Article Directory
- Foreword
- Install and use on a packet capture tool wireshake
- TCP protocol
- Brief the TCP protocol
- TCP three-way handshake protocol
- Three-way handshake popular description
- TCP control bits
- TCP status bits and seq, ack
- Transmission Control Block TCB
- Term Description TCP three-way handshake
- TCP protocol four-way handshake
- View TCP three-way handshake with a packet capture tool
- With the http protocol to access a picture
- Prepared statement selects filter network
- Url to access and view the results
- Optimization Commands - three-way handshake packet filter
- Use the telnet command packet capture TCP three-way handshake and the four-way handshake
- Three-way handshake and the four-way handshake only minimally
- Reference Documents
Foreword
Performance status prior to the state of mind, habits prior to determination, focus first on preferences
Install and use on a packet capture tool wireshake
If you're not going to master this software but about practical operation, please refer to the author before writing an article Wireshark basic use
TCP protocol
Brief the TCP protocol
In the architecture of TCP / IP's, TCP and UDP located with
运输层
(a) is the standard OSI model, due to the overly complex only remain at the theoretical level
(b) is the real world the real situation, is the commercial promotion of results
(c) to facilitating learning model, see (c) of the application layer, transport layer, network layer corresponding to (b), © data link layer and the physical layer corresponding to (a)
TCP three-way handshake protocol
When the client through the TCP protocol to access the server, you need to establish a connection.
TCP agreement, the client needs to be three times the information transmission and service side, ie three-way handshake, where the client sends the message twice, the server sends a message
Three-way handshake popular description
The first connection: client -> server: requests to connect
the second connection: the server -> client: receipt of the request, please begin sending
third connection: client -> server: I know you you're ready
three-way handshake end of the
data to be transferred formal:> server - client: fourth connection
TCP control bits
Of course, the computer may not be so homely chatter, they have their own language
header in TCP segments, of which six are called控制位, each can take the values 0 or 1, representing the different situations, they have their own name
URG: Namely Urgent, urgent. When URG = 1, indicates that this is an emergency data will be插队placed in front of the segment, with the header of紧急指针use, such as in the middle of the service to push data to a remote out to be wrong, the need for a canceled order, you can use this feature.
ACK: That Acknowlegment, confirmed. When ACK = 0, an invalid acknowledgment, ACK = 1 represents validated, TCP provides在连接建立后,所有的报文段都必须将ACK置为1.
PSH: That Push, push. PSH = 1, the recipient after receiving the segment will immediately push data to the application layer, instead of waiting until the entire cache fill. That is, the sender can be used to send emergency messages.
RST: I.e. Reset, reset. When RST = 1, represents a serious error occurs in TCP, you need to release the connection and then reconnect, RST = 1 is also used to reject illegal connections and segments
SYN: the Synchronization, synchronization.在建立连接时用来同步信号When SYN = 1 and ACK = 0, indicates that this packet is a connection request, and when SYN = 1 indicates ACK = 1 requests the server agree
FIN: the Finis i.e., end. When the value is 1, it indicates that this segment has been transmitted, the request to release the transport connection.
TCP status bits and seq, ack
Control bits SYN and FIN consumes a sequence number seq,
control bits ACK if there is no transmission of data does not consume sequence number seq,
ACK mean I expect you next message seq value of the
sender and receiver to safeguard their own values seq
· Sequence Number The: 32 bits
of The Sequence Number of The First Data OCTET in the this segment (the except
. When the SYN IS Present) the If the SYN IS Present The Sequence Number IS The
Initial Sequence Number (ISN) and The First Data OCTET IS ISN +. 1
Translation : this segment is the first type of data octet sequence number (scene except SYN) SYN If the control bit is set, indicating that the initialization sequence number is a sequence number (ISN) and the first transmission data when the first formal seq = ISN + 1. (The initial value is typically 0, but TCP RFC is not limited in this)
· Acknowledgment Number The: 32 bits
the If The ACK Control 'bit IS SET the this Field the contains The value of The
Next Sequence Number The SENDER of The segment IS expecting to
the receive Once A Connection IS ESTABLISHED the this IS Always Sent..
Translation: If the ACK control bit is set the value of Acknowledgment Number would represent the next value of the sequence number of the sender.
a single connection is established, this parameter will always be sent. (ie I send you a message, it is expected you to the next message seq I = ack value of this segment of the leopard)
Transmission Control Block TCB
TCP Transmission Control Block in short, save for a TCP variables related to maintenance, services, and client to maintain their own TCB
is defined tcb structure include the connection of the source port, destination port, destination ip,序号(seq) ,应答序号(ACK), the other window size, window size own, TCP state, top input / output queues, output queues application layer, TCP retransmission related variables.
Term Description TCP three-way handshake
Premise: the server is started, created transmission control block TCB, ready to monitor access to
the first step: Client -> Services: Client created transmission control block TCB, segment content, control bits SYN = 1; initialization the TCB序号seq = x, is generally first visit seq = 0; SYN data, but not carry a sequence number to consume
Step: server -> client: send segment control bits SYN = 1, ACK = 1; initializing the TCB序号, seq = y, is generally first visit seq = 0 (Note that the initial sequence number the server initial sequence number and the client does not matter), the TCB确认序号ack = x + 1 (note that this acknowledgment number is the sequence number value of the client plus 1); SYN carrying data but not to consume a number
third step: client -> server: sending a segment, the control bit ACK = 1; TCB in their number. 1 + X = SEQ,确认序号ACK = + Y 1 (i.e., Note that the server sequence number value plus 1); the ACK can carry data, if not carry a sequence number can be reused
三次握手结束
step Four: client -> server: start communication, TCP provides no data communication is not carried consumption number, so this step the client control bit: ACK = 1; TCB in Still seq = x + 1
The simple conclusion is that, seq defaults to 0, the party sent each time segment their cumulative seq, ack sequence number is seq +1 sender of the
three-way handshake is only the first and second handshake handshake has control bits SYN, No. consume a
third handshake only the ACK, data not slack, can be reused next sequence number seq
TCP protocol four-way handshake
TCP protocol client and server to establish the connection may be two-way communication, the need for interaction at the end of four connected, either party may initiate a first interrupt protocol request, the party initiating FIN status bit is no longer sending data packets exchanged between after sending both FIN and get connected to the other end after confirmation
Again, initiates an interrupt request can be connected server can also be a client
here is an example of an interrupt request initiated by the client
first step: client -> server: Control bit FIN = 1; seq = u; FIN to consumption of a serial number, in addition, this step may have ACK control bits
step: server -> client: control bit ACK = 1; seq = v, ack = u + 1;
how the presence of outstanding data transmission server , transmission may continue, but the client will not send new data, it is sent in the FIN, of course, except for data communication
step: server -> client: the control bits FIN = 1, ACK = 1; seq = w, ack = u + 1; w and v may be the same, because this step indicates that the service sends the data is completed, between the second and third steps can continue to send data is not finished sending, the number is to consume because during this period the client has not sent new data, ack = u + 1 remains unchanged, that is, looking forward to the next time that the client message seq = u + 1
step four: client -> server: control bit ACK = 1; seq = u + 1, ack = w + 1
communication does not end immediately, the elapsed time required to wait for the count , A delay caused by the network in order to prevent non-arrival data, time 2MSL, 1MSL = 2 minutes (recommended time)
View TCP three-way handshake with a packet capture tool
With the http protocol to access a picture
http protocol is an application layer protocol, TCP protocol is downstream, so we chose a can be access to the http service to
this I chose a picture, because the capture used ip, need to obtain the corresponding ip
http: // img. alicdn.com/tps/TB1sbSUKVXXXXaQXVXXXXXXXXXX-600-340.png
It should be noted that this is a dynamic ip, using the Telnet img.alicdn.com 80 to obtain the corresponding ip
ip network environment I get is 123.6.34.253,
of course, I suggest you look at the configuration of local hosts, so that the corresponding domain name would be bound to a fixed ip a
Prepared statement selects filter network
(ip.addr == 192.168.0.108 and ip.dst == 123.6.34.253 ) || (ip.addr == 123.6.34.253 and ip.dst == 192.168.0.108)
because I was wifi network, so click on the wireless network connection
Url to access and view the results
Preliminary view can be concluded that the browser sends multiple requests at the same time
Optimization Commands - three-way handshake packet filter
We need to pick out a single three-way handshake
here use a little trick, seq default first visit to 0
as shown
for the first time: SYN, Seq = 0
Second: SYN, Seq = 0, Ack = 1
Third: ACK, Seq = 1, Ack = 1
Use the telnet command packet capture TCP three-way handshake and the four-way handshake
Local use http experiment is to capture the contents of a bad bit confusing, but also careful removal, use the telnet command is very clear capture of data
Commands and actions
the Telnet img.alicdn.com 80
after waiting until the Telnet on the line, the server closes the connection after a timeout initiative
wireshake command (ip.addr == 172.18.166.205 and ip.dst == 122.14.43.188 ) || (ip.addr == 122.14.43.188 and ip.dst == 172.18.166.205)
Capture and interpretation
- Three-way handshake:
customer -> service: SYN, seq = 0, SYN consumes one number
service -> customer: SYN, seq = 0, ack = 1, consuming a serial number and ack = 1 represents the expected client a message seq = 1
customer -> service: ACK, seq = 1, ack = 1, does not transmit data ACK sequence number does not consume the next transfer client seq = 1, ack = 1 indicates the service is expected to end a message seq = 1, - Four-way handshake:
Clothing -> customer: FIN, ACK, seq = 1 , ack = 1; FIN consumes a sequence number, the server last seq = 0, the plus 1, that seq = 1, ack = 1 represents a prospective client lower end of a packet seq = 1, since the last time the client ACK no data does not consume ordinal numbers, can be reused
customer -> service: ACK, seq = 1, ack = 2; client reused seq = 1, the server FIN consume server sequence number, so the next service is expected to end a segment seq = 2, the client does not consume this sequence number seq = 1 can continue with the next
customer -> service: FIN, ACK.seq = 1, ack = 2 , client disconnects, no longer send information, ack = 2 represents the expected service ends next seq = 2
Clothing -> customer: ACK, seq = 2, ack = 2
end
Three-way handshake and the four-way handshake only minimally
Due to network delays and other problems, sometimes trigger a timeout reconnection mechanism, this will lead to more than the number of interactions number theory
Reference Documents
[. 1], TPC RFC793
[2], "Computer Network" Xie Xiren 5th Ed.