Understanding of network protocols

Language 2023-09-06 05:04:59 views: null

1. The difference between https and http

1. Different security

http is a simple request-response protocol, characterized by stateless and clear text transmission

https is actually an encrypted transmission protocol formed by the combination of http and SSL protocols .

If the website adopts the http protocol, because the protocol is not encrypted, it is extremely easy to encounter man-in-the-middle attacks , and users' personal privacy and some sensitive data are easily leaked .

https, because of the existence of the ssl protocol, encrypts the data transmitted between the website and the client before, and there is no data leakage

2. Response speed

Theoretically, http responds faster, because http only needs three handshakes , that is, three packets to establish a connection, while https requires SSL handshake in addition to three handshakes , requiring a total of 12 packets.

3. Port

http and https use two completely different connection methods, the former uses port 80, and the latter uses port 443.

4. Consuming resources

https is an http protocol built on top of SSL, so https will consume more server resources .

5. Display method

Since http is an unencrypted protocol, major browser vendors have begun to support https sites. For example, an http site will be marked as "unsafe" by Google Chrome, etc., and an https site will be marked with a "green security lock" by major browsers. If the website is equipped with an enhanced SSL certificate, the address bar will also change. for "Green Address Bar."

6. Fees vary

For https, you need to purchase and configure an SSL certificate for the website, which will incur a certain fee.

2. Three handshakes, four waves

The full name of the abbreviated field in the following explanation:

  • seq: ( seq uence number) sequence number
  • ack: ( acknowledgment number) confirmation number
  • flag bit:
    • SYN  : ( SYN chronization) synchronization
    • ACK  : ( ACK nowlegment) confirmation
    • FIN    : ( FIN- ish) terminate

1. Three-way handshake

Three-way handshake (Three-way Handshake) actually means that when establishing a TCP connection, the client and the server need to send a total of 3 packets. The main function of the three-way handshake is to confirm whether the receiving and sending capabilities of both parties are normal , and to specify their own initialization sequence number to prepare for subsequent reliable transmission. In essence, it is to connect to the specified port of the server, establish a TCP connection, and synchronize the serial numbers and confirmation numbers of both parties to exchange TCP窗口大小information.

  • The first handshake: the client sends a SYN message to the server, and indicates the client's initialization serial number ISN. At this point the client is in state. SYN_SENT 

    The synchronization bit of the header is SYN=1, the initial sequence number is seq=x, and the message segment with SYN=1 cannot carry data, but a sequence number is consumed.

  • The second handshake: After receiving the SYN message from the client, the server will respond with its own SYN message, and also specify its own initialization sequence number ISN(s). At the same time, the client's ISN + 1 will be used as the value of ACK, indicating that it has received the client's SYN, and the server is in the current  SYN_RCVD state at this time.

    In the confirmation segment, SYN=1, ACK=1, confirmation number ack=x+1, initial sequence number seq=y.

  • The third handshake: After the client receives the SYN message, it will send an ACK message. Of course, it also uses the server's ISN + 1 as the value of the ACK, indicating that it has received the SYN message from the server. At this time, the client in  state. After the server receives the ACK message, it is also in the  state. At this time, the two parties have established a connection. ESTABLISHEDESTABLISHED 

    The confirmation message segment ACK=1, the confirmation number ack=y+1, the sequence number seq=x+1 (the initial is seq=x, so the second message segment needs to be +1), the ACK message segment can carry data, no Carrying data does not consume serial numbers.

2. Wave four times 

Establishing a connection requires three handshakes, and terminating a connection requires four handshakes (there are also four handshakes called four handshakes). This is caused by TCP's half-close . The so-called half-close means that TCP provides the ability for one end of the connection to receive data from the other end after finishing its transmission.

To tear down a TCP connection needs to send four packets, so it is called Four-way handshake, and either the client or the server can actively initiate the handshake.

  • The first wave: the client sends a FIN message, which specifies a sequence number. At this point the client is in  FIN_WAIT1 state.
    That is, send a connection release segment (FIN=1, sequence number seq=u), stop sending data, actively close the TCP connection, enter the FIN_WAIT1 (termination wait 1) state, and wait for the confirmation of the server.
  • The second wave: After receiving the FIN, the server will send an ACK message, and use the serial number value of the client + 1 as the serial number value of the ACK message, indicating that the message from the client has been received. At this time, the server in  CLOSE_WAIT state.
    That is, after the server receives the connection release message segment, it sends a confirmation message segment (ACK=1, confirmation number ack=u+1, sequence number seq=v), and the server enters the CLOSE_WAIT (closed waiting) state. At this time, the TCP In the half-closed state, the connection from the client to the server is released. After receiving the confirmation from the server, the client enters the FIN_WAIT2 (termination wait 2) state, waiting for the connection release segment sent by the server.
  • The third wave: If the server also wants to disconnect, it will send a FIN message and specify a serial number, just like the first wave of the client. The current state of the server  LAST_ACK .
    That is, the server has no data to send to the client, the server sends a connection release segment (FIN=1, ACK=1, serial number seq=w, confirmation number ack=u+1), and the server enters LAST_ACK (final confirmation ) state, waiting for confirmation from the client.
  • The fourth wave: After receiving the FIN, the client also sends an ACK message as a response, and uses the serial number value of the server + 1 as the serial number value of its own ACK message. At this time, the client is in the state  TIME_WAIT . It takes a while to ensure that the server will enter the CLOSED state after receiving its own ACK message. After the server receives the ACK message, it will be in the closed connection state  CLOSED .
    That is, after the client receives the connection release message segment from the server, it sends an acknowledgment message segment (ACK=1, seq=u+1, ack=w+1), and the client enters the TIME_WAIT (time waiting) state. At this time, the TCP has not been released, and the client enters the CLOSED state after the time 2MSL set by the time waiting timer has passed.

 MSL is the English abbreviation of Maximum Segment Lifetime, which can be translated as "Maximum Segment Lifetime". It is the longest time that any packet exists on the network. After this time, the packet will be discarded.

Guess you like

Origin blog.csdn.net/weixin_50543490/article/details/128102639
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com