TCP protocol and data structure

Language 2023-09-05 18:21:15 views: null

features

Connection-oriented: the communication parties must establish a connection before exchanging data
Reliable: multiple mechanisms to ensure reliability

Explanation of key terms

Byte stream service: byte stream composed of 8bits (1Byte) as the smallest unit
Socket address:

  1. TCP uses "connection" (not just "port") as the most basic abstraction, and at the same time refers to the endpoint of a TCP connection as a socket (socket), or socket, socket interface.
  2. The relationship between socket, port and IP address segment is:
    1. The TCP sending process transfers data in the form of a byte stream, and the receiving process also receives the data as a byte stream, similar to an imaginary pipeline
    2. The data packets of the UDP sending process are independent, so UDP is not a flow-oriented protocol.
    3. Cache: There are two kinds of caches in each direction of data flow, one is sending cache and the other is receiving cache
    4. When the transport layer sends data to the IP layer, it should be sent in units of packets instead of byte streams. The TCP protocol forms a packet with several bytes. Such a packet can be called a segment. The segments are not necessarily all the same length, they can be several bytes or several kilobytes.
  3. byte number:
    1. In bytes, the definition range of byte number is: 0~232-1,
    2. Numbering mechanism: random
    3. Example: If the random number is exactly 1057, and 6000 bytes are to be sent, then the byte number range is: 1057~7056
  4. serial number:
    1. Based on bytes, TCP assigns a sequence number to each segment
    2. The serial number of each message segment is the serial number of the first byte data in this message segment
    3. Example: For example, TCP needs to transmit a file of 6000 bytes. The number of the first byte is 10001. If the data is sent in 5 segments, the first 4 segments each carry 1000 bytes of data, and the last segment carries 2000 bytes of data:

The first byte number range: 10001~11000
The second byte number range: 11001~12000
The third byte number range: 12001~13000
The fourth byte number range: 13001~14000
The fifth byte number Range: 14001~16000

TCP protocol format:

insert image description here

An example of a TCP packet captured by Wireshark is as follows:

Transmission Control Protocol, Src Port: 59336, Dst Port: 443, Seq: 0, Len: 0
    Source Port: 59336
    Destination Port: 443
    [Stream index: 8]
    [Conversation completeness: Incomplete, DATA (15)]
    [TCP Segment Len: 0]
    Sequence Number: 0    (relative sequence number)
    Sequence Number (raw): 2876040241
    [Next Sequence Number: 1    (relative sequence number)]
    Acknowledgment Number: 0
    Acknowledgment number (raw): 0
    1000 .... = Header Length: 32 bytes (8)
    Flags: 0x002 (SYN)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgment: Not set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
        .... .... ...0 = Fin: Not set
        [TCP Flags: ··········S·]
    Window: 64240
    [Calculated window size: 64240]
    Checksum: 0x6f7a [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
        TCP Option - Maximum segment size: 1460 bytes
        TCP Option - No-Operation (NOP)
        TCP Option - Window scale: 8 (multiply by 256)
        TCP Option - No-Operation (NOP)
        TCP Option - No-Operation (NOP)
        TCP Option - SACK permitted
    [Timestamps]

The specific meaning is as follows:

  • Source port: 16bits, port number range 0~216-1. The process on the computer needs to communicate with other processes through the computer port, and a computer port can only be occupied by one process at a time, so by specifying the source port.
  • Destination port: 16bits, port number range 0~216-1. The process on the computer needs to communicate with other processes through the computer port. By specifying the port opened by the target computer, it can communicate with the open port of the target computer. Such as 443 in the example.
  • Stream index: The index value can be displayed by capturing packets in Wireshark, which corresponds to ip A port A and ip B port B, plus the value of src/dst conversion.
  • Serial number: seq serial number, 32bits (4bytes). It is used to identify the byte stream sent from the TCP source port to the destination port, which is marked when the initiator sends data. Each byte in the data stream transmitted in a TCP connection is assigned a sequence number. The value of the sequence number field refers to the sequence number of the first byte of the data sent in this message segment.
  • Confirmation number: ack serial number, 32bits. It is the sequence number of the first byte of the data expected to receive the next segment of the other party. Only when the ACK flag is 1, the confirmation sequence number field is valid, ack=seq+1
  • Header length: 4bits, which indicates how many 4 bytes the TCP header has in total, and the length of the header can be between 20 and 60 bytes (20-byte fixed header + 40-byte option part). Therefore, the value of this field can be between 5(5*4=20)~15(15*4=60).
  • Reserved field: 6bits, reserved for future use, but should be set to 0 at present.
  • Flag bits: 6bits, URG, ACK, PSH, RSH, SYN, FIN, the specific meanings are as follows:
    1. URG: Urgent pointer bit (URGent). When URG=1, it indicates that the urgent pointer field is valid. It tells the system that there is urgent data in this segment and should be transmitted as soon as possible (equivalent to high-priority data).
    2. ACK: Confirmation bit (ACKnowledge), the confirmation number field is valid only when ACK=1. When ACK=0, the acknowledgment number is invalid.
    3. PSH: push bit (PuSH), the receiving TCP receives the message segment with the push bit set to 1, and delivers it to the receiving application process as soon as possible, instead of waiting until the entire cache is full before delivering it upwards.
    4. RST: Reset bit (ReSeT). When RST=1, it indicates that there is a serious error in the TCP connection (such as due to a host crash or other reasons), and the connection must be released, and then the transport connection must be re-established. Generally, there are three situations: rejecting the connection request, terminating the connection abnormally, and terminating the idle connection.
    5. SYN: Synchronization bit (SYNchronous), if the synchronization bit SYN is set to 1, it means that this is a connection request or connection acceptance message.
    6. FIN: Termination bit (FINal), used to release a connection. When FIN=1, it indicates that the data of the sending end of this message segment has been sent, and it is required to release the transport connection.
    7. TCP supports ECN using three flags in the TCP header. The first mark is a random sum (Nonce Sum, referred to as NS), which is used to prevent the packet mark of the TCP sender from being accidentally or maliciously changed. The other two are used to return the congestion indication (that is, to indicate that the sender should reduce the amount of information sent) and to confirm the receipt of the congestion indication response. These are the ECN-Echo (ECE) and Congestion Window Reduced (CWR) bits. The use of ECN on a TCP connection is optional; when ECN is used, it must be negotiated at connection establishment by including the appropriate option in the SYN and SYN-ACK segments. After negotiating ECN on a TCP connection, the sender indicates that the TCP segment on the connection carries IP packet transmission traffic, and marks the transmission supporting ECN with the ECT code point. This allows intermediate routers that support ECN to mark IP packets with CE codepoints instead of dropping them, to indicate impending congestion. When a specific *encountered blocking codepoint is received, the TCP receiver returns this blocking indication using the ECE flag in the TCP header. When an endpoint receives a TCP segment with the ECE bit, it reduces its congestion window instead of dropping the packet. It then sets the segment's CWR bit to acknowledge the congestion indication. A node keeps transmitting TCP segments with the ECE bit set until it receives a segment with CWR set.
  • Window size: 8bits, the window field is used to control the amount of data sent by the other party, the unit is byte. One segment of the TCP connection determines its own receiving window size according to the set buffer size, and then notifies the other party to determine the upper limit of the other party's sending window. In some packet capture tools, you will see that Window and Calculated window size are different. At this time, you can multiply the value of Window size scaling factor by the value of Window to get the Calculated window size. Indicates that the window has the feature of stretching, and the current window is relatively small but can be changed. The coefficient of change is Window size scaling factor, the maximum is Calculated window size. for example:
Window: 944
[Calculated window size: 30208]
[Window size scaling factor: 32]
  • Checksum: 16bits, the scope of the checksum field check includes the header and data. When calculating the checksum, a 12-byte pseudo-header (IP address) should be added in front of the TCP segment.
  • Urgent pointer: 16bits, the urgent pointer indicates the sequence number of the last byte of the urgent data in this message segment.
  • Options field: variable length. TCP only specifies one option, the maximum segment length MSS (Maximum Segment Size). MSS tells the other party TCP: The maximum length of the data field of the message segment that my cache can receive is MSS bytes. Its maximum length can be calculated based on the length of the TCP header. MSS is the maximum length of the data field in a TCP segment. The data field plus the TCP header is equal to the entire TCP segment. MSS=MTU-20(TCP headers)-20(IP headers), in general, MTU defaults to 1500bytes in Ethernet, so MSS=1460 bytes

Reference: https://zh.m.wikipedia.org/zh-hans/%E6%98%BE%E5%BC%8F%E6%8B%A5%E5%A1%9E%E9%80%9A%E7 %9F%A5

Guess you like

Origin blog.csdn.net/zyy247796143/article/details/126853462
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com