- tcp header
- Four waving three-way handshake
- Status change
- WIME_WAIT state
- Related issues
tcp protocol is connection-oriented, reliable transmission, byte stream-oriented transport layer protocol,
first of all we know about tcp protocol header
- Source / destination port: that from which the data is to process, which process to go sign sent our data processes
- 32 Serial number and acknowledgment number: This is to ensure the reliable transmission of data (explained later in detail)
- 4 TCP header length: This indicates the number of a TCP header 32 'bit (4-byte number), the maximum length of the TCP header is 15 bytes 4-60 *
- 6 flag
(1) URG: Urgent Pointer valid
(2) the ACK : acknowledgment number is valid
(3) PSH: immediately prompts the receiver application reads data from the TCP buffer down
(. 4) the RST : object requires re-established connection, we carry identifier called a reset RST segment
(. 5) SYN : request to establish a connection, we carry identifier called synchronization SYN segment
(. 6) the FIN : notify the other, close to this end, we He said carrying FIN bit identifier end segment - 16-bit window size: using a sliding window mechanism, explained later
- 16-bit checksum: sending end stuffing, CRC checking, when the data receiving side does not pass the error check, and including the test data and header
- 16 urgent pointer: identifying portion of the data is the emergent data
- 40-byte header options
TCP is a connection-oriented, how to achieve that connect our face it, this time is the three-way handshake to establish a connection and four waved to close the connection. As shown below
Three-way handshake process : first sends a connection request of the client, the server sends to a SYN request, and can carry certain data, can not carry in our server receives a SYN request time will give the client reply a ACK + the SYN , ACK role is to determine the server has received such a request, the SYN is and client to establish a connection request will be sent after a request is received at the client ACK request, here we have to complete the three-way handshake.
Server status change : CLOSED state from the server to our SYN_RCVD is that we create a socket, bind our ip information, set the listener, after listening service is set to end on SYN request packet is received , after receiving a SYN after a request server state becomes the SYN_RCVD state. It means that we have received the request sent by the client. In sending the SYN + ACK after reply after client server becomes ESTABLISHED state.
Client state receives
clients from CLOSED state to SYN_SENT state it is that we establish a socket, and beconnect () then becomes SYN_SEND state ,, sending SYN after reply after receiving a server becomes ESTABLISHED state.
Only when the client and server are in the ESTABLISHED state to perform data communication
Data communication : that is, for send and recv operation, the client sends data above figure, the server requires a reply the ACK , which indicates the data has been successfully received
四次挥手
这和三次握手不一样,三次握手是客户端发起的SYN请求,在四次挥手中客户端和服务端都能发起断开连接请求。比如上图中。首先客户端给服务端发起一个FIN包,表示我要和你断开连接,在服务端收到FIN包的时候回复一个ACK表示我已经收到了你的请求,并且给客户端也发送一个FIN包,表示我也要和你断开连接,客户端收到FIN后回复给服务端一个ACK,当服务端收到之后连接就此断开。
客户端状态变化
当客户端发起FIN就是我们close()产生的。当调用close()之后客户端变为FIN_WAIT1状态在发送FIN包之后服务端收到之后并且发起一个ASK应答,在客户端收到之后变为FIN_WAIT2状态,到服务端也发起一个FIN请求,在客户端收到之后就变为TIME_WAIT状态,当服务端CLOSE之后客户端也进入CLOSED状态。
服务端状态变化
当接收到客户端发出的FIN请求的之后服务端变为CLOSE_WAIT状态,在回复ACK应答之后给客户端发起一个FIN之后变为LAST_ACK,知道最后变为CLOSED状态
特殊状态
在三次回收四次握手中有两个特殊的状态,一个是ESTABLISHED和TIME_WAIT状态,并且是必不可少的。
- ESTABLISHED:是建立三次握手之后的客户端和服务端的状态,只有两边同时处于ESTABLISHED状态才能进行数据通信
- TIME_WAIT(主动关闭方才有)
(1)如果没有TIME_WAIT状态的话在四次挥手中加入客户端发送的ACK丢失的话服务端不能关闭,但是客户端已经关闭了,当收不到ACK的时候服务端会重新发送一个FIN包请求,这时候客户端已经关闭,假如一个新的客户端建立之后使用先前的端口信息,会直接将FIN包发送给新的客户端,这回对新的连接造成影响
(2)若新客户端使用相同端口信息,向服务端发送FIN请求,但是服务端因为没有收到最后一个ACK请求处于LAST_ACK状态,在收到SYN后判定状态错误,回复RST报文重置连接,也对新的连接造成影响。
(3)TIME_WAIT一般持续时间是2MSL(报文最长生命周期)因为在ACK丢失的时候,导致对方重传的时候需要2*MSK,也是等待网络中所有双方延迟的报文消失在网络中,不会对后序的操作造成影响。
相关问题
(1)为什么握手是三次,挥手是四次呢?
握手是三次是确保可靠的基本需要,因为2次是不能建立连接的,但是四次又太多余了,ACK和SYN是可以一起发送的。就像我们打电话一样,接通之后需要确定双方都能听到对方的声音。
挥手是四次:当被动方收到主动方报文通知时,他仅仅表示主动方没有数据在发送给被动方了,但是未必被动方所有的数据都完整的发送给了主动方,所以被动方不会马上关闭SOCKET,他可能还需要发送给主动方一些数据再发送FIN报文给主动方,告诉主动方统一关闭连接。所以这里的FIN和ACK是分开发送的。
(2)若三次握手第三次握手失败,服务端如何去处理?
第三次握手失败之后并不会重传ACK报文,而是直接发送RTS报文段,进入CLOSED状态,这样的目的就是为了防止SYN泛洪攻击
(3)SYN泛洪攻击是什么,怎样去预防?
SYN泛洪攻击就是利用TCP三次握手机制,攻击端利用伪造的IP地址向被攻击端发出请求,而被供给端发出的响应报文将永远发送不到目的地,那么背攻击端在等待关闭这个连接的过程中消耗了资源,当连接成千上万的时候主机资源被消耗完,服务端就瘫痪了。
预防
- 增加TCP backlog队列
由于其基本原理是依赖于终端主机连接套接字的backlog溢出,因此一个显然的基于终端主机的解决方案是增加backlog队列的大小。通过修改listen()函数的参数和一个操作系统内核参数SOMAXCONN - 减少SYN_RECEIVED的时间
缩短一个TCP从进入SYN_RCVD状态到因未进入下一个状态而被回收的事件,
等等…
(4) the role of the TIME_WAIT (explained above has been a)
(5) if the service side there has been a lot of TIME_WAIT state, and why? How to solve?
Only in the initiative will be closed just TIME_WAIT state, in general, are active close the client, the server does not appear TIME_WAIT state, but there are some special services, such as pop / smtp, ftp server is received client QUIT after the command to close the connection initiative, which resulted in a large number of server TIME_WAIT state
solution: allow the server to quickly recover and reuse TIME_WAIT of those resources, modify the parameters, set the port multiplexing . The TIME_WAIT time to set up a small point. You can reduce the number of state TIME_WAIT
(6) the server to maintain a large number of CLOSE_WAIT state, and why? How to solve?
The reason: the other server program that he did not issue further ACK signal after closing the connection, in other words, the connection is closed after other procedures do not detected, the program or are they just forget about the time required to close the connection, so this program has been occupied resources . (Abnormal connections or the other he did not quickly recover resources)
Solution: Check the code, which is the error code appears. For example, do not close the socket, and so on.