Understanding TCP/IP three-time handshake and four wave-waving correct posture

Understanding TCP/IP three-time handshake and four wave-waving correct postureBackground

and girlfriend long-distance love for more than a year, in order to maintain feelings I propose every night video chat.

From the good to the beginning, to now, more than a year to hold down.

Problem

Sometimes in the process of chatting, my network or her network may not be good, the video will be stuck, can not hear the other side of the voice, after a while will recover.

Both sides may be constantly confirming that the network is recovering, but sometimes:

She: "Can you hear it." ”

Me: "Yes, you do." ”、

She: "Hey, hey, can you hear me?" ”

Me: "Yes, I can hear you, too." ”

She: "Can you hear it." ”

.....

This situation is very painful, then how to find a simple way, so that two people are sure that they can hear each other's voice, the other side can also hear their own voice.

Note: The following scenario is purely fictitious

Scheme

Why TCP establishes a connection is a three-time handshake, not two or four times.

TCP, called Transmission Control Protocol, is a reliable transport layer protocol with an IP protocol number of 6.

By the way, in principle no data transmission can be guaranteed to be absolutely reliable, and the three-time handshake is simply a reliable basic requirement.

For a daily example, we talk as follows on the phone:

Corresponds to the communication between the client and the server:

So there is the following dialogue:

I: Equal to a few.

Her: 2,2+2 equals a few.

Me: 4

First of all, two people agreed to the agreement

1. When the network situation is wrong, either party can initiate an inquiry

2. In any case, if a response has not been received 5 seconds after initiating the inquiry, the network is considered

3. The network is not in the case of the 1min router after the inquiry

For me, after the "equal to a few" inquiry

1. If no reply is received within 5s, the network is not considered

2. If you receive a reply, I confirm ① I can hear her message ② she can hear me and answer her question.

For her, when it feels like the internet is wrong,

1. If you do not receive my enquiry, she initiates an enquiry.

2. If you receive "equal to a few", she confirms ① she can hear my message, then reply to my question and her question "2,2+2 equals a few"

3. If you do not receive my reply "4" Within 5s, she confirms ② I can't hear her.

4. If I receive my reply "4" Within 5s, she confirms ② I can hear her.

Thus, if the above dialogue is completed, it proves that both sides can confirm that they can hear each other's voice, and that the other person can hear his or her voice.

This story can explain why TCP has to shake hands three times ... 囧

About four waves

The client sends a fin to the server and requests that the data transfer be turned off.

When the server receives the fin from the client, an ACK is sent to the client, where the value of ACK equals FIN+SEQ

The server then sends a fin to the client, telling the client application to shut down.

When the client receives the server-side fin yes, it replies with an ACK to the server side. Where the value of ACK equals FIN+SEQ

Why do you want to wave 4 times?

Ensure that the data can be transmitted in full.

When the passive party receives the fin message notification from the active party, it simply means that no data is sent to the passive side.

But not necessarily the passive side all the data are sent to the active side, so the passive side will not close the socket immediately, it may also need to send some data to the active side,

The fin message is sent to the active party, which tells the active party to agree to close the connection, so the ACK message and fin message are sent separately in most cases.

11. TCP Message Format

TCP Message Format diagram:

There are several fields in the diagram above that need to be highlighted below:

(1) Serial number: SEQ sequence number, which is 32 bits, is used to identify the byte stream sent from the TCP source end to the destination, which is flagged when the initiator sends the data.

(2) Confirm the serial number: ACK number, accounting for 32 bits, only the ACK mark bit is 1 o'clock, confirm the ordinal field is valid, ack=seq+1.

(3) Sign: A total of 6, namely Urg, ACK, PSH, RST, SYN, FIN, etc., the specific meaning is as follows:

(A) URG: The emergency pointer (urgent pointer) is effective.

(B) ACK: Confirm the serial number is valid.

(C) PSH: The receiving Party should submit this message to the application layer as soon as possible.

(D) RST: Resets the connection.

(E) SYN: Initiates a new connection.

(F) FIN: Release a connection.

It is important to note that:

(A) Do not confuse the ACK ordinal ack with the acknowledgment in the flag.

(B) Confirmation Party ack= Initiator req+1, paired on both ends.

2 Tertiary handshake

TCP (transmission Control Protocol) transmission protocol

TCP is the host-to-host layer of the Transmission Control Protocol, providing reliable connection services, using three-time handshake confirmation to establish a connection

The bit code is the TCP flag bit, and there are 6 types of markings:

SYN (synchronous set up online)

ACK (Acknowledgement confirmation)

PSH (push transfer)

FIN (end of finish)

RST (Reset reset)

URG (Urgent emergency)

Sequence number (sequential numbers)

Acknowledge Number (confirmation)

Establish build, create

The so-called three-time handshake (three-way handshake) is the establishment of a TCP connection, that is, when establishing a TCP connection, the client and the server are required to send a total of 3 packets to confirm the establishment of the connection. In socket programming, this process is triggered by the client executing connect, as shown in the following diagram:

(1) First handshake: The client will set the flag bit SYN to 1, randomly generate a value seq=j, and send the data packets to server,client into the syn_sent state, waiting for the server to confirm.

(2) Second handshake: After the server receives the packet by the flag bit syn=1 knows the client request to establish a connection, the server sets the flag bit SYN and ACK to 1,ack (number) =j+1, randomly produces a value seq=k, The data is packets sent to the client to confirm the connection request and the server enters the SYN_RCVD state.

(3) Third handshake: After the client receives the acknowledgment, checks whether the ACK is j+1,ack 1, and if correct, resets the flag bit ACK to 1,ack=k+1 and sends the data packets to Server,server to check if the ACK is K+1,ack 1, If the connection is successful, the client and server enter the established state, complete three handshake, and then the client and server can start transmitting data.

SYN attack:

In the three-time handshake process, after the server sends Syn-ack, the TCP connection before the client's ACK is called a half-connection (Half-open Connect), and the server is in SYN_RCVD state when the ACK is received. The server is transferred to the established state. SYN attack is the client in a short period of time to forge a large number of non-existent IP address, and to the server to continuously send SYN packets, the server replies to confirm the package, and wait for client confirmation, because the source address is not present, so the server needs to continue to resend until time-out, These bogus SYN packets will occupy the disconnected queue for a long time, causing the normal SYN request to be discarded because the queue is full, causing network congestion and even system paralysis. SYN attack is a typical DDoS attack, the way to detect a SYN attack is very simple, that is, when the server has a large number of semi-connected state and the source IP address is random, you can conclude that the SYN attack, using the following command can be used to present:

#netstat-nap | grep syn_recv

3 Location waving

Three times the handshake is familiar, four times the wave estimated that. The so-called four-time wave (Four-way Wavehand) terminates the TCP connection, that is, when disconnecting a TCP connection, the client and the server are required to send a total of 4 packets to confirm the disconnection of the connection. In socket programming, this process is triggered by executing close on either side of the client or service side, as shown in the following diagram:

Because the TCP connection is full-duplex, each direction must be closed separately, the principle is that when a party completes the data sending task, send a fin to terminate the connection in this direction, the receipt of a fin just means that there is no data flow in this direction, no longer receive data, However, the data can still be sent on this TCP connection until fin is sent in this direction. The first party to close will perform the active shutdown, while the other side performs a passive shutdown, as described in the figure above.

(1) First wave: The client sends a fin to turn off the client to server data transfer, the client enters the fin_wait_1 state.

(2) Second wave: After receiving fin, the server sends an ACK to the client, confirming that the sequence number is received sequence number +1 (same as SYN, one fin occupies a serial number), and the server enters the close_wait state.

(3) Third wave: The server sends a fin to shut down the server-to-client data transfer, and the server enters the Last_ack state.

(4) The fourth wave: After the client receives fin, the client enters the TIME_WAIT state, and then sends an ACK to the server, confirming that the serial number is received +1,server enter the closed state, complete four waves.

The above is the case of one side actively closed, the other side of the passive shutdown, in fact, there will also be a case of initiating active shutdown, the specific process is as follows:

The process and status in the above diagram is already very clear, here is no longer repeat, you can refer to the previous four waves wave resolution steps.

44. Notes

On the three-time handshake and four waves usually have a typical face test, which is presented for the needs of the XDJM for reference:

(1) Three-time handshake is what or process. Four times to shake hands. The answer to the previous analysis is.

(2) Why the connection is a three-time handshake, while closing the connection is four times the wave.

This is because the server is in the listen state, after receiving the SYN message to establish the connection request, the ACK and SYN are placed in a message sent to the client. And when the connection is closed, when the other side of the fin message, only to indicate that the other party no longer send the data but also can receive data, you may not all the data are sent to each other, so you can immediately close, you can send some data to each other, then send fin message to the other side to express the consent to now close the connection, Therefore, your own ACK and fin are generally divided into the development of send.