1 TCP three-way handshake (a connection)
Three-way handshake (Three-way Handshake), refers to the establishment of a TCP connection, the client and the server needs to send a total of three packets.
Three-way handshake aim is to connect to the server specified port TCP connection establishment, connection and synchronize both the sequence and acknowledgment numbers and information exchange TCP window size.
The first handshake
Client:
- Sending SYN (SYN = 1), seq = x bag
- Enter SYN_SENT state
The second handshake
server:
- Send ack = x + 1, seq = y, SYN = 1, ACK = 1
- Enter SYN_RECV state
3-way handshake
Client:
- SYN = 0, ACK = 1, SEQ = x + 1, y + ack = 1
After the client of this package has been sent, the client and server into the ESTABLISHED (TCP connection succeeds) state, complete the three-way handshake.
Complete three-way handshake, the client and the server begins transmitting data.
2 TCP four wave (disconnected)
1st
Client:
- Transmission packet FIN = 1, seq = u (equal to the sequence number of the last byte previously transmitted over the data plus 1)
- Enter FIN-WAIT-1 (stop the pending 1) (TCP provisions, FIN segment, if not carrying data, but also consume a serial number)
2nd
server:
- Connection release message is received
- A confirmation message, ACK = 1, ack = u + 1, and bring its own sequence number seq = v
- Into the CLOSE-WAIT (wait off) state
TCP informs the application process, the client to the server on the release direction, this time in a semi-closed state, that is, the client has no data to send, but if the server sending data, the client is still to be received. This state will continue for some time, that is, the entire CLOSE-WAIT state duration.
Client:
- Confirmation request is received the server
- Enter FIN-WAIT-2 (2 termination waiting) state, waiting for the server to send a connection release message (also you need to accept the last data sent by the server before).
the 3rd time
After the server sends the final data is completed, it is sent to the client connection release message, since the half-closed state, most likely the server and send some data. At this time, assuming sequence number seq = w
server:
- FIN = 1, ACK = 1, ack = u + 1, seq = w (new seq)
- Into the LAST-ACK state
4th
Client:
After the client receives a connection release message server, you must send a confirmation.
- ACK=1, ack=w+1, seq=u + 1
- Client enters TIME-WAIT (wait) state
- After 2 MSL (Maximum Segment Lifetime) (maximum packet generation time), enters the CLOSED state
server:
- As long as the client receives the acknowledgment sent immediately into the CLOSED state
Server than the client first enter the CLOSED state.
3 issues
3.1 Why is a three-way handshake fourth wave
3.1.1 Why three-way handshake
When Client Server receives the end of the connection request SYN packet, SYN can be sent, the ACK packet directly. ACK packets do answer, SYN packets used to synchronize.
Three-way handshake ready to work to send data, but also to allow the parties to negotiate on the initial sequence number, the serial number is sent and acknowledged during the handshake process.
The first two are synchronized and ready to shake hands, shake hands into the third state.
Why do not the two shake hands?
If a connection request in the network Paode, overtime, then the client will resend the request, but the running slow client finally went, and then the server will received two requests and respond to all It creates two connections, waste of resources. If you add a third authentication, the client receives a server connection request confirmation, followed later receive confirmation connection request can toss the matter.
Why four times and waved 3.1.2
TCP is bidirectional, it is necessary to shut down in both directions, respectively, closed in each direction and need to request and confirm, so a total of just four times.
- Client: server Brother I want to stop the transmission (FIN-WAIT-1)
- Server: Yes, I know (but I may have remaining, according to data to be passed to you) (CLOSE-WAIT)
- Client: Big Brother server already know what I want to disconnect the (FIN-WAIT-2)
- Server: Client guy, my data transfer over, I do not give you a send data (LAST-ACK)
- Client: Yes, Big Brother does not pass data, then I enter TIME-WAIT, and then 2 MSL I entered CLOSED friends
- Server: Then I disconnected the, bye bye (CLOSED)
3.2 If you have established a connection, but the client fails how to do
TCP has a keep-alive timer, the client fails, the server can not wait forever wasting resources.
Each time the server receives the client request will reset the timer time is generally 2h, 2h if has not received any data from the client, the server sends a detection message segment, it will be sent once after every 75s . If sending 10 consecutive probe packets still no response, the server considers the client fails, then they close the connection.
3.3 SYN flood attack
SYN flood attack sends the first two times, the attacker sends TCP three-way handshake SYN, SYN packet is the first in the TCP three-way handshake, when the server returns the ACK, the attacker not be re-confirmed that the connection is in suspended state, the so-called semi-connected state, the server can not receive re-confirmed, will send duplicate ACK to the attacker, which causes the server resources are wasted. The attacker sends to the server that a very large number of TCP connections, due to the large number of semi-connected state generated at the server, the server resource consumption will continue to increase, finally resulting in a server failure.
After the server sends an ACK in SYN_RECV state, the server only after receiving the client's ACK, will be transferred to the ESTABLISHED state.
4 related acronyms
- SEQ ID NO seq: 4 bytes for the data segment order mark, TCP transmission of all data fields are compiled on a connection ID, the first byte of the random number generated by the local; to the coding bytes after the serial number, give each segment is assigned a serial number, a sequence number seq is the first byte of the data segment number.
When sending a data split into a plurality of data packets is transmitted, the sequence number of each packet is numbered, so that the receiving side to the data packet re-splicing.
The initial sequence number is randomly generated, so that different data will not be disassembled to ensure a connection error. - Confirmation number ack: 4 bytes, the other looking forward to receiving the first data byte next segment of the number reported. Sequence number indicates first segment carrying a number of bytes of data; and acknowledgment number refers to expect to receive the next byte number; i.e., the last byte of the current packet acknowledgment number is the segment number +1.
- Acknowledgment ACK: When an account representatives acknowledge receipt, whether it is three-way handshake or four times to break up, the response time will add ACK = 1, indicates that the message has been received, and sends the data after establishing a connection are required together with ACK = 1, to indicate successful reception of the data.
Only when ACK = 1, the acknowledgment number field is valid. When ACK = 0, the acknowledgment number is invalid. - Synchronization SYN (Synchronize Sequence Numbers) synchronous serial numbers, on behalf of the request to create a connection, in the three-way handshake in the first two to request the creation of representing these two used to create connections.
For synchronizing serial connection is established. When SYN = 1, ACK = 0 indicates that this is a connection request packet segments. If the agreed connected, in response segment allows SYN = 1, ACK = 1. SYN = 1 indicates that this is a connection request, or the connection acceptance message.
This will only SYN flag is set when a connection is established TCP, after the completion of the handshake SYN flag is set to 0. - Termination FIN: indicates a request to close the connection, when the four parted, FIN sent twice. This is because the TCP connection is bidirectional, so one can only close a FIN direction.
FIN = 1 indicates, the sender of the packet data has been sent, and release the connection requirements.
SYN, ACK, FIN those capitalized words represent the flag, its value is only 0,1; lowercase seq, ack represents the serial number.
SYN, ACK, FIN flag in the TCP store.
| Field | meaning |
|---|---|
| ACK | Acknowledgment number is valid, it is generally set to 1 |
| SYN | Request to establish a connection and an initial value setting its sequence number in a sequence number field. Establish a connection, set 1 |
| END | I want to disconnect |
| URG | The urgent pointer is valid. 1 indicates a bit that needs to be prioritized |
| PA | Tip receiver application immediately go read data from the TCP buffer |
| RST | Other requirements to re-establish the connection reset |