1. Introduction to transport layer protocols
1.TCP protocol concept
①Connection-oriented network protocol
② refers to the need to establish a connection between the two communicating parties before communicating. For example, when making a phone call, the two parties must first establish a connection before talking.
③TCP protocol is a connection-oriented, reliable process-to-process communication protocol. TCP provides full-duplex service, that is, data can be transmitted in both directions at the same time. Each TCP has a sending cache and a receiving cache to temporarily store data.
2. UDP protocol concept
① For connectionless network protocols
② means that the communicating parties do not need to establish a communication line in advance, but send each packet with a destination address to the network line, and the system independently selects a route for transmission, such as: QQ sends messages
③ The UDP protocol is connectionless and an unreliable transport layer protocol compared to TCP. The sender does not care whether the data sent reaches the target host or whether the data has errors, etc. The host receiving the data will not tell the sender whether the data has been received. , its reliability is guaranteed by the upper layer protocol. So it transmits data faster and more efficiently.
2. TCP protocol
1. Introduction to TCP protocol
TCP is a connection-oriented, reliable process-to-process communication protocol
TCP provides full-duplex service, that is, data can be transmitted in both directions at the same time
TCP segment
TCP combines several bytes into a group, called a segment.
2. TCP segment format
2.1 Message segment
2.2 Description of each field
①Source port number: the port number of the sender process
②Target port number: the port number of the receiving process
Explanation: After receiving the data segment, the receiving end determines which application to send the data to based on this port number.
③Serial number: The sending end numbers each byte to facilitate correct reorganization by the receiving end.
Explanation: When TCP receives data bytes from the process, it fragments them into data segments and stores them in the send buffer, and numbers each byte. When the data reaches the destination, the receiving end will rearrange the data according to this sequence number to ensure the correctness of the data.
④Confirmation number: Confirmation information for the sending end
Explanation: When the receiving end responds to the message, it will use it to tell the sending end that the data segments before this sequence number have been received. If the confirmation number is x, it means that the first x-1 data segments have been received.
⑤Header length: Use it to determine the byte length of the TCP header data structure. Generally, the TCP header is 20 bytes, but the header length can be extended to a maximum of 60 bytes.
⑥subordinate position
URG: emergency bit
Explanation: When URG=1, it indicates that the emergency pointer is valid (to be used in conjunction with the emergency pointer). It tells the system that there is urgent data in this segment and should be transmitted as soon as possible, and the emergency data is inserted into the front of the data in this segment. Equivalent to high priority data.
ACK: Acknowledgment bit
Explanation: When ACK=1, the confirmation number field is valid. When ACK=0, the confirmation number is invalid. TCP stipulates that after the connection is established, all transmitted message segments must have ACK set to 1.
PSH: urgent bit
Explanation: When two application processes communicate, the sender hopes that the receiver can respond immediately. At this time, TCP can use the urgent bit PSH operation, set PSH=1 when sending, and immediately create a message segment and send it out. The receiver When PSH=1 is received, the receiving application process is delivered as soon as possible instead of waiting for the entire cache to be filled before delivering it upwards.
RST: reset bit
Explanation: When RST=1, it indicates that a serious error occurred in the TCP connection, the connection must be released, and then the transmission connection must be re-established.
SYN: synchronization bit
Explanation: Used to synchronize the sequence number when the connection is established. When SYN=1 and ACK=1, it means that this is a connection request segment. If the other party agrees to connect, SYN=1 and ACK=1 in the response message segment,
FIN: disconnect bit
Explanation: Terminate a connection. When FIN=1, it means that the data of the sender of this segment has been sent and the transmission connection is required to be released.
⑦Window size: Indicates the number of data segments that can be received locally.
Explanation: The size of this value can be changed. When the network is smooth, the receiving end will increase the window value in response to the message to speed up the transmission. When the network is unstable, reducing this value can ensure reliable transmission of network data.
⑧Checksum: used for error checking
Explanation: The scope of field inspection includes the header and data parts. Checksums are calculated when data segments are sent and when they arrive at the destination. If the two checksums are consistent, the data is basically correct. If they are inconsistent, the data is considered damaged and the receiving end will discard the data.
⑨Emergency pointer: used with URG, effective when URG=1
⑩Option: How many 40 bytes of optional information can be included in the TCP header.
3.TCP three-way handshake
TCP is a connection-oriented protocol, which means that each time before sending data, a reliable connection must be established with the other party. The process of establishing a connection is divided into three steps, which is called a three-way handshake!
3.1 Three-way handshake steps
①When the client sends a message requesting a connection to the server
seq sequence number=x (x bits are random)
SYN=1 (indicates sending a connection request)
②After receiving the request message from the client, the server agrees to establish the connection and sends a confirmation message to the client.
seq serial number = y (at this time, the server will also generate a serial number y, which is not related to the client's serial number)
ack confirmation number = x+1 (at this time, the sequence number x+1 indicates that the client’s request has been confirmed)
ACK=1 (indicates that this is a confirmation request)
SYN=1 (also sends a request to establish a connection)
③After the client process receives the confirmation from the server process, it also needs to give confirmation to the server, and then the connection is successfully established.
seq sequence number=x+1 (at this time the client’s sequence number is 1)
ack confirmation number=y+1 (indicates receipt of server connection request)
ACK=1 (indicates that the message is confirmed at this time)
3.2 Why is it a three-way handshake, not a two-way handshake, or a four-way handshake?
Why can't it be a two-way handshake?
If a two-way handshake is used, the client sends a SYN packet to request to establish a connection, and the server replies with an ACK packet to confirm receipt of the request and agree. establish connection. In this case, there are the following problems:
① There is no confirmation whether the client has received a response from the server: Although the server knows that the client wants to establish a connection, it cannot determine whether the client is successful. Received its confirmation. If the client does not receive this confirmation message, it will wait and resend the request, resulting in waste of resources and unstable connection.
②Unable to synchronize sequence numbers: TCP connections require both parties to synchronize initial sequence numbers to ensure the order and integrity of data transmission. Two handshakes are not enough to complete this task.
Why can't it be a four-way handshake?
After the three-way handshake, both the client and the server have confirmed that the other party can receive and send data correctly, and the sequence numbers have been synchronized. Adding another handshake does not actually provide additional information or improve reliability, but will prolong the connection establishment time and reduce efficiency.
4.TCP waves four times
4.1 Steps of waving four times
①When the client sends a disconnect request to the server
FIN=1 (indicates application for disconnection request)
ACK=1 (indicates confirmation that it can be disconnected)
②The server replies with a confirmation message after receiving the disconnection request.
ACK=1 (indicates confirmation that the connection can be disconnected)
③The server then sends a disconnect request to the client
FIN=1 (indicates application for disconnection request)
ACK=1 (indicates confirmation that the connection can be disconnected)
④The client restores the confirmation information after receiving the disconnection request.
ACK=1 (indicates confirmation that the connection can be disconnected)
4.2 Why wave four times instead of three times?
The first wave: the client sends a disconnect request to the server: FIN=1 ACK=1
Indicates that the client has no more data to send to the server and enters the waiting state.
The second wave: the server replies to the client with a disconnect request: ACK=1
Indicates that the server has agreed to disconnect, but cannot disconnect immediately. There may be some data that has not been sent yet.
The third wave: the server sends a disconnect request to the client: FIN=1 ACK=1
It means that the server has no data to send to the client and applies to disconnect. At this time, it enters the waiting state.
The fourth wave: the client replies to the server with a disconnect request: ACK=1
Indicates that the client agrees to the server's disconnection request and waits for a period of time before shutting down.
Above: Why the second wave and the third wave do not overlap. In the three-way handshake, this step overlaps. That is because the server must respond to the client during the second wave, otherwise The client will always send disconnect requests to the server, but it cannot apply for disconnect immediately after making the answer, because the server may still have some data that has not been sent, so it needs to wait for a period of time before it can send out the disconnect request!
5.TCP timeout retransmission
Under abnormal network conditions (timeouts or packet losses begin), TCP controls data transmission to ensure the reliable service it promises.
The TCP service must be able to retransmit TCP segments that are not acknowledged within the timeout period. To this end, the TCP module maintains a retransmission timer for each TCP segment, which is started when the TCP segment is sent for the first time. If no response from the receiver is received within the timeout period, the TCP module will retransmit the TCP segment and reset the timer. As for how to choose the timeout for the next retransmission and the maximum number of retransmissions, it is the TCP retransmission strategy.
6.Commonly used port numbers for TCP connections
3. UDP protocol
1. Introduction to UDP protocol
UDP is a connectionless, fast and efficient transmission protocol
2.Format of UDP message segment
2.1 Message segment
2.2 Explanation of each field
UDP length: used to refer to the total length of UDP, which is the header length plus the data length
Checksum: used to complete error checking of UDP data. It is the only reliable mechanism provided by the UDP protocol.
3. Commonly used interfaces for UDP connections
4.telnet protocol
Remote management protocol, detecting whether the remote server port is open
The following are the levels of permissions:
5.wireshark
①Select the capture interface. Generally, the interface connected to the Internet network is selected so that network-related data can be captured. Otherwise, the other data captured will not be of any help to you.
② Use capture filters. By setting capture filters, you can avoid generating excessively large capture data. In this way, users will not be interfered by other data when analyzing data. Moreover, it can also save users a lot of time.
③Use display filters. Data filtered using capture filters is often still very complex. In order to make the filtered data packets more detailed, use the display filter to filter at this time.
