First, first understand the TCP packet format
The fields that must be understood are:
1. Source port and destination port: 16 bits, identifying the port numbers of the sender and receiver.
2. Sequence number: 32 bits, also called sequence number, seg sequence number, the sequence number of the first byte of the data sent in this segment, used to mark the sequence of the datagram.
3. Acknowledgment number: 32 bits, ack sequence number, used to mark the sequence number of the first data byte expected to receive the next segment of the other party, the confirmation signal ack=seg+1 sent, and the transceiver ends are paired.
4. Flags: There are 6 in total.
ACK acts as a response, occupying 1 bit; only when ACK=1, the confirmation number field is valid, and when ACK=0, the confirmation number is invalid.
SYN plays a role in synchronization; when SYN=1, ACK=0, it means: this is a connection request segment. If the connection is agreed, make SYN=1 and ACK=1 in the response segment. Therefore, SYN=1 indicates that this is a connection request, or a connection accept message.
FIN is used to release a connection; FIN=1 means that the data of the sender of this segment has been sent, and the transport connection is required to be released.
PSH indicates that the receiver should hand over the message to the application layer,
RST indicates connection reset, and
URG indicates emergency pointer, which is not commonly used.
2. "Three handshake"
Concept: The so-called "three-way handshake" is the process of establishing a TCP connection, that is, the client and the server need to send a total of three packets (so focus on memorizing these three packets) to confirm the establishment of the connection.
Significance: The "three-way handshake" ensures that the client and the server establish a duplex connection, and the reliability is more achieved through the retransmission mechanism.
Others: In Socket programming, this process is triggered by the client executing connect.
The flow chart is as follows:
(Note : The ack and ACK signs that appear below should not be confused. The former is the confirmation sequence number, and the latter is the TCP status flag response flag, remember! )
1. The first handshake: the client sends a SYN packet (SYN=1, let ack=0, randomly generates a value to seg, seg=X) to the server to request a connection, the client enters SYN_SENT , and waits for the server to confirm.
2. The second handshake: The server receives the SYN packet, and SYN=1 knows that the client requests a connection, and the server sends a SYN+ACK packet ( SYN=ACK=1, ack=X+1 , randomly generates a value to seg, seg=Y) confirms the connection request to the client, and the server enters the SYN_RCVD state.
3. The third handshake: After the client receives the SYN+ACK packet from the server , it checks whether the ack is X+1 and the ACK flag is 1. If it is correct, it sends an ACK packet (the ACK flag is set to 1, so that ack=Y +1), and send the data packet to the server; the server checks whether the ack is Y+1 and the ACK flag is 1, if it is correct, the connection is established, the client and the server enter the ESTABLISHED state, and the three-way handshake is completed. Start transferring data!
3. "Four Waves"
Concept: The so-called "four times of hand wave" is the process of closing the TCP connection, which means that when a TCP connection is disconnected, the client and the server need to send a total of 4 packets to confirm the disconnection of the connection between the two parties.
Meaning: It is also a full-duplex connection that guarantees a TCP connection.
Others: In socket programming, this process is triggered by either the client or the server executing close.
The flow chart is as follows:
Since TCP connections are full-duplex, each direction must be closed individually. The principle is that when one party completes its data transmission task, it can send a FIN packet to terminate the connection in this direction. Receiving a FIN packet only means that there is no data flow in this direction, and a TCP connection can still send data after receiving a FIN. The side that shuts down first will perform an active shutdown, while the other side performs a passive shutdown.
1. The first wave: The client sends a FIN packet (FIN=1, randomly generates a value to seg, seg=u) to the server to close the data transmission from the client to the server, and the client enters the FIN_WAIT_1 state.
2. The second wave: After the server receives the FIN packet, it sends an ACK packet (ACK=1, ack=u+1, and randomly generates a value to seg, seg=v) to the client, and the client enters CLOSE_WAIT condition.
3. The third wave: the server sends a FIN packet (FIN=1, ACK=1, ack=u+1, and randomly generates a value to seg, seg=w) to the client, which is used to close the server to The data transmission of the client side, the server side enters the LAST_ACK state.
4. The fourth wave: the client receives the FIN packet, then enters the TIME_WAIT state, and then sends an ACK packet (ACK=1, seq=u+1, ack=w+1) to the server, and the server confirms the serial number and enters In the CLOSED state, complete four waveds.
The above hand wave process is that one party is active and the other party is passive. However, there is a certain possibility that both parties actively apply to close the connection at the same time. The flow chart of this situation is as follows:
Simultaneously wave:
4. Other issues (reprinted from Xingyu Blue Ocean's blog http://www.cnblogs.com/cy568searchx/p/3711670.html)
1. Why is the establishment of the connection protocol a three-way handshake, and the closing of the connection is a four-way handshake?
This is because when the SOCKET in the LISTEN state of the server receives the connection establishment request of the SYN message, it can send ACK and SYN (ACK acts as a response, and SYN acts as a synchronization) in one packet to send. But when closing the connection, when receiving the other party's FIN message notification, it just means that the other party has no data to send to you; but not all your data is sent to the other party, so you may not necessarily close SOCKET immediately, That is, you may also need to send some data to the other party, and then send a FIN message to the other party to indicate that you agree that the connection can now be closed, so the ACK message and the FIN message here are sent separately in most cases.
2. Why does the TIME_WAIT state need to wait 2MSL before returning to the CLOSED state?
This is because although both parties agree to close the connection, and the 4 messages of the handshake have been coordinated and sent, it is reasonable to return to the CLOSED state directly (just like from the SYN_SEND state to the ESTABLISH state); but because we have to imagine The network is unreliable, and you cannot guarantee that the last ACK message you send will be received by the other party. Therefore, the SOCKET in the LAST_ACK state of the other party may re-send the FIN message because it does not receive the ACK message due to the timeout. The role of this TIME_WAIT state is to retransmit ACK packets that may be lost.
3. Status description
CLOSED: There is nothing to say about this, it represents the initial state.
LISTEN: This is also a very easy to understand state, indicating that a SOCKET on the server side is in a listening state and can accept connections.
SYN_RCVD: This state indicates that a SYN message has been received. Under normal circumstances, this state is an intermediate state during the three-way handshake session of the server-side SOCKET when establishing a TCP connection. In this state, unless you specially write a client test program, the last ACK message in the three-way TCP handshake process will not be sent on purpose. Therefore, in this state, after receiving the ACK message from the client, it will enter the ESTABLISHED state.
SYN_SENT: This state echoes the SYN_RCVD vision. When the client SOCKET performs a CONNECT connection, it first sends a SYN message, so it immediately enters the SYN_SENT state and waits for the server to send the second message in the three-way handshake. The SYN_SENT state indicates that the client has sent a SYN message.
ESTABLISHED: This is easy to understand, indicating that the connection has been established.
FIN_WAIT_1: This state needs to be explained well. In fact, the real meaning of the FIN_WAIT_1 and FIN_WAIT_2 states is to wait for the other party's FIN message. The difference between these two states is: the FIN_WAIT_1 state is actually when the SOCKET is in the ESTABLISHED state, it wants to actively close the connection and sends a FIN message to the other party. At this time, the SOCKET enters the FIN_WAIT_1 state. When the other party responds to the ACK message, it enters the FIN_WAIT_2 state. Of course, under normal circumstances, the other party should immediately respond to the ACK message no matter what the situation is. Therefore, the FIN_WAIT_1 state is generally more difficult to see. The FIN_WAIT_2 status can sometimes be seen with netstat.
FIN_WAIT_2: This state has been explained in detail above. In fact, SOCKET in the state of FIN_WAIT_2 indicates a semi-connection, that is, one party requests to close the connection, but also tells the other party that I still have some data to send to you for the time being. Close the connection.
TIME_WAIT: Indicates that the FIN message from the other party is received, and an ACK message is sent. After 2MSL, it can return to the CLOSED available state. If in the FIN_WAIT_1 state, when receiving a message with both the FIN flag and the ACK flag from the other party, you can directly enter the TIME_WAIT state without going through the FIN_WAIT_2 state.
CLOSING: This state is quite special, it should be rare in actual situations, and it belongs to a relatively rare exception state. Under normal circumstances, when you send a FIN message, it stands to reason that you should first receive (or simultaneously receive) the other party's ACK message, and then receive the other party's FIN message. However, the CLOSING state means that after you send the FIN message, you did not receive the ACK message from the other party, but instead received the FIN message from the other party. Under what circumstances does this happen? In fact, after thinking about it, it is not difficult to come to a conclusion: that is, if both parties are closing a SOCKET at the same time, then there will be a situation where both parties send FIN messages at the same time, that is, the CLOSING state will appear, indicating that both parties are closing the SOCKET connection. .
CLOSE_WAIT: The meaning of this state actually means that it is waiting to close. How to understand it? When the other party closes a SOCKET and sends a FIN message to itself, your system will undoubtedly respond with an ACK message to the other party, and then enter the CLOSE_WAIT state. Next, what you really need to consider is to see if you still have data to send to the other party. If not, then you can close the SOCKET and send a FIN message to the other party, that is, close the connection. So you are in the CLOSE_WAIT state, what needs to be done is to wait for you to close the connection.
LAST_ACK: This state is relatively easy to understand. It is a passive shutdown party that waits for the other party's ACK message after sending the FIN message. When the ACK message is received, it can enter the CLOSED available state.