1. Transport layer protocol:

1) There are two main transport layer protocols of the TCP/IP protocol suite:

TCP (Transmission Control Protocol): Transmission Control Protocol
UDP (User Datagram Protocol): User Datagram Protocol

2) Features of TCP protocol:

TCP is a connection-oriented service and a reliable process-to-process communication protocol (because the port number is encapsulated in the TCP header, the port number means one service, one process)
(The IP protocol at the network layer completes point-to-point communication, The TCP protocol of the transport layer completes the process-to-process communication, and the process is a service in a terminal)
TCP is to complete reliable process-to-process communication, and UDP is to complete unreliable process-to-process communication, because TCP is connection-oriented Service

TCP is a connection-oriented service understanding:
TCP belongs to the fourth layer, and for the fifth layer service, it is a "work", the fourth layer provides services for the fifth layer, the fourth layer can identify the fifth layer, and the application layer generates the data It will be thrown to the transmission layer, and it will be ignored. The
fourth layer will start to ponder, how can I pass this data? At this time, you have to look at two directions, one is TCP and the other is UDP. If you throw it to tcp, tcp will put your data aside first, and tcp will say to the "boss" of the application layer: "You information I haven’t been able to send it to the other party. I’m going to establish a connection with the other party in advance.” At this time, TCP puts the application layer data aside and caches it first, and then the fourth layer talks with the fourth layer. In this process, the TCP Generate a TCP packet header, in which there are chat records with the other party in this packet header. This conversation has nothing to do with the fifth layer, only the fourth layer. Then the third layer, the second layer, and the first layer are encapsulated. After the encapsulation, you will find that the TCP When trying to establish a connection with the other party’s TCP, I talked that this day, this frame does not have five layers of data.
So, if a frame is captured in the future, there is no five layers of data in this frame, starting from the fourth layer, obviously This frame is that the TCP at both ends of the transport layer are chatting. Why are they chatting? "My boss here wants to communicate with your boss, let's establish a connection!" Finally, a TCP link was established between the two of us. The reason why this tcp link can provide reliable process-to-process communication (Reliable boss-to-boss communication), because I have established a link with the other party, and this connection has some mechanism, which encourages me to complete the process-to-process communication reliably.
What mechanism? With this link, we can have a retransmission mechanism, I said to the boss, "I have established a link with the other party, you can throw data here as much as you want!" At this time, the boss will throw a lot of data to the fourth layer, then I will brush the fourth layer and throw the data When you go to the link, the other party may not receive it when you throw it away. At this time, my "secretary" will pick up a "small alarm clock". This "small alarm clock" is only available for TCP, but not for UDP. TCP will look at this "small alarm clock". ": For example, when 2s arrived, why didn't the other party respond to me? , I may not send the data. At this time, I will retransmit what the boss said to me. As long as you don’t reply to me, I will keep retransmitting. The purpose of this retransmission is to ensure that the data can reach the other party.

If the two parties no longer communicate, the "secretaries" of the two parties should also communicate and interact in advance to complete an interactive state negotiation to disconnect the connection.
Once the connection is established, I send a message and the other party does not reply. If there is no reply, the secretary will You will tell your boss that there has been a problem. At this time, your boss will appear in two states. The first is to report an error, and the second is to crash, the secretary is not working, and the secretary does not pass the information. At this time It shows that there is a problem with the network, and your secretary started to ponder: "I have notified the boss." The boss said that you don’t want to send me data. This link has been broken, but the boss’s software rote reported an error, but as a secretary , The connection between me and the other party is still there, in other words: once I establish a connection with the other party, a session state will be generated in the cache of my computer. This session state is called establish, which means that the session state has been established, and he will occupy My session status, and the session status on a computer is limited, I have been sending no reply, and the session will be disconnected locally. In my world, it seems that I have not established a session with the other party. If the application layer then sends me a message saying that I want to talk to him, I have to re-establish a connection with the other party.

TCP provides full-duplex service, that is, data can be transmitted in both directions at the same time (full-duplex means when I chat with the other party, the other party can also chat with me)

3) TCP segment /encapsulation

TCP segments are encapsulated in IP data 22 packets

4) TCP header analysis:

Notes:

Port number range : 0-65535

Source port number : randomly generated by the client process , generally starting from 50000

Destination port number : generally fixed by the server. Such as: mysql: 3306

Sequence number seq : TCP numbers each byte.

Confirmation number ack : Confirm whether each byte is received through ack, and judge whether it needs to be retransmitted!

Control bit (can be understood as switch bit) each occupies 1 bit, that is, 1 and 0, 1 represents on, 0 represents off :
              SYN: request to establish a connection bit (if it is set, it means that this is the first to establish a connection Messages)

              FIN: Request to disconnect the bit (if it is set, it means that this is the first message used to close the connection)

      RST: Reset bit, forcing the other party to disconnect and release the session (if it is set, it means that the TCP connection needs to be re-established)

          PSH: Push bit, push data to the application layer, when it is 1, there is application layer data

        ACK: Acknowledgment bit, this bit is a switch. When it is 1, the ack number is valid, and when it is 0, the ack number is invalid. (If it is set, it means that this message is also an acknowledgement message)

          URG: Urgent bit. When it is 1, it means that some bytes are urgent data and need to be pushed to the application layer as soon as possible, and need to cooperate with the urgent pointer . (If it is set, it means that it needs to be pushed to the application layer as soon as possible)

Set is =1

Window size : win window, used to notify the sender of its own cache size.

Checksum : check the entire TCP segment

5) TCP three-way handshake to establish a connection

In the three-way handshake, there is a well-known attack. The process is as follows: ( SYN flooding attack---belonging to a DOS attack ) The
hacker sends a large number of the first packet to the server . At this time, a session state is recorded in the server's cache. SYN_RECEIVED, and then the server gave the hacker a response. The hacker did not respond. The
hacker forged the first handshake packet and did not respond. There will be a large number of handshake conversations on the server, and they have not succeeded. The server's conversation has been blocked. It's full. (It fills up your "secretary"), so your server cannot provide normal services to customers.

6) TCP's four-way handshake disconnects

7) Features of UDP protocol

Connectionless and unreliable transmission protocol
(the boss gave me the data and did not establish a connection with the other party. My secretary never chats with the other party's secretary, and throws it out directly, regardless of whether the other party can receive it or not)

The cost is small (there is no need to encapsulate so many bytes in the udp header), and the transmission efficiency is high

8) UDP protocol packet header: