TCP: Transmission Control Protocol
TCP is a connection-oriented, reliable, byte stream-based transport layer communication protocol.
Connection-oriented: Connection-oriented means that applications using tcp must establish a connection before transmitting data. Just like making a phone call, you must first dial up and wait for the other party to respond before you can start talking.
Reliability: The tcp protocol improves reliability by:
- Application data is split into chunks that TCP thinks are best suited for sending. This is completely different from UDP, and the length of the datagram generated by the application will remain the same. The unit of information passed by TCP to IP is called a segment or segment
- When TCP sends a segment, it starts a timer and waits for the destination to acknowledge receipt of the segment. If an acknowledgment cannot be received in time, the segment will be resent.
- When TCP receives data from the other end of the TCP connection, it sends an acknowledgment. This acknowledgment is not sent immediately and will usually be delayed by a fraction of a second.
- TCP will keep a checksum of its header and data. This is an end-to-end checksum to detect any changes in the data in transit. If there is an error in the checksum of the received segment, TCP will discard the segment and not acknowledge receipt of the segment (hopefully the sender times out and retransmits it).
- Since TCP segments are transmitted as IP datagrams, and IP datagrams may arrive out of sequence, TCP segments may arrive out of sequence as well. If necessary, TCP will reorder the received data, handing the received data to the application layer in the correct order.
- Since IP datagrams are duplicated, the TCP receiver must discard the duplicated data.
-
TCP also provides flow control. Each side of a TCP connection has a fixed size buffer space. The receiving end of TCP only allows the other end to send as much data as the receiving end's buffer can accommodate. This will prevent the faster host from overflowing the
buffer .Byte stream: Two applications exchange a byte stream consisting of 8-bit bytes through a TCP connection.
Also, TCP does not interpret the contents of the byte stream. TCP does not know whether the transmitted data byte stream is binary data, or ASCII characters or other types of data. The interpretation of the byte stream is interpreted by the application layers on both sides of the TCP connection.
TCP header format
TCP data is encapsulated in IP packets, similar to udp, in the data part of IP packets. The format of the tcp packet is as follows:
The source port number and destination port number are similar to those in udp, and are used to find the originating and terminating application processes. These two values plus the source IP address and destination IP address in the IP header uniquely determine a TCP connection. In network programming, a combination of an IP address and a port number is generally called a socket.
Sequence number: used to identify the data byte stream sent from the TCP sender to the TCP receiver, which represents the first data byte in this segment. In tcp, tcp counts each byte with a sequence number (this value has nothing to do with the number of frames sent, but is related to the number of data bytes sent, which will be explained later).
Acknowledgement Sequence Number: Contains the next sequence number expected to be received by the end sending the acknowledgment. Therefore, the confirmation sequence number should be the last successfully received data byte sequence number plus 1 (not just the sequence number plus 1, but also the number of data bytes).
Header length: used to record the length of the tcp datagram header, generally 20 bytes, the actual value is the header length divided by 4.
URG: The urgent pointer is valid.
ACK: Acknowledgment that the serial number is valid.
PSH: The receiver should hand over this segment to the application layer as soon as possible.
RST: Reestablish connection.
SYN: The synchronization sequence number is used to initiate a connection.
FIN: The originator completes the sending task.
Window size: used for flow control.
Checksum: The checksum covers the entire TCP segment: TCP header and TCP data, similar to udp, which needs to calculate the pseudo-header.
Wireshark captures packets and analyzes TCP structure
Use wireshark to grab a tcp packet and view its specific data structure and actual data:
Establishment of a TCP connection
Before using TCP to transmit data, a tcp connection needs to be established. The establishment of a tcp connection has three main processes, called 3-way handshake. The specific process is shown in the following figure:
Process:
1. First, the client sends a SYN packet to the server (SYN=1 , Seq is the initial sequence number of this connection selected by the host), and then waits for a reply.
2. The server receives the SYN packet, and responds to the client with a TCP data segment with ACK = x + 1 and SYN = 1 (ACK means that the confirmation sequence number is valid, that is, the previous packet is received, and adding 1 here is not the value of ACK. 1, ACK is a flag bit, which will become 1 here, and x+1 is the sequence number of the next packet you want to receive. This value is placed in the confirmation sequence number field of the packet, and only when ACK=1, Confirm the serial number is valid).
3. The client must respond to the server again with an ACK acknowledgement data segment (Seq here is x+1).
After the above three processes, a tcp connection is established, and then data can be sent. Because a serial number x is used to establish the connection, the first byte serial number of the sent data is x+1.
Note: Here tcp provides full-duplex service for the application layer, which means that data can be transmitted independently in both directions, so each segment of the connection has its own transmission data sequence number (corresponding to x and y in the above figure, which The two values are not necessarily related).
Wireshark captures and analyzes TCP 3 handshakes
Next, by using the http application layer to connect to a network, the 3-way handshake of tcp and the simple data exchange process are realized. Next, we can actually observe this process by capturing packets. First, let's take a look at the captured packets:
Looking down from the tcp in the first line, the first three tcp packets are the process of 3 handshakes, and then the http packet indicates that the connection is successfully established. The host sends an http application request to the server. After the server receives the request, it returns a tcp confirmation frame , and then send an http response to the host. After the host receives the http response data from the server, it sends a tcp confirmation frame to confirm that the data has been received. In this way, the first 7 packets in the figure realize the connection between the host and the server, and realize a simple data request response process. That is, the interactive key echo process shown in the following figure:
Next is the data structure of the 7 data frames in order. The sequence of data frames are:
1. The host initiates a tcp connection request (tcp),
2. The server responds to the connection request (tcp),
3. The host returns ACK to complete the 3-way handshake and successfully establishes a connection (tcp),
4. The host sends a http Web page request (http),
5. The server receives the request and returns an ACK frame (tcp),
6. The server sends data to the host according to the request (http),
7. The host receives the server data and returns an ACK frame (tcp), the specific frame Details are shown below:
Release of TCP connection
When the two communicating parties complete the data transmission, the TCP connection needs to be released. Since the TCP connection is full-duplex, each direction must be closed separately. The principle is that when a party completes its data transmission task, it can send a FIN to terminate the connection in this direction. Receiving a FIN only means that there is no data flow in this direction, a TCP connection can still send data after receiving a FIN. The side that shuts down first will perform an active shutdown, while the other side performs a passive shutdown. Because the normal shutdown process requires 4 TCP frames to be sent, this process is also called 4 hand waves. The specific process is as follows:
Process (default client initiates close):
1. The TCP client sends a FIN to close the data transfer from the client to the server. (The client no longer sends the message to the server, but can accept the server message)
2. The server receives this FIN, it sends back an ACK, and the confirmation sequence number is the received sequence number plus 1.
3. The server closes the client's connection and sends a FIN to the client. (The server side closes the data transmission to the client side)
4. The client segment sends back an ACK message for confirmation, and sets the confirmation sequence number to the received sequence number plus 1.
Let's use wireshark to capture packets to understand the specific release connection process. By disconnecting a connection, 4 TCP frames are captured. The frame sequence is as follows:
1. Actively close and send a FIN frame to the passive party
2. The passive party receives the close The message returns an acknowledgment ACK frame
3. The passive party sends a FIN frame to the active party
4. The active party receives the passive party's FIN close message and returns an ACK frame, and the connection is released
The following are the details of the frame data structure in order:
Maximum segment length of TCP
The above describes the establishment and release process of a TCP connection. The following describes the maximum segment length of TCP.
The maximum segment size (MSS) indicates the length of the largest chunk of data that TCP sends to the other end. When a connection is established, both sides of the connection advertise their MSS. Generally speaking, the larger the MSS, the better, because the larger the segment size, the more data each segment can transmit, and the higher the network utilization rate compared to the IP and TCP headers.
The MSS option can only appear in the SYN segment, so only in the frame with SYN=1 will the MSS option specify the maximum segment length of the message.
Specific reference:
http://baike.baidu.com/link?url=c-fTckuehGMSiI5c2xCQDe3MUOKRwgdK6Q4CeO3tms8s6V3hIv5OmOQvUJvp67e90jUDAIjZfmhk8deiIjw1tK
other
There is still a lot about TCP, which will not be described in detail here, but you need to know that there are several special cases for the establishment and release of TCP connections. At the same time, open (SYN) to establish a connection, and close or half-close to release the connection at the same time. The situation exists, and there are some optional fields of TCP, which will not be discussed here. For details, please refer to: TCP/IP Detailed Explanation Volume 1.