tcp three-way handshake process

Others 2022-04-22 07:05:49 views: 0 
TCP handshake protocol 
 In the TCP/IP protocol , the TCP protocol provides reliable connection services, and uses a three-way handshake to establish a connection. 
The first handshake: When the connection is established, the client sends a syn packet (syn=j) to the server, and enters SYN_SEND Status, waiting for the server to confirm; 
SYN: Synchronize Sequence Numbers 
Second handshake: The server receives the syn packet and must confirm the client's SYN (ack=j+1), and also sends a SYN packet (syn= k), that is, SYN+ACK packet, at this time the server enters the SYN_RECV state; 
the third handshake: the client receives the SYN+ACK packet from the server, and sends an acknowledgement packet ACK (ack=k+1) to the server. After the packet is sent, the client The client and server enter the ESTABLISHED state and complete the three-way handshake.

After completing the three-way handshake, the client and the server begin to transmit data

 

 

When A and B establish a TCP connection: first A sends a SYN (synchronization request) to B, then B replies with SYN search+ ACK (synchronization request response), and finally A replies with an ACK confirmation, so that the process of a TCP connection (three-way handshake) is established. !

 

 

 

 

1. TCP packet format

        For details of the TCP/IP protocol, please refer to the three volumes of "Detailed Explanation of the TCP/IP Protocol". The following is a diagram of the TCP packet format:


Figure 1 TCP packet format

        There are several fields in the above figure that need to be highlighted:
        (1) Sequence number: Seq sequence number, occupying 32 bits, used to identify the byte stream sent from the TCP source to the destination, which is marked when the initiator sends data.
        (2) Confirmation sequence number: Ack sequence number, occupying 32 bits, only when the ACK flag bit is 1, the confirmation sequence number field is valid, Ack=Seq+1.
        (3) Flag bits: a total of 6, namely URG, ACK, PSH, RST, SYN, FIN, etc., the specific meanings are as follows:
                (A) URG: Urgent pointer is valid.
                (B) ACK: Confirm that the serial number is valid.
                (C) PSH: The receiver should deliver this message to the application layer as soon as possible.
                (D) RST: Reset the connection.
                (E)SYN: Initiate a new connection.
                (F) FIN: Release a connection.

        It should be noted that:
                (A) Do not confuse the acknowledgment sequence number Ack with the ACK in the flag bit.
                (B) Confirmer Ack=Initiator Req+1, both ends are paired. 

Two, three-way handshake The
        so-called three-way handshake (Three-Way Handshake) is to establish a TCP connection, which means that when establishing a TCP connection, the client and the server need to send a total of 3 packets to confirm the establishment of the connection. In socket programming, this process is triggered by the client executing connect. The whole process is shown in the following figure:


Figure 2 TCP three-way handshake

        (1) The first handshake: The Client sets the flag SYN to 1, randomly generates a value seq=J, and sends the data packet to the Server. The Client enters the SYN_SENT state and waits for the Server to confirm.
        (2) The second handshake: After the Server receives the data packet, the flag SYN=1 knows that the Client requests to establish a connection, and the Server sets the flags SYN and ACK to 1, ack=J+1, and randomly generates a value seq= K, and sends the data packet to the Client to confirm the connection request, and the Server enters the SYN_RCVD state.
        (3) The third handshake: After the client receives the confirmation, it checks whether the ack is J+1 and whether the ACK is 1. If it is correct, the flag bit ACK is set to 1, ack=K+1, and the packet is sent. For the server, the server checks whether the ack is K+1, and whether the ACK is 1. If it is correct, the connection is established successfully. The client and the server enter the ESTABLISHED state, complete the three-way handshake, and then the client and the server can start to transmit data.
        
        SYN attack:
                During the three-way handshake process, after the Server sends SYN-ACK, the TCP connection before receiving the Client's ACK is called a half-open connect. At this time, the Server is in the SYN_RCVD state. After receiving the ACK, the Server transfers to ESTABLISHED condition. A SYN attack means that the client forges a large number of non-existing IP addresses in a short period of time, and continuously sends SYN packets to the server. The server replies to the confirmation packet and waits for the confirmation of the client. Since the source address does not exist, the server needs to constantly re-enact Until the timeout is reached, these forged SYN packets will occupy the unconnected queue for production time, causing normal SYN requests to be discarded because the queue is full, causing network congestion or even system paralysis. SYN attack is a typical DDOS attack. The way to detect SYN attack is very simple, that is, when there are a large number of semi-connected states on the server and the source IP address is random, it can be concluded that it has been attacked by SYN, and the following command can be used to make it Current:
                #netstat -nap | grep SYN_RECV

Three or four wave
         hands and three handshakes are familiar, and four wave hands are estimated . The so-called Four-Way Wavehand terminates the TCP connection, which means that when a TCP connection is disconnected, the client needs to The client and server send a total of 4 packets to confirm the disconnection of the connection. In socket programming, this process is triggered by either the client or the server executing close. The whole process is shown in the following figure:


Figure 3 TCP waved four times

        Since the TCP connection is full-duplex, each direction must be closed separately. The principle is that when one party completes the data transmission task, it sends a FIN to terminate the connection in this direction. Receiving a FIN only means that There is no data flow in this direction, that is, no more data will be received, but data can still be sent on this TCP connection until FIN is also sent in this direction. The side that shuts down first will perform an active shutdown, while the other side will perform a passive shutdown, as depicted in the diagram above.
        (1) Wave for the first time: The client sends a FIN to close the data transfer from the client to the server, and the client enters the FIN_WAIT_1 state.
        (2) The second wave: After the server receives the FIN, it sends an ACK to the client, confirming that the serial number is the received serial number + 1 (same as SYN, one FIN occupies one serial number), and the server enters the CLOSE_WAIT state.
        (3) The third wave: The server sends a FIN to close the data transfer from the server to the client, and the server enters the LAST_ACK state.
        (4) The fourth wave: After the client receives the FIN, the client enters the TIME_WAIT state, and then sends an ACK to the server, confirming that the serial number is the received serial number + 1, and the server enters the CLOSED state, completing the four waveds.
        The above is the case where one party actively shuts down and the other party passively shuts down. In practice, there will also be cases where active shutdown is initiated at the same time. The specific process is as follows:


Figure 4 Waving at the same time
        The process and status are very clear in the above figure, so I won't repeat them here. You can refer to the previous four wave analysis steps.

4. Remarks
        There are usually typical interview questions about the three-way handshake and the four-way wave. Here are some XDJMs who need it for reference:
        (1) What is the three-way handshake or process? What about the four-way handshake? The answer is the previous analysis.
        (2) Why is it a three-way handshake to establish a connection, but a four-way wave to close the connection?
        This is because the server in the LISTEN state, after receiving the SYN message for the connection establishment request, sends the ACK and SYN in one message to the client. When closing the connection, when receiving the FIN message from the other party, it only means that the other party no longer sends data but can still receive data, and not all data is sent to the other party, so the party can immediately close or send some data. After the data is sent to the other party, the FIN message is sent to the other party to express the agreement to close the connection now. Therefore, the own ACK and FIN are generally sent separately.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324869482&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com