a SYN packet to apply for a TCP connection to the server. The client status is syn_sent.
  • Syn_rcvd: When receiving a request, the receiver sends a TCP packet with the SYN and ACK flag signs as the response. In addition, the receiver sets an ISN value greater than the ISN sent by the client, this is often called a syn_ack packet or a syn_ack packet. The connection status is syn_rcvd.
  • Established: The initiator then sends an ISN flag with an ACK response and an increase of 1 to confirm that syn_ack has finished three handshakes. At this time, the connection status is success: Established
TCP connection termination protocol (four waves)

Because the TCP connection is full-duplex, each direction must be closed separately. This principle is that when one party completes its data sending task, it can send a fin to terminate the connection in this direction. Receiving a fin only means that there is no data flow between the two parties. a tcp connection can still send data after receiving a fin. First, the party that closes the service will take the initiative to close the service, and the other party will passively close the service.
The tcp client sends a fin to disable data transmission from the client to the server (packet segment 4 ).
When the server receives the fin, it returns an ACK and confirms that the serial number is 1 (packet segment 5 ). Like SYN, a fin occupies a sequence number.
The server closes the client connection and sends a fin to the client (packet segment 6 ).
The customer segment sends back the ACK message for confirmation, and sets the confirmation sequence number to receive the serial number plus 1 (packet segment 7 ).

Close the connection and wait twice the maximum time to live

Why do I have to wait twice the maximum lifetime before closing the connection after the initiator actively closes the ACK response?

Because the ACK message sent by the active party may be lost, and the passive party may send the fin message again, time_wait provides the time for the "abnormal segment" in the connection to disappear from the network. Consider what will happen if the delay or retransmission segment arrives after the connection is closed? Generally, TCP only discards the data and responds to the RST message, so this will not cause any problems. When the RST message arrives at the host that sends the delay segment, it also discards the segment because the host does not record any connection information. However, if a new connection with the same port number is established between two identical hosts, the outlier segment may be considered as a new connection, if any serial number of the data in the outlier segment is in the current Receiving Window of the new connection, the data will be re-received. The result is that the new connection will be damaged.

  • Simply put: to occupy the port number of the previous TCP connection and prevent the use of the new TCP connection, avoid packets sent from previous TCP connections (arriving at the target host later for some reason) being received and processed by new TCP connections.
Status when TCP closes the connection
  • Closed: Initial status.
  • Listen:A socket on the server is in the listening status and can be connected.
  • Fin_wait_1: The true meanings of fin_wait_1 and fin_wait_2 indicate the FIN packets waiting for the other party. The difference between the two States is that the fin_wait_1 state is actually when the socket is in the established State, it wants to actively close the connection and send a FIN packet to the other party, the socket enters the fin_wait_1 state. When the other Party responds to the ACK packet, it enters the fin_wait_2 status. Of course, under normal circumstances, the other party should immediately respond to the ACK packet, regardless of the situation, therefore, the fin_wait_1 status is generally difficult to see, while the fin_wait_2 status is often seen using netstat.
  • Fin_wait_2: The socket in the fin_wait_2 status indicates a semi-connection, that is, one party requires a close connection, but also tells the other party that I still have some data to send to you and close the connection later.
  • Time_wait:It indicates that the other party's FIN packet is received, and the ACK packet is sent concurrently, and the closed available status can be returned after 2msl (2 times the maximum survival time. If fin_wait_1 receives a message with both the fin mark and ACK mark, it can directly enter the time_wait status without passing through the fin_wait_2 status.
  • Closing:Normally, when you send a FIN packet, you should first (or simultaneously) receive the ACK packet from the other party and then receive the FIN packet from the other party. However, the closing status indicates that after you send the FIN packet, you have not received the ACK packet from the other party, but have also received the FIN packet from the other party. Under what circumstances will this happen? In fact, it is not difficult to come to the conclusion that if both parties close a socket at the same time, both parties may send FIN packets at the same time, that is, the closing status may occur, both parties are closing the socket connection.
  • Close_wait:Waiting to close. How can this problem be solved? When the other party closes a socket and sends a FIN packet to itself, your system will undoubtedly respond to an ACK packet to the other party, and then enters the close_wait status. Next, in fact, what you really need to consider is to check if you still have data to send to the other party. If not, you can close the socket and send the FIN packet to the other party, that is, close the connection. So what you need to do in close_wait is to wait for you to close the connection.
  • Last_ack:It passively closes the ACK packet sent by one party and waits for the other party. After receiving the ACK message, you can enter the closed available status.
Three or four times

Why is the three-way handshake while the four-way handshake when the connection is closed?

This is because the socket in the listen status of the server can respond to ack and SYN after receiving the SYN Packet connection request) it is sent in a message. However, when the connection is closed, when the other party receives the fin Message notification, it only indicates that the other party has no data to send to you; but not all your data may have been sent to the other party, therefore, you may not close the socket immediately, that is, you may need to send some data to the other party, and then send the fin message to the other party to indicate that you agree to close the connection now, therefore, the ACK messages and fin messages are sent separately in most cases.

TCP socket programming flowchart

UDP socket programming flowchart

Difference between UDP and TCP
  • UDP does not have a three-way handshake.
  • UDP processing has fewer details than TCP. UDP cannot ensure that the message is sent to (It also reports that the message is not sent to) the destination.
  • UDP does not guarantee the Transmission sequence of data packets. After UDP sends data, it can only be expected to reach the destination.
Advantages and disadvantages of UDP:
  • UDP does not require a connection
  • UDP does not incur any overhead because the receiver accepts the receipt of the packet (or automatically retransmits the packet when the packet does not arrive correctly.
  • UDP is designed for short applications and message control.
  • Based on a data packet connected to a data packet, UDP requires less network bandwidth than TDP.
Socket Concept
  • Network socket data transmission is a special type of I/O, socket is alsoFile descriptor
  • Socket also has a function call similar to opening a fileSocket (), This function returns an integer socket descriptor, and subsequent connection establishment, data transmission, and other operations are implemented through this socket.
Socket Type
  • Stream socket (sock_stream): Stream is a connection-oriented socket for connection-oriented TCP Service applications.
  • Datagram socket (sock_dgram): A datagram socket is a connectionless socket that corresponds to a connectionless UDP Service Application.
The SOCKET call library functions mainly include:

The following interfaces create a socket

  • Socket(af,type,protocol): Create a socket
  • bind(sockid, local addr, addrlen): Establish connection between address and Socket
  • listen( Sockid ,quenlen): The server listens to client requests.

Establish connections between servers and clients (for TCP connections)

  • Connect(sockid, destaddr, addrlen): Client request connection
  • newsockid=accept(Sockid,Clientaddr, paddrlen): The server waits for receiving client connection requests from the socket numbered sockid

Send/receive data

  • send(sockid, buff, bufflen): Connection-oriented data transmission
  • recv( ): Connection-oriented data reception
  • sendto(sockid,buff,…,addrlen)Send data to connectionless Devices
  • recvfrom( )Receive data for connectionless connections
Release socket
  • close(sockid)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.