TCP/IP Layer fourth--the Transport Layer TCP data packet detailed

Unlike UDP, TCP provides a reliable, connection-oriented, byte-throttling service. The reliability of TCP protocol mainly has the following guarantees: (1) The application data is segmented into the data block which TCP thinks is most suitable for sending. This is controlled in part by the "MSS" (maximum packet length) option, which is often referred to as a negotiation mechanism, which sets the length of the maximum block of data that TCP travels to the other end. It is noteworthy that MSS can only appear in the SYN message segment, and if one side does not receive an MSS value from the other, the MSS is set to 536 bytes.       In general, without fragmentation, the MSS value is greater and better, which can improve the utilization of the network. (2) retransmission mechanism.       Set timer, wait for confirmation package.       (3) Verify the header and data.       (4) TCP sorts the data received and then hands it to the application layer.       (5) The receiving end of TCP discards duplicate data. (6) TCP also provides flow control. (provided by the size of the window declared at each end)

the process of 1.TCP/IP protocol data Encapsulation

Take the transport layer adopt TCP or UPD, the network layer uses the IP, the link layer uses the Ethernet as the example, may see the TCP/IP message encapsulation process as shown. The user data is encapsulated by the application layer protocol and passed to the transport layer. The transport layer encapsulates the TCP head, gives the network layer, the network layer encapsulates the IP head, then gives the data link layer, the Data link layer encapsulates the Ethernet frame head and the frame tail, gives the physical layer, the physical layer sends the data to the physical line in the form of the bit flow.

The different protocol layer has different appellation to the packet, in the transport layer is called the segment (segment), at the network layer is called the datagram (datagram), at the link layer is called the frame. The data is encapsulated into a frame and sent to the transmission medium, and then the corresponding header is stripped after each layer protocol, and finally the application layer data is submitted to the application for processing.

After the destination host receives the packet, how to reach the application at the end of each layer protocol stack. The entire process is shown in the following illustration.

The Ethernet driver (NIC) first determines the payload of the data frame according to the "Upper layer protocol" field in the Ethernet header (payload, which means removing the actual data transmitted outside the protocol header), is the datagram of IP, ARP or RARP protocol, and then handing over the corresponding protocol. In the case of an IP datagram, the IP protocol then determines whether the payload of the datagram is TCP, UDP, ICMP, or IGMP, based on the "Upper layer protocol" field in the IP header, and then the corresponding protocol is processed. In the case of a TCP segment or UDP segment, the TCP or UDP protocol then determines which user process should be given the application-tier data according to the port number field of the TCP header or UDP header. The IP address is the address that identifies different hosts on the network, and the port number is the address on the same host that identifies the different processes, and the IP address and port number together identify the only process in the network.

Note that although IP, ARP, and RARP datagrams require an Ethernet driver to encapsulate frames, they are functionally divided, and ARP and rarp belong to the link layer, and IP belongs to the network layer. Although ICMP, IGMP, TCP, UDP data all need IP protocol to encapsulate the datagram, but from the functional partition, ICMP, IGMP and IP belong to the network layer, TCP and UDP belong to the transport layer.

2.TCP/IP Data Packets

We grab the bag through the Wireshark: we see five levels of data separately:

The first line frame 3339: Physical layer Data frame: line 83 bytes, actually capturing 83 bytes

Second Line Ethernet II: Link Layer network card, Ethernet protocol version II, source address: Factory Name _ Serial number (network card address), Purpose: Factory name _ Serial number (network card address)

Third line of Internet Protocol Version 4: Network layer IP packets, IPV4, source IP address: 10.44.13.7; Destination IP is: 10.171.8.154

Line four Transmission Control Protocol: Transport Layer TCP packet: Source port 21000, destination port: 52529;seq serial Number: Each RTP packet is sent, the serial number is added 1;ack is the confirmation flag in the TCP packet header, The received TCP message is confirmed to be 183589, which indicates that the acknowledgement number is valid. Len length is 17 bytes;

Line five: Data

The format of the entire data package is shown in the following illustration:

The following data information is displayed in the same order as the fields in each packet, and the contents of other frames are wireshark similar.

Frame number time source address destination address High Level protocol package information overview
No. Time Source Destination Protocol Info
1 0.000000 202.203.44.225 202.203.208.32 TCP 2764 > http [SYN] seq=0 len=0 mss=1460 Source port > Destination port [request to establish TCP link]
Overview of data frames for the first layer of physical layerFrame 1 (bytes on wire, bytes captured)Frame 1th, line 62 byte, 62 bytes actually captured
Arrival Time:jan 21, 2008 15:17:33.910261000 capture Date and time
[Time Delta from previous packet:0.00000 seconds] The interval between this package and the previous package
[Time since reference or frame:0.00 seconds] The interval between this package and frame 1th
Frame number:1 Number of frames
Packet length:62 Bytes Frame length
Capture length:62 Bytes Capture length
[Frame is marked:false] This frame is marked: no
The protocol hierarchy encapsulated within [protocols in FRAME:ETH:IP:TCP] frames
[Coloring rule Name:http] The name of the protocol with different color staining tags: HTTP
[Coloring Rule String:http | | tcp.port = 80] A string of staining display rules: Second tier Data Link Layer Ethernet frame header informationEthernet II, src:acertech_5b:d4:61 (00:00:e2:5b:d4:61), dst:jetcell_e5:1d:0a (00:d0:2b:e5:1d:0a)
Ethernet Protocol Version II, source address: Factory Name _ Serial number (network card address), Purpose: Factory name _ Serial number (network card address)
DESTINATION:JETCELL_E5:1D:0A (00:d0:2b:e5:1d:0a) Purpose: Factory name _ Serial number (network card address)
source:acertech_5b:d4:61 (00:00:e2:5b:d4:61) Source: Factory Name _ Serial number (network card address)
Type:ip (0x0800) frame-encapsulated upper layer protocol type is IP (hexadecimal code 0800) look at the textbook 70 page Figure 3.2 Layer IP packet header informationInternet Protocol, src:202.203.44.225 (202.203.44.225), dst:202.203.208.32 (202.203.208.32)Internet Protocol, source IP address, destination IP address
Version:4 Internet Protocol IPV4 (refer to the IPV4 datagram field structure in the textbook 119 page Figure 4.15)
Header length:20 bytes IP packet head length
Differentiated Services field:0x00 (DSCP 0x00:default; ecn:0x00) Differential service field
Total length:48 IP packet length identification:0x8360 (33632) Flag Field Flags: Flag field (whether this IP packet is allowed to be segmented, textbook 125 pages) Fragment The offset:0 fragment offset (The identification of this segment when transferring an IP packet after the transmission is routed)
Time to live:128 lifetime TTL
PROTOCOL:TCP (0x06) the upper layer protocol encapsulated in this package is TCP
Checksum of header checksum:0xe4ce [correct] header data
source:202.203.44.225 (202.203.44.225) Source IP address
destination:202.203.208.32 (202.203.208.32) Destination IP address below is the Transport layer TCP data segment header informationTransmission Control Protocol, SRC port:2764 (2764), Dst port:http (M), seq:0, len:0TCP content of Transmission Control Protocol
SOURCE port:2764 (2764) Origin port name (port number) (see Textbook 149 page Figure 5.7)
Destination Port:http (80) Destination port name HTTP (port number 80)
Sequence number:0 (relative Sequence number) serial numbers (relative serial number)
Header length:28 bytes Head length
flags:0x02 (SYN) TCP tag field (this field is SYN and is a request to establish a TCP connection)
Window size:65535 flow control Windows size
checksum:0xf73b [Correct] TCP data segment checksum
Options: (8 bytes) optional

Packet packets for 3.TCP packets

1, TCP establishes the connection, the disconnection, the data transmission all is uses the same information message format.

Where we grabbed the packet and saw the Transmission control Protocol header's data information:

Transmission Control Protocol, SRC port:21000, Dst port:52529, seq:12936, ACK 183589 len:17 TCP content of Transmission Control Protocol
SOURCE port:21000 Name (port number) (used to find the originating application process)
Destination port:52529 Destination Port
Sequence number:0 (relative Sequence number) (relative serial number, which is used to determine the correct location of the transmitted data, and serial number to detect lost packets);

[Next sequence number:215 (relative sequence number)] #下一个序列号

Acknowledgement number:183589 is a 32-digit confirmation number, confirming its validity;
Header length:32 bytes Head length
flags:0x02 (SYN) TCP tag field (this field is SYN and is a request to establish a TCP connection)
Window size value:6364 Flow-controlled windows
checksum:0xf73b [Correct] TCP data segment checksum
Options: (bytes) optional

The following description describes in detail:

Source port and destination port : Each 2 byte, 16 bit port number plus 32 bits of IP address, together constitute the equivalent of Transport Layer service access point address

seq Serial Number: 4 bytes is the ordinal number of the first byte of the data part sent by this paragraph. In a data stream that is transmitted by TCP, each byte has an ordinal number.

1, assuming that the serial number is 300, the simple understanding is that the sender told the receiving end that "I sent the data from the No. 300 start."

2, assuming the data len=100 bytes, then the next message segment is the serial number is 400;

ACK Confirmation Serial number: 4 bytes, is expected to receive the next time the data sent by the first byte ordinal number, that is, expect to receive the next message segment in the header of the sequence number;

1, the confirmation serial number is the last time the data byte serial number plus 1 has been successfully received. It can also be understood that the receiving end tells the sender that it wants to receive the start sequence next time. If a confirmation number is 1000, the simple understanding is that the receiver tells the sender, "I have received the NO. 999 serial number, the next time I want to receive the data from 1000."

2, because the serial number field has 32 than the specialty, may 4GB the data carries on the numbering, thus may guarantee when the serial number repeats uses, the old serial number data already disappeared in the network;

In the course of data transfer:

First message send: Seq1=1 ack1=1 len1=359

received the first message reply: SEQ2 =1 ack2=seq1+ ack1= 360, len1=17

Next message send: Seq3=ack2 =seq1 (last sent message seq1 + last sent message len1) =360 ack3=seq1+ ACK1 =18 len3=0