Principle of three-way handshake for TCP connections)

TCP
Yes
Connection-oriented connection means that a connection must be established before the computer communicates with each other, data is transmitted, and the connection is finally removed.

AndTCP
In
The connection is established in three steps:

The first step is to send a request (client) that contains the Syn (synchronize) markTCP
The SYN synchronous packet specifies the port used by the client.
AndTCP
Connection
The initial serial number;

Step 2: After receiving the SYN packet from the client, the server returns a SYN + ACK message, indicating that the client request is accepted.TCP
Collation
Ack indicates acknowledgement ).

Step 3: the client also returns an ACK message to the server.TCP
The serial number is incremented by one.TCP
Connection
The connection is completed. Then start the second step of communication: data processing.

This is what we callTCP
Three-way handshake
(Three-way handshake ).

(C: client, S: Server)

C: SYN to S

S: If the request is successful, return the request to C (SYN + ACK)

C: if the job is successful, return the job to S (ACK)

The above is a normal connection method, but as follows:

Assume that a C sends SYN to S and disappears for no reason, s cannot receive the c ack packet after sending the SYN + ACK response packet (Three-way handshake
None
In this case, s will retry (re-send SYN + ACK to the client) and wait for a while before discarding the unfinished connection. The length of this time is called syn.
Timeout. Generally, this time is an order of magnitude of minutes (about 30 seconds-2 minutes). a c exception causes a thread in S to wait for 1 minute, which is not a big problem, however
S will consume a lot of resources to maintain a very large semi-connection list-tens of thousands of semi-connections, even simple storage and traversal consume a lot
More CPU time and memory, not to mention the need to constantly retry the IP in this list with SYN + ACK. In fact, if S'sTCP
/IP stack is not powerful enough. The final result is
Often Stack Overflow crashes-even if s's system is powerful enough, s will be busy dealing with spoofed by attackersTCP
CONNECT requests without ignoring the normal requests of customers (after all, C's
The normal request rate is very small). In this case, from the perspective of normal customers, S has no response. This situation is called SYN Flood attack (SYN Flood attack) on the server side ).

 

Address: http://blog.myspace.cn/e/405701766.htm