Several TCP states play a role in our analysis.
On the TCP layer, there is a FLAGS field, which has the following identifiers: SYN, FIN, ACK, PSH, RST, and URG.
The preceding five fields are useful for our daily analysis.
Their meanings are:
SYN indicates establishing a connection,
FIN indicates closing the connection,
ACK indicates a response,
PSH indicates DATA transmission,
RST indicates that the connection is reset.
Among them, ACK may be used together with SYN and FIN. For example, SYN and ACK may both be 1, which indicates the response after the connection is established,
If it is only a single SYN, all it means is to establish a connection.
The several handshakes of TCP are represented by such ACK.
However, SYN and FIN are not 1 at the same time, because the former indicates a connection, while the latter indicates a disconnection.
RST is usually 1 after FIN, indicating that the connection is reset.
Generally, when a FIN or RST packet occurs, we think that the client is disconnected from the server. When a SYN and SYN + ACK packet appears, we think the client has established a connection with the server.
When PSH is 1, it usually only appears in packets whose DATA content is not 0. That is to say, PSH is 1, indicating that the real TCP packet content is transmitted.
Both TCP connection establishment and connection closure are completed in request-response mode.
Concept supplement-TCP three-way handshake:
TCP (Transmission Control Protocol) Transmission Control Protocol
TCP is the transmission control protocol used by the host to control the host layer. It provides reliable connection services and uses three handshakes to establish a connection:
The location code is the tcp flag. There are 6 types of tags: SYN (synchronous established online) ACK (acknowledgement confirmation) PSH (push transfer) FIN (finish ended) RST (reset) URG (urgent) Sequence number (Sequence number) Acknowledge number (confirmation number)
The first handshake: host A sends A packet with A syn = 1 and generates A random seq number = 1234567 packet to the server. Host B is known as SYN = 1, and host A requires online connection;
The second handshake: after receiving the request, host B needs to confirm the online information and send ack number = (seq + 1 of host A), syn = 1, ack = 1, generates packets with seq = 7654321 at random;
The third handshake: After receiving the handshake, host A checks whether the ack number is correct, that is, the seq number + 1 sent for the first time, and whether the ack is 1. If yes, host A will send ack number = (seq + 1 of host B), ack = 1 again. After host B receives the message, confirm that the seq value is set to ack = 1, and the connection is established successfully.
After three handshakes are completed, data is transmitted between host A and host B.
In TCP/IP, TCP provides reliable connection services and uses three handshakes to establish a connection.
First handshake: when a connection is established, the client sends the syn Packet (syn = j) to the server and enters the SYN_SEND status. Wait for the server to confirm;
The second handshake: when the server receives the syn packet, it must confirm the customer's SYN (ack = j + 1) and send a SYN Packet (syn = k), that is, the SYN + ACK packet, the server enters the SYN_RECV status;
The third handshake: the client receives the server's SYN + ACK package and sends the ACK (ack = k + 1) Confirmation package to the server. After the package is sent, the client and server enter the ESTABLISHED status, complete three handshakes. After three handshakes are completed, the client and the server start to transmit data.