Use tcpdump to analyze the TCP three-way handshake process
Source: Internet
Author: User
The establishment of a TCP connection must be completed through the famous "three-way handshake. The following example shows how to establish a TCP connection. In the following description, the client host is 10.200.5.200 (IBMAIX), and the server host is 180.200.3.97 (SuSeLinux ). The establishment of a TCP connection using tcpdump on a terminal of the host 10.200.5.200 must be completed through the famous "three-way handshake. The following example shows how to establish a TCP connection.
In the following description, the client host is 10.200.5.200 (ibm aix), and the server host is 180.200.3.97 (SuSe Linux ).
Run the command on a terminal of the 10.200.5.200 host.
Tcpdump? Ien0 host 180.200.3.97 command, start
TcpdumpListen to network data (in which, en0 is the network adapter used to communicate with the external network );
At the same time, execute the following command on another terminal on the client host: (root@10.200.5.200:/# telnet 180.200.3.97. The output of tcpdump on the client host is as follows.
Create a three-way handshake for a TCP connection
10.200.5.200:/# tcpdump-S-I en0 host 180.200.3.97
110:33:07. 983844 IP 10.200.5.200.64126> 180.200.3.97.telnet: S 714617992: 714617992 (0) win 65535
210:33:07. 985450 IP 180.200.3.97.telnet> 10.200.5.200.64126: S 628359828: 628359828 (0) ack 714617993 win5840
310:33:07. 985465 IP10.200.5.200.64126> 180.200.3.97.telnet:. ack 628359829 win65535
For ease of understanding, we convert the above output to the actual sequence diagram, as shown below:
We can clearly see that the following three handshakes are required to establish a connection between 10.200.5.200 and 180.200.3.97:
10.200.5.200 actively sends a handshake protocol to 180.200.3.97. the serial number of the packet is 714617992 and the size is 1 byte. 180.200.3.97 actively sends a handshake protocol to 10.200.5.200. the serial number of the packet is 628359828 and the size is 1 byte. at the same time, ACK 714617993 is returned as a response to the 714617993 packet sent from 10.200.5.200. 10.200.5.200 returns ACK ack628359829 to 180.200.3.97 as a response to the 628359828 packet sent by 180.200.3.97.
A TCP connection is established after the preceding three handshakes are completed. after that, information can be transmitted between the two ends of the connection. Therefore, a TCP connection can be considered as a communication channel identified by both IP addresses and ports. the establishment of a TCP connection is the process of registering the above communication channel with both parties. Once a TCP connection is established, as long as the intermediate nodes (including gateways, switches, routers, and other network devices) between the two parties work normally, before either party actively closes the connection, all TCP connections will be retained.
This feature enables a idle connection that does not exchange any information for a long time to be maintained for several hours, days, or even months. The intermediate router can crash and restart, and the network cable can be hung up and connected. TCP connections can be kept as long as the hosts at both ends are not restarted.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
