From: http://blog.csdn.net/metasearch/article/details/2147213
TCP handshake protocol
In TCP/IP, TCP provides reliable connection services and uses three handshakes to establish a connection.
First handshake: when a connection is established, the client sends the SYN Packet (SYN = J) to the server and enters the syn_send status. Wait for the server to confirm;
The second handshake: when the server receives the SYN packet, it must confirm the customer's Syn (ACK = J + 1) and send a SYN Packet (SYN = K), that is, the SYN + ACK packet, the server enters the syn_recv status;
The third handshake: the client receives the server's SYN + ACK package and sends the ACK (ACK = k + 1) Confirmation package to the server. After the package is sent, the client and server enter the established status, complete three handshakes.
After three handshakes, the client and the server start to transmit data. In the above process, there are some important concepts:
Unconnected queue: in the three-way handshake protocol, the server maintains an unconnected queue, which opens an entry for the SYN Packet (SYN = J) of each client, this entry indicates that the server has received the SYN Packet and sent a confirmation to the customer, waiting for the customer's confirmation package. The connection identified by these entries is in the syn_recv state on the server. When the server receives the customer's confirmation packet, it deletes the entry and the server enters the established state.
Backlog parameter: Maximum number of unconnected queues.
SYN-ACK retransmission times the server sends the SYN-ACK package, if the customer does not receive the confirmation package, the server for the first retransmission, wait for a period of time has not received the customer confirmation package, for the second retransmission, if the retransmission times exceed the maximum retransmission times specified by the system, the system deletes the connection information from the semi-connection queue. Note that the waiting time for each retransmission is not necessarily the same.
Semi-connection survival time: the maximum time for the semi-connection queue to survive, that is, the maximum time for the service from receiving the SYN packet to confirming that the message is invalid, the maximum waiting time of all retransmission request packets. The semi-join survival time is also called timeout time and syn_recv survival time.
========================================================== ======================================
Now, let's take a look at the complete process. On a TCP socket, how does the system call connect to establish a connection to the peer end. Let's take the test environment 172.16.48.2 as an example to initiate a connection request to port 5002 of 172.16.48.1.
Step 1: 172.16.48.2 initiate a connection request to 172.16.48.1, send a SYN segment, specify the destination port 5002, and advertise its initial serial number (ISN, a 32-digit random number generated by the protocol stack ), set the confirmation sequence number to 0 (because no peer data has been received), and notify yourself that the sliding window size is 5840 (the peer side is 5792, which seems to be a problem, to be further checked), the window expansion factor is 2 (in the first option), and the maximum length of the advertised message segment is 1460 (local area network ), the following figure shows the data content (the Ethernet header of the link layer and the IP address header of the network layer ):
Meaning of data content
Basic Header
80 0e source port (32782)
13 8A destination port (5002)
00 00 07 BC initial serial number isn
00 00 00 00 confirm serial number
A header length
0 02 flag, SYN = 1
16 D0 sliding window size (5840)
64 9e checksum
00 00 emergency pointer
TCP options
02 04 05 B4 Maximum packet segment length (1460)
04 02 sack allowed
08 0a 00 0a 79 14 00 00 00 timestamp (0x000a7914), Echo timestamp (0)
01 placeholder.
03 03 02 window expansion factor (2)
Step 2: 172.16.48.1 after receiving the request package, check the flag and find SYN = 1, it is considered as a request to initiate the connection, respond to this SYN, and also send its own SYN segment (ACK, syn ). Because SYN occupies a sequence number (and the fin also occupies a sequence number ). Therefore, confirm that the serial number is set to ISN plus 1 of 172.16.48.2 (that is, 172.16.48.1 expects to receive the first serial number of the next package from 172.16.48.2 as 0x07bd. At the same time, we also need to announce our initial sequence number, sliding window size, window expansion factor, maximum packet segment length, etc. The following is the data content:
Meaning of data content
Basic TCP Header
13. Source Port 8a (5002)
Port 80 0e (32782)
98 8e 40 91 initial serial number isn
00 00 07 BD validation serial number (peer isn + 1)
A header length
0 12 flag, ACK = 1, SYN = 1
16 A0 Sliding Window Size
65 D7 checksum
00 00 emergency pointer
TCP options
02 04 05 B4 Maximum packet segment length (1460)
04 02 sack allowed
08 0a 00 3C 25 8A 00 0a 79 14 timestamp (0x003c258a), Echo timestamp (000a7914)
01 placeholder
03 03 02 window expansion factor (2)
Step 3: 172.16.48.2 confirm the SYN segment from 172.16.48.1. At this point, the TCP three-way handshake protocol is complete, and the connection is established. When 172.16.48.2 receives the SYN segment, change the status of your socket from tcp_syn_sent to tcp_established to enter the connection establishment status. The following figure shows the data content:
Meaning of data content
80 0e source port (32782)
13 8A destination port (5002)
00 00 07 BD No. (It is no longer an ISN)
98 8e 40 92 confirmation serial number (peer isn + 1)
8 header length (8*4 = 32, with 12-byte options)
0 10 mark, ACK = 1
05 B4 sliding window size (1460, is there a problem? To be confirmed)
A5 8A checksum
00 00 emergency pointer
01 placeholder
01 placeholder
08 0a 00 0a 79 14 00 3C 25 8A timestamp (0x0a007914), Echo timestamp (0x003c258a)
========================================================== ==================================
7. Briefly describe the three-way handshake process, and explain why the three-way handshake is initiated through the three-way handshake. The purpose of the three-way handshake is to synchronize the serial number and confirmation number of both parties and exchange the TCP window size information. The following steps provide an overview of how client computers normally contact server computers: 1. the client sends a TCP packet with a SYN position to the server, it contains the initial serial number X of the connection and the size of a window (indicating the buffer size of the incoming segment sent from the server on the client ). 2. after receiving the SYN Packet sent from the client, the server sends a TCP packet with both SYN and ACK positions to the client, it contains the selected initial serial number y, the confirmation of the client serial number x + 1, and the size of a window (indicating the buffer size of the incoming segment sent from the client on the server). 3 .. after the client receives the SYN + ACK packet returned by the server, it returns an ACK packet with the Confirmation No. Y + 1 and No. x + 1 to the server. A standard TCP connection is complete. TCP uses a similar handshake process to end the connection. This ensures that both hosts can complete transmission and that all data is received.
Tcp client |
Flags |
TCP Server |
1 send Syn (SEQ = X) |
---- SYN ---> |
SYN encoded ed |
2 SYN/ack received |
<--- SYN/ack ---- |
Send Syn (SEQ = Y), Ack (x + 1) |
3 send ACK (Y + 1) |
---- Ack ---> |
Ack received, connection established |
W: isN (initial sequence number) of the Client |
X: ISN of the server |
========================================================== ============================
Handshake phase:
SEQ ack in sequence direction
1 A-> B 10000 0
2 B-> A 20000 10000 + 1 = 10001
3 A-> B 10001 20000 + 1 = 20001
Explanation:
1: A initiates a connection request to B and initializes the seq of A with a random number. This is assumed to be 10000. At this time, ACK = 0.
2: After B receives the connection request from a, it also initializes the seq of B with a random number, which is assumed to be 20000, meaning: I have received your request, my data flow starts from this number. The ack of B is the seq of a plus 1, that is, 10000 + 1 = 10001
3: After a receives a reply from B, its seq is the seq plus 1 of its previous request, that is, 10000 + 1 = 10001. That is, I have received your reply, my data flow starts from this number. A's Ack is B's seq plus 1, that is, 20000 + 1 = 20001
Data transmission phase:
SEQ ack size in sequence direction
23 A> B 40000 70000 1514
24 B-> A 70000 40000 + 1514-54 = 41460 54
25 A-> B 41460 70000 + 54-54 = 70000 1514
26 B-> A 70000 41460 + 1514-54 = 42920 54
Explanation:
23: B receives seq = 40000, ACK = 30000, size = 1514 packets from.
24: Then B sends a packet to a, telling B That I have received your last packet. B's seq is filled with the ACK of the packet it receives. Ack is the seq of the packet it receives plus the packet size (excluding the Ethernet protocol header, IP header, and TCP Header ), to confirm that all data sent by B has been received.
25: when receiving a 41460 seq packet sent by B, A sees 41460, which is exactly the size of the seq of its last packet plus the package, the last packet sent has arrived safely. So it sends another packet to B. The seq of the packet being sent is also filled with the ACK of the packet it received, and Ack is filled with the seq (70000) of the packet it received plus the size (54) of the packet, that is, ACK = 70000 + 54-54 (all headers are long and there are no data items ).
26: The same