TCP packet format

The TCP protocol is also built on the IP protocol, but the TCP protocol is reliable and sent in order. The TCP data structure is more complex than the previous structure.

Row 0 ....... 4 ....... 8 .. 10 ........... 16 .............. 24 .............. 32 ------------------------------------------------------------------ 1 | ......... source Port. src-port ....... | ......... destination Port. DST-port ..... | ------------------------------------------------------------------ 2 | ............................ serial number. SEQ ......................... | ------------------------------------------------------------------ 3 | ............................ confirmation number. ack_seq ..................... | ------------------------------------------------------------------ | ........ | .......... | U | A | p | r | S | f | ........................... .... | 4 | header length |. reserved (6 ).. | r | c | S | Y | I | ....... window. window ............. | | .. Doff .. | .......... | G | K | H | T | n | ........................... .... | ------------------------------------------------------------------ 5 | ........ checksum. check ........... | ........ emergency pointer. urg_ptr ....... | ------------------------------------------------------------------ | ....................... Option .................... | .... fill Byte... | ------------------------------------------------------------------

Each row contains 32 characters = 4 bytes.

Source Port (16) | destination port (16) Sequence Number (32) Acknowledgment number (32) Data offset (4) | reserved (6) | ugr | ACK | PSH | RST | SYN | FIN | window (16) Checksum (16) | Urgent Pointer (16) Options (0 or more 32 bit words + padding) Data

Meaning of TCP Fields

Source Port & Destination Port

If we compare the IP address to the address, the port can be said to be the door. Imagine a building with a front door, a rear door, a side door, a spam door, a dead door, and so on. ......

A single IP address also has multiple ports with various functions, and each port is listened to by different services, just like a gatekeeper. Below are some common ports that are of interest to their corresponding services.
You can find them in the/etc/services file of Linux.
FTP-data 20/tcp
FTP 21/tcp
Telnet 23/tcp
SMTP 25/tcp mail
WWW 80/tcp HTTP # worldwideweb HTTP
WWW 80/udp # Hypertext Transfer Protocol
Pop-3 110/tcp # Pop Version 3
Pop-3 110/udp

In fact, the port number can be used with any services you like to specify, but in order to avoid "finding the wrong door" (unless you deliberately want to hide) people will use some of the more common services (well
Known
Services. However, in the TCP data transmission process, more than one package may be processed at the same time, and multiple ports will be created to avoid burst. Enter
The source port and destination port must be known to TCP during data transmission.

Sequence Number
Sending sequence number. When data is transferred from one host to another, the sender creates an initial number for the packet and then increments accordingly according to the number of sent bits. the incremental value is used as the serial number. In this way, the receiver can check whether the data is received completely based on the serial number.

Acknowledgement number
Response sequence number. When the receiving end receives the TCP packet, it passes the verification and then generates a response serial number according to the sending serial number to send a response packet to the sending end, so that the receiving end will know that the packet has been successfully received.

However, if the TTL value of a packet expires due to network conditions or other reasons, the receiving end will resend the packet that is thought to have been lost before receiving the response number. However, if a response is received only after the packet is resold, the receiving end will judge whether the packet is resold Based on the serial number. If yes, it is easy to discard it without any processing.

Data offset
This is used to record the Fixed Length of the header, which is similar to the IHL of IP packets. If options is not set, the length is 20 bytes, Which is 0x14 in hexadecimal notation.

Reserved
This is the reserved range that has not yet been used.

Contral flag
Control tag. There are six of them: Urgent Data
If URG is 1, it indicates that this is a packet carrying urgent information.

Acknowledgment field significant
If Ack is 1, it indicates that this packet belongs to the packet to be responded. Generally, it is 1.

Push Function
If PSH is 1, the data carried by this packet will be directly uploaded to the upper-layer application without the need for TCP processing.

Reset
If RST is 1, retransmission is required. Indicates that the packets need to be reset and then re-transmitted.

Synchronize sequence number
If SYN is 1, both parties are required to communicate synchronously.

No more data for sender (finish)
If the fin value is 1, the transfer is over, and then both parties send an end response to formally terminate a TCP transfer process. Window
We all know what Ms Windows is, but the window here is not the "window" of the operating system. It is generally called "Sliding Window )". Why should we use Windows?

As you can see, the TCP packet uses the sqn and ACK serial numbers to ensure the correctness of the transfer, however, it would be too slow and unacceptable if every packet had to wait for the response from the previous packet to be sent.
. In this way, we can use the sliding window to divide a range at both ends of the transfer and specify the maximum number of packets that can be sent at a time.

After TCP transmission is established, both ends will restore the window setting value to the initial value. For example, three packets are transferred each time. Then, the sender sends three packets at a time, and then the window moves to the backend.
Three packets fill the gap in the sent packets. If the receiving end can process the received three packets at a time, it will tell the sending end that the window value is 3, but if the receiving end is too busy or
For the time being, only two packets can be processed, so there will be one packet in the window, and the sending end will be told that the window value is 2. At this time, the sender sends only two packets, and the window will then
Move two packets to fill the gap in sending. You understand why the window will slide.

In fact, the window value is calculated based on the number of bytes.

Chechsum
When the data is to be sent out, the sender calculates the data size of the packet, and then obtains the test value. The packet is sent together. When the receiving end receives the packet, the data size is calculated to check whether or not the data size is verified. value consistency if the result is not commensurate, the packet is deemed as incomplete and the other party is required to resend the packet.

Urgent Pointer
I still remember talking about control.
When the flag is used, do we mention a URG mark? If the URG is set to one, the location of the emergency data is indicated here. However, this situation is rare, for example, when the data traffic exceeds the bandwidth
The system requires the network host to suspend sending information. All Hosts must take priority in receiving such information.

Option
This option is rarely used. When programs that require synchronous operations such as telnet need to process the Interactive Mode of the terminal, the option will be used to specify the size of the data packet, Because telnet uses few data packets but requires immediate response.

The length of option is 0 or an integer multiple of 32 bits. If it is not enough, it is filled with full.

Next we will capture a TCP packet to see what you can interpret from it

UDP or TCP

The TCP/IP network IP packets detect the existence of the other party through the ICMP protocol and ensure the most likely correct transmission. However, in addition to the TCP protocol, we also use another
The transport protocol is UDP
Protocol) the biggest difference between him and TCP is that the data is directly sent to the other party without detecting the existence of the other party, assuming that the other party will receive the data on its own.

In this way, sound transmission can save communication and confirmation time for programs that require access to building data without requiring reliable transmission, thus increasing the amount of data transmitted. UDP protocol, for example, dnssnmpnfsbootp.

Advantages and disadvantages of the Agreement
Stable data transmission over TCP has a high success rate. Slow speed.
UDP transmission is fast. Data may be lost due to instability.

The TCP structure is defined in :.
Struct tcphdr {
U_int16_t source;
U_int16_t DEST;
U_int32_t seq;
U_int32_t ack_seq;
# If _ byte_order = _ little_endian
U_int16_t RES1: 4;
U_int16_t doff: 4;
U_int16_t Fin: 1;
U_int16_t SYN: 1;
U_int16_t rst: 1;
U_int16_t PSH: 1;
U_int16_t ack: 1;
U_int16_t URG: 1;
U_int16_t RES2: 2;
# Elif _ byte_order = _ big_endian
U_int16_t doff: 4;
U_int16_t RES1: 4;
U_int16_t RES2: 2;
U_int16_t URG: 1;
U_int16_t ack: 1;
U_int16_t PSH: 1;
U_int16_t rst: 1;
U_int16_t SYN: 1;
U_int16_t Fin: 1;
# Endif
U_int16_t window;
U_int16_t check;
U_int16_t urg_prt;
};

Source Port for sending TCP Data
Destination port on which DEST accepts TCP Data

SEQ identifies the start serial number of the data bytes contained in the TCP. Normally, each seq adds the number of data bytes sent last time to the last seq (data bytes = IP packet length-IP header length-TCP Header length ).

Ack_seq confirms the serial number, indicating the data serial number accepted by the receiver next time. The number of data bytes received with the last received seq +.

The length of the doff data header. The same as the IP protocol, the unit is 4 bytes. Generally, the length is 5 bytes.

If URG sets an emergency Data Pointer, this bit is 1

Ack if the confirmation number is correct, it is 1

If the PSH is set to 1, the Receiver immediately submits the data to the previous program after receiving the data.

When RST is 1, the request is reconnected.

When SYN is set to 1, a connection is requested.

When Fin is 1, the connection is closed

Window, indicating the size (in bytes) that the recipient can receive)

Check checks the TCP data.

Urg_ptr if URG = 1, it indicates the Offset Value of the serial number starting from the historical data for the emergency data.

For details about the TCP protocol, see rfc793

7.6 establish a TCP connection
TCP is a reliable connection. To ensure the reliability of the connection, the TCP connection is divided into several steps. We call this connection process "three-way handshake ".

Next we will analyze the process of establishing a connection from an instance.

Step 1: the client sends a TCP packet to the server, indicating that the request establishes a connection. Therefore, the client sets the SYN bit of the packet to 1 and the serial number seq = 1000 (we assume it is 1000 ).

Step 2: the server receives the data packet and learns from the SYN bit 1 that this is a connection to establish a request. Therefore, the server also sends a TCP data packet to the client. because it responds to the client request, the Service
Set ack to 1, ack_seq = 1001 (the serial number of the other party is 1000 + 1), and set its serial number. seq = 2000 (we suppose it is 2000 ).

Step 3: the client receives the TCP of the server and obtains the confirmation information from the server from ack 1 and ack_seq = 1001. Therefore, the client also sends confirmation information to the server.
Set ACK = 1, and ack_seq = 2001 (the serial number of the other side is 2000 + 1), seq = 1001, and send it to the server. Now the client has completed the connection.

In the last step, the server is confirmed and the connection is completed.

Through the above steps, a TCP connection is established. Of course, errors may occur during the establishment process, but the TCP protocol can ensure that you can handle errors.

Let's talk about one of the errors.
Have you heard of dos? (Not the operating system). During the Spring Festival this year, the five websites in the United States were attacked together. The attackers used DoS (Denial-of-Service) methods.
The client performs the first step. After the server receives the request, the server performs the second step. The client performs the third step according to the normal TCP connection.

However, the attacker does not actually perform the third step, because the client modifies its IP address during the first step, that is, it fills a nonexistent IP address in its own IP packet
The IP address of the sender. in this way, because no one receives the IP address sent by the server, the server will not receive the confirmation signal in step 3, so that the service end will wait there until the timeout.
In this way, when a large number of customers send requests, the server will wait a lot until all the resources are used up and cannot receive client requests.
In this way, when a normal user sends a request to the server, the request cannot be successful due to lack of resources, so the situation occurs during the Spring Festival.

Http://oa.jmu.edu.cn/netoa/libq/pubdisc.nsf/aac7d56ca8fd884b852563be00610639/c2baaff26ce2e72948257288004e6459? OpenDocument & expandsection = 1