"Linux TCPIP three-time handshake and four wave-waving analysis"

TCPIP Three-time handshake

TCP (transmission Control Protocol) transmission protocol

TCP is the host-to-host layer of the Transmission Control Protocol, providing a reliable connection service, using three-time handshake confirmation to establish a connection:

The bit code is the TCP flag bit, there are 6 kinds of marking: SYN (synchronous set up) ACK (acknowledgement acknowledgment) PSH (push transfer) FIN (finish end) RST (reset reset) URG (Urgent emergency)

Sequence number (sequential) Acknowledge number (confirmation)

First handshake: Host a send bit code for syn=1, randomly generate SEQ number=1234567 packet to the server, Host B by Syn=1 know, a requirements to establish online;

Second handshake: Host B receives the request to confirm the online information, send an ACK to a number= (host A's seq+1), syn=1,ack=1, randomly generate seq=7654321 packets

Third handshake: Host a after receiving check ACK number is correct, that is, the first sent Seq Number+1, and the bit code ACK is 1, if correct, host A will send an ACK number= (Host B seq+1), ack= 1, Host B is received after confirming the SEQ value and ack=1 The connection was established successfully.

To complete the three handshake, host A and Host B start transmitting data.

In the TCP/IP protocol, the TCP protocol provides a reliable connection service with a three-time handshake to establish a connection.
First handshake: When a connection is established, the client sends a SYN packet (SYN=J) to the server and enters the Syn_send state, waiting for the server to confirm;
Second handshake: The server receives the SYN packet, must confirm the customer's SYN (ACK=J+1), and also sends itself a SYN packet (syn=k), namely the Syn+ack packet, when the server enters the SYN_RECV state; the third handshake: the client receives the server's Syn+ack package, Send acknowledgment packet ack (ACK=K+1) to the server, the packet is sent, the client and server enter the established state, complete three handshake. Three handshake is completed and the client and server begin to transfer data.

Instance:

IP 192.168.1.116.3337 > 192.168.1.123.7788:s 3,626,544,836:3,626,544,836
IP 192.168.1.123.7788 > 192.168.1.116.3337:s 1739326486:1739326486 ack 3626544837
IP 192.168.1.116.3337 > 192.168.1.123.7788:ack 1739326487,ack 1

First handshake: 192.168.1.116 sends a bit code syn=1, randomly generates a SEQ number=3626544836 packet to 192.168.1.123,192.168.1.123 by syn= 1 know 192.168.1.116 requirements to establish online;

Second handshake: 192.168.1.123 to confirm the online information after receiving the request, send Ack number=3626544837,syn=1,ack=1 to 192.168.1.116, randomly generate seq=1739326486 packet;

Third handshake: 192.168.1.116 received after checking ACK number is correct, that is, the first time the SEQ Number+1 sent, and the bit code ACK is 1, if correct, 192.168.1.116 will send an ACK again number=1739326487 , Ack=1,192.168.1.123 received after confirmation seq=seq+1,ack=1 the connection was established successfully.

Graphic:
A three-time handshake process (Fig. 1, fig. 2)

(Fig. 1)

(Fig. 2)

The first handshake of the flag bit (Fig. 3)
We can see that there is only one sync bit inside the flag, which is the request (SYN)

(Fig. 3)

The second handshake's flag bit (Fig. 4)
We can see that there is a confirmation bit and a sync bit inside the flag, which is the answer (SYN + ACK).

(Fig. 4)

The sign of the third handshake (Figure 5)
We can see that there is only one confirmation bit inside the flag, that is, re-confirm (ACK).


(Fig. 5)

A full three-time handshake is the request---answer---confirm again

Gorgeous Split-line ***********************************************

TCPIP Four Wave analysis

Four breakup:Because TCP connections are full-duplex, each direction must be closed separately. The principle is that when a party completes its data sending task, it can send a fin to terminate the connection in this direction. Receiving a fin only means there is no data flow in this direction, and a TCP connection can still send data after receiving a fin. The first party to close will perform an active shutdown, while the other side performs a passive shutdown. (1) Client A sends a fin to turn off customer A to Server B data Transfer (message segment 4). (2) Server B receives this fin, which sends back an ACK, confirming that the serial number is received plus 1 (message Segment 5). As with Syn, a fin will occupy a sequence number. (3) Server B closes the connection to client A and sends a fin to client a (message segment 6).        (4) Client A sends back ACK message confirmation, and sets the confirmation serial number to receive the serial number plus 1 (message segment 7). State of the explanation: CLOSED:This is nothing to say, the initial state. LISTEN: This is also very easy to understand a state, that the server side of a socket is listening state, can accept the connection. SYN_RCVD:This status indicates that a SYN message is received, under normal circumstances, this state is the server side of the socket in the establishment of a TCP connection during the three handshake session in the process of an intermediate state, very short, basically with netstat you are very difficult to see this state, unless you specifically wrote a client test program, Intentionally the last ACK message in the three-time TCP handshake is not sent. Therefore, when the ACK message is received from the client, it goes into the established state. syn_sent:This state echoes the SYN_RCVD thinking back, when the client socket performs a connect connection, it sends the SYN message first, so it then enters the syn_sent state and waits for the server to send the 2nd message in the three-time handshake. The Syn_sent status indicates that the client has sent a SYN message. established:This is easy to understand, indicating that the connection has been established. fin_wait_1:This state should be well explained, in fact, the real meaning of fin_wait_1 and fin_wait_2 state is to wait for each other's fin message. The difference between the two states is: The fin_wait_1 state is actually when the socket in the established state, it would like to actively close the connection, send a FIN message to the other side, when the socket is entered into the fin_wait_1 state. And when the other party responds to the ACK message, then into the fin_wait_2 state, of course, under the actual normal circumstances, regardless of the circumstances of each other, should immediately respond to the ACK message, so fin_wait_1 state is generally more difficult to see, and Fin_wait_ 2 states can also sometimes be seen with netstat. fin_wait_2:The above has explained in detail this state, in fact, the fin_wait_2 state of the socket, that is, the semi-connection, that is, one side requires close connection, but also tell the other side, I have a little data to send to you, and then close the connection later. time_wait:Indicates received the other side's fin message, and sent out an ACK message, and so on 2MSL can return to the closed available state. If the fin_wait_1 state, received the other side with the FIN flag and the ACK flag message, you can directly into the time_wait state, without having to go through the fin_wait_2 state. CLOSING:This kind of state is special, the actual situation should be very rare, belong to a relatively rare exception state. Normally, when you send a fin message, it is supposed to receive (or receive) the other's ACK message before receiving the other's fin message. But closing status indicates that you send fin message, and did not receive the other's ACK message, but also received the other side of the fin message. Under what circumstances will this happen? In fact, it is not difficult to come to a conclusion: that is, if the two sides close a socket at the same time, then there is a situation where both sides send the fin message, there will be a closing state, indicating that both sides are shutting down the socket connection. close_wait:The meaning of this state is actually expressed in waiting to be closed. How do you understand it? When the other side close a socket to send fin message to yourself, you will undoubtedly respond to an ACK message to each other, then enter into the close_wait state. Next, the real thing you really need to consider is whether you still have the data sent to the other person, if not, then you can close the socket, send fin messages to each other, that is, close the connection. So what you need to accomplish in the close_wait state is waiting for you to close the connection. Last_ack:This state is still relatively easy to understand, it is the passive close side after sending fin messages, and finally wait for the other side of the ACK message. When an ACK message is received, it is also possible to enter the closed available state. Summary: 1. Why is a connection agreement a three-time handshake, and a four-time handshake when the connection is closed? This is because the socket in the listen state of the server is sent in a message after it receives a request for the connection of the SYN message, and it can put the ACK and SYN (ACK response, and SYN synchronous). However, when the connection is closed, when receiving the other's fin message notification, it simply means that no data is sent to you, but not all of your data are sent to the other side, so you may not immediately close the socket, that is, you may also need to send some data to the other side, Send the FIN message to the other side to show that you agree that you can now close the connection, so it is here that the ACK message and fin messages are sent separately in most cases. 2. Why does the time_wait state need to wait 2MSL before returning to the closed state? This is because although both sides agree to close the connection, and the handshake of the 4 messages are also coordinated and sent, it can be directly back to the closed state (like from the Syn_send state to establish state); but because we have to assume that the network is unreliable, You cannot guarantee that the last ACK message you send will be received by the other party, so the socket in the Last_ack state may be re-sending the fin message because the timeout does not receive an ACK message, so this time_wait state is used to resend the possible missing ACK message.

"Linux TCPIP three-time handshake and four wave-waving analysis"