TCP three-time handshake and four wave-waving process in Python

TCP three-time handshake and four-time wave

First, let's describe what the transport layer is:

1, three handshake

1) Three-time handshake details

First, the client (client) side sends the connection request message, the server (server) segment accepts the connection and replies to the ACK message, and allocates resources for the connection. An ACK message is also sent to the server segment after the client receives an ACK message, and the resource is allocated so that the TCP connection is established.

The TCP processes at both ends are in the closed shutdown state, a actively opens the connection, and B passively opens the connection. (A, b off-state closed---B listening Status listen--a sync sent status syn-sent--b Sync received status Syn-rcvd--a, B connection established status established)

• b The TCP server process first creates the transport control block TCB, ready to accept connection requests from the client process. The server process is then in listen (listening) state, waiting for the client's connection request. If so, the response will be made.
• 1 ) Handshake for the first time: A TCP client process is also the first to create a transport control block TCB, and then send a connection request packet to B, (the first synchronization bit syn=1, the initial sequence number Seq=x), (Syn=1 message segment can not carry data) but to consume a sequence number, At this point the TCP client process enters the syn-sent (synchronous sent) state.
• 2 ) Second handshake: b After receiving the connection request message segment, if you agree to establish a connection, send a confirmation to a, in the confirmation message section (syn=1,ack=1, confirmation number ack=x+1, initial sequence number seq=y), test the TCP server process into the SYN-RCVD (synchronously received) state;
• 3 ) Third handshake: After receiving the confirmation of B, the TCP client process should give the confirmation segment (ack=1, confirmation number ack=y+1, ordinal seq=x+1) to B (initial seq=x, second segment so + 1), the ACK segment can carry data, No data is consumed without the serial number. The TCP connection has been established and a has entered established (a connection has been established).
• When B receives the confirmation of a, it also enters the established state.

(2) Summarize three handshake processes:

• first handshake : At first both ends are in closed off state, the client will flag bit SYN to 1, randomly generate a value seq=x, and the data packets to server,client into Syn-sent state, waiting for the server to confirm;
• second handshake : After the server receives the packet by the flag bit Syn=1 learns that the client request establishes the connection, the server sets the flag bit SYN and ACK to 1,ack=x+1, randomly produces a value seq=y, and packets the data to the client to confirm the connection request, the server enters the SYN-RCVD state, at which time the operating system allocates TCP cache and variables for the TCP connection;
• third handshake : After the client receives the acknowledgment, check whether the ACK is x+1,ack 1, and if correct, set the flag bit ACK to 1,ack=y+1, and the operating system assigns the TCP cache and variables to the TCP connection at this time. The data is packets sent to Server,server to check if the ACK is Y+1,ack 1, if the connection is successful, the client and server enter the established state, and the three handshake is completed. The client and server can then begin transmitting data.

At first both A and B are in the closed state --b create TCB, in listen state , wait for a request--a create TCB, send connection request (SYN=1,SEQ=X), enter syn-sent State - -B receives the connection request, sends a confirmation to a (syn=ack=1, confirmation number ack=x+1, initial sequence number seq=y), enters the SYN-RCVD status --a receives B's confirmation, sends the confirmation (ack=1,ack=y+1,seq=x+1), A enters the established state --b receives a confirmation, enters the established state.

TCB Transport Control block Transmission Control Block, which stores important information in each connection, such as a TCP connection table, a pointer to the send and receive cache, a pointer to the retransmission queue, and the current send and receive sequence numbers.

(3) Why does a have to send a confirmation? Can I shake hands two times?

A: The main purpose is to prevent the failure of the connection request message segment suddenly transmitted to B, resulting in an error . If a connection request is made, but the connection request message is lost and the acknowledgement is not received, a then re-passes the connection request. Later received confirmation that the connection was established. After the data transfer is completed, the connection is released, a worker sends out two connection request message segments, the first one is lost, the second arrives at B, but the first missing segment is stuck in some network nodes for a long time, and delays to a certain time after the connection is released to B, At this point, B is mistaken for a new connection request, so that a confirmation message to a section, agreed to establish a connection, do not use three handshake, as long as B issued a confirmation, the establishment of a new connection, at this time a ignore B confirmation and do not send data, then B consistent wait for a to send data, wasting resources.

(4) Server side susceptible to SYN attacks?

Server-side resource allocation is allocated at two handshake, and the client's resources are allocated during three handshake, so the server is prone to SYN flood attack, SYN attack is the client in a short period of time to forge a large number of non-existent IP addresses, and to the server constantly send SYN packets, The server replies to the confirmation package and waits for client confirmation that the server needs to be continually re-sent until the timeout expires because the source address does not exist, and that the forged SYN packets will take up the disconnected queue for a long time, causing the normal SYN request to be discarded because the queue is full, causing network congestion and even system paralysis.

To prevent SYN attack measures: Reduce the host's waiting time so that the host as soon as possible to release the use of half-connection, a short period of time by an IP duplicate SYN discard subsequent requests.

2, four waves

(1) Four waves in detail

Suppose the client side initiates an interrupt connection request, which is to send a fin message. After the server receives the fin message, it means "My client has no data to send to you", but if you have data that is not sent, you do not need to close the socket, you can continue to send data. So you first send an ACK, "tell the client that your request I received, but I am not ready, please continue to wait for my message." At this point the client enters the fin_wait state and continues to wait for Fin messages on the server side. When the server side determines that the data has been sent, the fin message is sent to the client side, "Tell the client side, OK, my side of the data is finished, ready to close the connection." Client side received fin message, "I know can shut down the connection, but he still do not believe the network, afraid the server side do not know to shut down, so send an ACK into the time_wait state, if the server does not receive an ACK can be re-transmitted. "When the server side receives an ACK," You know you can disconnect. " Client side waiting for 2MSL still not received a reply, the server side has been properly shut down, well, I can also close the client terminal connection. The OK,TCP connection is closed like this!

After the data transfer ends, both sides of the communication can release the connection, and both A and B are in the established state. (A, B connection establishment State established--a termination wait 1 state fin-wait-1--b shutdown Wait State close-wait-- A stop wait 2 state fin-wait-2--B finally confirm the status Last-ack--a time wait state time-wait--B, a off state closed)

• 1) A's application process first sends a connection release message segment (fin=1, ordinal seq=u) to its TCP, and stops sending the data, actively closes the TCP connection, enters the fin-wait-1 (terminating wait 1) state, waits for the confirmation of B.
• 2) b After receiving the connection to release the message section is issued confirmation message segment, (ack=1, confirmation number ack=u+1, serial number seq=v), b into the close-wait (shutdown wait) state, at this time the TCP in the semi-shutdown state, A to B connection release.
• 3) A after receiving the confirmation of B, enter the fin-wait-2 (terminating wait 2) status, waiting for the connection release message segment sent by B.
• 4) b There is no data to send to A, B sends a connection release message segment (fin=1,ack=1, serial number seq=w, confirmation number ack=u+1),B enters Last-ack (final confirmation) status, waits for a confirmation.
• 5) A after receiving the connection release message section of B, the acknowledgment message segment (ack=1,seq=u+1,ack=w+1) is sent, a enters the time-wait (time Wait) state. At this point, TCP is not released, it takes time to wait for the timer to set the time of 2MSL, a before entering the closed state.

(2) sum up four wave waving process:

At first, A and B are in the established state --a send a connection release message segment and in fin-wait-1 State --b Send a confirmation segment and enter close-wait status --a receive confirmation, enter fin-wait-2 status , waiting for the connection of B to release the message segment--b no data to send to A, B sends a connection to release the message segment and enters the last-ack state --a sends the acknowledgment segment and enters the time-wait state --b After receiving the confirmation message segment into the closed state --a after waiting timer time 2MSL, enter the closed state .

(3) Why does a have to wait 2MSL time in time-wait state?

MSL longest message segment life maximum Segment lifetime,msl=2

A: Two reasons:1) Ensure that the last ACK segment sent by a can reach B. 2) prevent "Invalid connection request message segment" From appearing in this connection.

• 1) This ACK message segment may be lost, so that the Last-ack status of B can not receive the acknowledgment of the sent Fin+ack message segment, B time-out retransmission Fin+ack message segment, and a can receive the retransmission of the Fin+ack message segment within 2MSL time, and a re-transmission of a confirmation, Restart the 2MSL timer, finally A and B are entered into the closed state, if a in the time-wait state does not wait for a period of time, but after sending the ACK message segment immediately after releasing the connection, you can not receive the B retransmission of the Fin+ack message segment, so no longer send a confirmation message segment , b fails to enter the closed state properly.
• 2) A after sending the last ACK message segment, then after 2MSL, you can make the connection for the duration of the time generated by all the message segments will disappear from the network, so that the next new connection will not appear in the old connection request message segment.

(4) Why the connection is three times handshake, closed when the handshake is four times?

A: The syn+ack message can be sent directly after the server receives the SYN connection request message from the client side. Where the ACK message is used to answer, the SYN message is used for synchronization. However, when the connection is closed, when the server side receives the fin message, it is likely that the socket will not be closed immediately, so you can only reply to an ACK message, tell the client side, "You send fin message I received." I can't send fin messages until all the messages on my server end are sent, so I can't send them together. Therefore, four-step handshake is required.

(5) Why does the time_wait state need to go through 2MSL (maximum message segment lifetime) to return to the close status?

A: Although according to reason, four messages are sent, we can go directly to the close state, but we must pretend that the network is unreliable, there can be a last ACK lost. So the TIME_WAIT state is used to re-send the possible missing ACK messages.

TCP three-time handshake and four wave-waving process in Python