One. TCP three-way handshake (four wave) process
Transmission Control Protocol (TCP, Transmission Control Protocol) is a connection-oriented, reliable transport layer protocol based on a stream of bytes, this protocol we used three times wireshark analysis tcp shake hands with the four waving process.
(A) the TCP datagram format
flag
FIN: sending UE has completed data transfer, the connection release request.
SYN: in the process of establishing a TCP connection. (The Synchronize Sequence Numbers)
the ACK: acknowledgment number flag indicates a confirmation number is valid, 0 represents a free packet acknowledgment information, the acknowledgment number field is ignored.
Three-way handshake:
the client and the server 1. When the beginning is in CLOSED state. Active open connection to the client, the server is passive open connection.
2.TCP server process to create a Transmission Control Block TCB, always ready to accept connection requests from the client process, the server at this time to enter the LISTEN (monitor) state;
3.TCP client process is to create a Transmission Control Block TCB, then sent to the server the connection request packet, which is the same portion of the packet header in the SYN = 1, while selecting an initial sequence number seq = x, in this case, TCP client process passes the SYN-sENT (sent state synchronization) state. TCP predetermined, the SYN segment (SYN = 1 segment) can not carry data, but requires a number consumed.
After 4.TCP server receives the request message, if you agree connections, it is a confirmation message. Confirmation message should ACK = 1, SYN = 1, confirmation number is ack = x + 1, but also to initiate a sequence number seq = y for themselves, this time, TCP server process into the SYN-RCVD (received synchronization )status. This message can not carry data, but also have to consume a number.
After 5.TCP customers receive a confirmation process, but also to give an acknowledgment to the server. Acknowledgment message ACK = 1, ack = y + 1, their sequence number seq = x + 1, In this case, TCP connection is established, the client enters the ESTABLISHED (connection established) state. TCP predetermined, the ACK segment may carry data, but does not carry data if the number is not consumed.
6. When the server receives confirmation client also enters ESTABLISHED state, then the two sides can start the communication.
The main purpose is three-way handshake: information and so on and prevent timeouts. Prevent timeouts lead to dirty connections. If the two-way handshake to establish a connection, assuming such a scenario, the client sends a request to the first connection is lost and is not, simply because the network nodes retention time is too long, due to the delayed TCP client no acknowledge packet is received late, that server does not receive, then re-send this packet to the server, then the client and server are connected via two-way handshake is completed, data transmission, and then close the connection. At this point the error that had stranded a connection request, the network open to reach the server, the text of the report is invalid, however, two-way handshake mechanism will allow the client and server to establish a connection again, which will lead to unnecessary and waste of resources. If a three-way handshake, even if it is a failure message sent over, the service termination by the failure of a piece of the message and reply confirmation message, but the client does not send a confirmation again. Since the server does not receive confirmation, we know that the client did not request a connection.
Fourth wave:
1. After the data transfer is completed, the two sides can release the connection. The very beginning, the client and server are in ESTABLISHED state, and then take the initiative to shut down the client, server, passive close.
2. The client process issues a connection release message and stops sending data. Releasing the data packet header, FIN = 1, the sequence number seq = u (equal to the sequence number of the last byte previously transmitted from the data plus 1) In this case, the client enters the FIN-WAIT-1 (termination waiting 1) state. TCP provisions, FIN segment, if not carrying data, but also consume a serial number.
3. The server receives a connection release message, a confirmation message, ACK = 1, ack = u + 1, and bring its own sequence number seq = v, case, the server proceeds to the CLOSE-WAIT (Close Wait )status. TCP server to inform high-level application process, the client to the server on the release direction, this time in a semi-closed state, that is, the client has no data to send, but if the server sending data, the client still has to be accepted. This state will continue for some time, that is, the entire CLOSE-WAIT state duration.
4. client after the server receives confirmation request, in which case, the client enters the FIN-WAIT-2 (2 termination waiting) state, waiting for the last packet the server transmits a connection release (also need to agree before the server sends the data).
5. After the server transmits the final data is completed, the client sends a connection release message, FIN = 1, ack = u + 1, since the half-closed state, and the server is likely to transmit some data, it is assumed in this case serial No. seq = w, at this time, the server into the lAST-ACK (acknowledgment last) state, waiting for an acknowledgment of the client.
6. After the client receives a connection release message server must send acknowledgment, ACK = 1, ack = w + 1, and their serial number seq = u + 1, In this case, the client enters the TIME- wAIT (wait) state. Note that the TCP connection has not been released at this time, must undergo 2MSL (maximum segment lifetime) time, when the client undo the TCB corresponding, before entering the CLOSED state.
As long as the server received confirmation sent by the client, immediately enter CLOSED state. Similarly, after the revocation of TCB, it is over the TCP connection. You can see, the end of time than client server TCP connection ends earlier.
two. Grab screenshots and intercepts the appropriate fields
we use wireshark crawl analysis TCP, open wireshark, point your browser to a particular website
, enter http filter in wireshark, and then selected that record, and then right-click the track and select TCP stream flow
The aim is to get the browser to open the site-related data packet, you will get the following diagram
figure we can see a lot of wireshark to capture packets. It can identify the corresponding data packet according to the specific three-way handshake and address, and other features of the fourth wave.
Three-way handshake:
The first handshake:
the client sends a TCP, the flag is SYN, the serial number is 0, the request to establish a connection on behalf of the client. FIG follows
Seq = X = 0;
Mac Address: Mac Address Source Mac address and the target
second handshake:
the server sends back an acknowledgment packet, the flag is SYN, ACK confirmation number (Acknowledgement Number) is set to 1 plus ISN customers. . in i.e., 0 + 1 = 1, SYN = 1, ACK = 1, seq = y = 0, ack = x + 1 = 1, as shown below:
Mac address: Mac address source Mac address and the target
third handshake:
customer end retransmits the packet acknowledgment (ACK) the SYN flag bit is 0, ACK flag is sent from the server 1 and the ACK sequence number field of + 1, is determined in the field send to each other. put the data segment and writing the ISN + 1, FIG follows:
Mac address: Mac address source Mac address and the target
four wave:
the first wave:
Client sending a the FIN, for closing the Client Server data transfer, into the Client FIN_WAIT_1 state.
Seq. 1 = 120 = FIN, the Ack = U = 169
Mac Address: Mac Address Source Mac address and the target
second wave:
After receiving the FIN Server, transmits an ACK to the Client, the acknowledgment number for the receipt number +1 (the same SYN, FIN a occupy a sequence number), Server enters CLOSE_WAIT state.
169 = SEQ, the Ack = 120
Mac Address: Mac address of the source and the target Mac address
Third Wave:
Server sends a FIN, for closing the Client Server data transfer, LAST_ACK Server enters state.
=. 1 FIN, SEQ. 1 = 120 + 169 = 121 = + ACK. 1 = 170.
Mac Address: Mac Address Source Mac address and the target
The fourth wave:
the Client receives the FIN, Client enters TIME_WAIT state, and then sends an ACK to the Server, for the receipt of the acknowledgment number number + 1, Server enters the CLOSED state, four complete wave.
ACK = 121 = 170 Seq
Mac Address: Mac address of the source and the target Mac address
