What is TCP? Simplest three-way handshake description

What is TCP? Simplest three-way handshake description

What is TCP?

TCP (Transmission Control Protocol) is a connection-oriented, reliable, and IP-based transport layer Protocol. The Protocol Number of the TCP/IP packet is 6. TCP is a super troublesome protocol, and it is also the foundation of the Internet, and also the basic skills required by every programmer. First, let's take a look at the OSI Layer-7 model:

We need to know the layer-4 -- Transport layer in the layer-7 model of the OSI Network. The IP address is on the layer-3 -- Network layer, and ARP is on the layer-2 -- Data Link layer; the data on the second layer is called Frame, the data on the third layer is called Packet, and the data on the fourth layer is called Segment. At the same time, we need to simply know that when data is sent from the application layer, header information is added to each layer for encapsulation and then sent to the data receiving end. You need to know this basic process, that is, the process of data encapsulation and unblocking. In the OSI Layer-7 model, the role of each layer and corresponding protocols are as follows:

 

TCP is a protocol. How is this protocol defined? What is its data format? To perform a deeper analysis, you need to understand, or even memorize the meaning of each field in TCP. Oh, come on.

 

The above is the format of the TCP Header. Because it is too important, it is the basis for understanding other content. The following describes the information of each field in detail.

Source Port and Destination Port: respectively occupy 16 bits, indicating the Source Port number and Destination Port number. They are used to distinguish different processes in the host, while IP addresses are used to distinguish different hosts, the source port number and the destination port number can be used together with the source IP address and the destination IP address in the IP address header to uniquely determine a TCP connection;

Sequence Number: indicates the Data byte stream sent from the TCP initiator to the TCP receiver. It indicates the Sequence Number of the First Data byte in the data stream in the packet segment; it is mainly used to solve the problem of disordered network reporting;

Acknowledgment Number: The 32-bit validation serial Number contains the next serial Number expected to be received by the sending confirmation end. Therefore, the validation serial Number should be the byte serial Number that was successfully received last time plus 1. However, it is valid only when the ACK flag in the flag is 1. It is mainly used to solve the problem of no packet loss;

Offset: the number of 32-bit characters in the header. This value is required because the length of any field is variable. This field occupies 4 bits (up to 15 32 bits, that is, 4*15 = 60 bytes of header length), so TCP has a maximum of 60 bytes of header. However, there are no optional fields, and the normal length is 20 bytes;

TCP Flags: there are 6 flag bits in the TCP header, and multiple of them can be set to 1 at the same time. They are mainly used to control the TCP state machine, which is URG, ACK, PSH in sequence, RST, SYN, FIN. The meanings of each flag are as follows:

URG: this flag indicates that the emergency pointer domain of the TCP packet (which will be mentioned later) is valid to ensure that the TCP connection is not interrupted and urge the middle layer device to process the data as soon as possible;

ACK: this flag indicates that the response domain is valid, that is, the TCP response number mentioned above will be included in the TCP packet; there are two values: 0 and 1, if the value is 1, the response domain is valid; otherwise, the value is 0;

PSH: this flag indicates the Push operation. The Push operation refers to transmitting data packets to the application immediately after they arrive at the receiving end, rather than queuing in the buffer;

RST: indicates the Connection reset request. Used to reset connections that generate errors and reject error and illegal data packets;

SYN: indicates the synchronization sequence number, which is used to establish a connection. SYN and ACK are used together. when a connection request is sent, SYN = 1, ACK = 0; when the connection is responded, SYN = 1, ACK = 1; packets with this flag are often used for port scanning. The scanner sends a SYN-only data packet. If the recipient's host responds to a data packet, this indicates that the host has this port; however, because this scan method is only the first handshake of three TCP handshakes, the success of this scan indicates that the machine to be scanned is not safe, A secure host will require a strict TCP three-way handshake;

FIN: indicates that the sender has reached the end of the data. That is to say, the data transmission between the sender and the sender is complete, and no data can be transmitted. After the TCP packet of the FIN flag is sent, the connection will be disconnected. Packets with this flag are often used for port scanning.

Window: Window size, which is also a famous sliding Window, used for traffic control. This is a complicated problem and will not be summarized in this blog;

Now, all the basic knowledge is ready. Start the next journey.

What is a three-way handshake?

TCP is connection-oriented. Before sending data to the other party, a connection must be established between the two parties. In TCP/IP, TCP provides reliable connection services, and the connections are initialized through three handshakes. The purpose of the three-way handshake is to synchronize the serial number and confirmation number of both parties and exchange the TCP window size information. This is the TCP three-way handshake that is frequently asked during the interview. Only understanding the concept of TCP three-way handshake does not help you get a job. You need to understand some details in TCP three-way handshake. Let's first look at the figure.

 

A clear picture.

1. First handshake: establish a connection. The client sends the connection request message segment, and sets the SYN position to 1 and the Sequence Number to x. Then, the client enters the SYN_SEND status and waits for confirmation from the server;

2. Second handshake: the server receives the SYN packet segment. When the server receives the SYN packet from the client, it needs to confirm the SYN packet segment and set Acknowledgment Number to x + 1 (Sequence Number + 1). At the same time, you need to send the SYN request information by yourself. Set the SYN position to 1 and the Sequence Number to y. The server puts all the above information in one packet segment (that is, SYN + ACK packet segment, send it to the client, and the server enters the SYN_RECV status;

3. Third handshake: the client receives the server's SYN + ACK packet segment. Then, set Acknowledgment Number to y + 1 and send the ACK packet segment to the server. After the packet segment is sent, both the client and the server enter the ESTABLISHED status to complete the TCP three-way handshake.

After three handshakes are completed, the client and the server can start to transmit data. The above is the general introduction of TCP three-way handshake.

What about the four breaking up?

After a TCP connection is established between the client and the server through three handshakes, the TCP connection must be disconnected after data transmission is completed. For TCP disconnection, there is a mysterious "Four breaks up" here ".

1. the first time you break up: HOST 1 (which can be a client or a server), set the Sequence Number and Acknowledgment Number, and send a FIN packet segment to host 2; at this time, HOST 1 enters the FIN_WAIT_1 status. This indicates that host 1 has no data to send to host 2;

2. second breakup: Host 2 receives the FIN packet segment sent by HOST 1, returns an ACK packet segment to host 1, Acknowledgment Number is Sequence Number plus 1, and host 1 enters FIN_WAIT_2 status; host 2 tells HOST 1 that I have no data to send. You can close the connection;

3. Third breakup: Host 2 sends the FIN packet segment to host 1, requests to close the connection, and host 2 enters the CLOSE_WAIT status;

4. fourth breakup: HOST 1 receives the FIN packet segment sent by host 2, sends the ACK packet segment to host 2, and then HOST 1 enters the TIME_WAIT status; host 2 closes the connection after receiving the ACK packet segment of Host 1. At this time, HOST 1 still does not receive a reply after waiting for 2MSL, it indicates that the Server has been properly shut down, HOST 1 can also close the connection.

So far, the four breaking up of TCP has been completed so happily. When you see this, you have a lot of questions in your mind, many do not understand, feel very messy; nothing, we will continue to summarize.

Why do I need to shake hands three times?

Since TCP's three-way handshake is summarized, why do we have to do it three times? I think it can be done twice. So why does TCP have to perform three connections? Xie xiiren's "Computer Network" says this:

Errors are generated to prevent the invalid Connection Request Message segment from being suddenly transmitted to the server.

Here is an example:

"Invalid Connection Request Message segment" is generated in this case: the first connection request message segment sent by the client is not lost, however, a network node is stuck for a long time, so that it will arrive at the server at a certain time after the connection is released. This is a long-overdue packet segment. However, after the server receives the invalid Connection Request Message segment, it is mistaken for a new connection request sent by the client again. Therefore, the client sends a confirmation message segment and agrees to establish a connection. If the "three-way handshake" is not used, a new connection is established as long as the server sends a confirmation message. Because the client does not send a connection request, it does not accept the confirmation from the server or send data to the server. However, the server thinks that the new transport connection has been established and waits for the client to send data. In this way, many server resources are wasted. The "three-way handshake" method can prevent the above phenomenon. For example, in that case, the client will not send confirmation to the server. Because the server cannot receive the confirmation, it knows that the client does not require a connection. "

This makes it clear that it prevents the server from wasting resources while waiting.

Why should we break up four times?

Why did we break up four times? TCP is a connection-oriented, reliable, and byte stream-based transport layer communication protocol. TCP is in full duplex mode, which means that when HOST 1 sends a FIN packet segment, it only indicates that host 1 has no data to send and Host 1 tells host 2, all of its data has been sent. However, HOST 1 can still accept data from host 2 at this time. When host 2 returns an ACK packet segment, it indicates that host 1 has no data to send, but host 2 can still send data to host 1. When host 2 also sends the FIN packet segment, at this time, it indicates that host 2 has no data to be sent, and then it will tell HOST 1 that I have no data to send, and then they will happily interrupt the TCP connection. If you want to correctly understand the principles of the four breaking up, you need to understand the status changes during the four breaking up process.

FIN_WAIT_1: The FIN_WAIT_1 and FIN_WAIT_2 statuses indicate the FIN_WAIT_1 and FIN_WAIT_2 wait message. The difference between the two States is that the FIN_WAIT_1 state is actually when the SOCKET is in the ESTABLISHED State, it wants to actively close the connection and send a FIN packet to the other party, the SOCKET enters the FIN_WAIT_1 state. When the other Party responds to the ACK message, it enters the FIN_WAIT_2 state. Of course, under normal circumstances, the other party should immediately respond to the ACK message, regardless of the situation, therefore, the FIN_WAIT_1 status is generally difficult to see, while the FIN_WAIT_2 status is often seen using netstat. (Active party)

FIN_WAIT_2: The above has explained in detail this status. In fact, the SOCKET in the FIN_WAIT_2 status indicates a semi-connection, that is, one party requires a close connection, but also tells the other party that, I still have some data to send to you (ACK information), and close the connection later. (Active party)

CLOSE_WAIT: the meaning of this state is actually waiting to be closed. How can this problem be solved? When the other party closes a SOCKET and sends a FIN packet to itself, your system will undoubtedly respond to an ACK packet to the other party, and then enters the CLOSE_WAIT status. Next, what you really need to consider in practice is to check if you still have data to send to the other party. If not, you can close the SOCKET and send the FIN packet to the other party, that is, close the connection. So what you need to do in CLOSE_WAIT is to wait for you to close the connection. (Passive)

LAST_ACK: this status is easy to understand. It passively closes a side and waits for the other side's ACK message after sending the FIN message. After receiving the ACK message, you can enter the CLOSED available status. (Passive)

TIME_WAIT: indicates that the FIN packet of the other party is received, and the ACK packet is sent concurrently, so that 2MSL can return to the CLOSED available status. If FINWAIT1 receives a message with both the FIN mark and ACK mark, it can directly enter the TIME_WAIT state without passing through the FIN_WAIT_2 state. (Active party)

CLOSED: indicates that the connection is interrupted.

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151171.htm