1, TCP three-way handshake to establish a connection
1,1 Introduction: The three-way handshake before, first introduced the TCP layer several FLAGS field, which has the following several marked
SYN indicate a connection,
FIN connecting means closed,
ACK indicates the response,
PSH expressed DATA data transmission,
RST represents a reset connection.
Step 2 three-way handshake
first handshake: Host A sends bit code syn = 1, randomly generated seq number = 1234567 packet data to the server, by the host to know the SYN B = 1, A requirement to establish a connection;
Second handshake: Host B after receiving the request for a connection acknowledgment message, to send ack number A = (seq host A + 1), syn = 1, ack = 1, randomly generated seq = 7654321 of the packet;
Third handshake: Host A receives the ack Number check is correct, i.e., the first transmission seq number + 1, and the ack bit code is 1, if correct, then the host A transmits ack number = (host B seq + 1), ack = 1, the host B receives the acknowledgment seq value ack = 1 the connection is successfully established.
Three-way handshake is completed, the host A and the host B starts transmitting data.
From the packet capture analysis can clearly see the TCP three-way handshake, the lower figure is a complete three-way handshake to establish a connection port 80 client and server port 41826
2, tcp disconnect the four-way handshake
tcp disconnected in two ways, first is a normal four-way handshake is turned off, the second is abnormal disconnected RST
2,1 normally open four-way handshake:
The figure comes from the network
Client-initiated assume interrupt connection request is sent FIN message. Server-side after receiving FIN messages, meaning "I do not Client-side data to be sent to you," but if you have no data transmission is complete, you do not hurry to close the Socket, you can continue to send data. So before you send ACK, "he tells the Client side, your request I received, but I'm not ready, please continue your message waiting for me." Client-side this time entered FIN_WAIT state, continue to wait FIN packets Server side. Server data to determine when the end has been sent, then send a FIN packet to the Client-side "Tell Client-side, well, I ran out data here, ready to close the connection." Client after client receives FIN message, "you know that you can close the connection, but he still did not trust the Internet, afraid Server side does not know to turn off, so after sending ACK enter TIME_WAIT state, if the Server does not receive ACK can be heavy Biography. "after Server client receives ACK," you know that you can become disconnected. " Client-waiting after 2MSL still not received a reply, then prove Server has a normally closed end, well, I Client-side can also close the connection. Ok, TCP connection is so closed!
2,2 handshake disconnected by capturing Packet look
at figure four arrows is a standard four-way handshake.
First, the server port 80 want to disconnect the connection requests FIN port 41826
Then the second arrow like after receiving the request server 41 826 replies an ACK port 80
Then the third arrow 41826 port disconnection request sent to the server 80 FIN
Finally, the fourth arrow, the server 80 sends the ACK back to the disconnected client
After this four-way handshake, the server and the client confirmed disconnected, you can see the disconnect is bi-directional.
2,3 RST abnormal connection is closed
sometimes disconnected abnormality will occur, i.e. the RST, for example the FIG., A disconnect request server 80 to the client 32 875 FIN sending, by which the client can link a reply ACK, but this time there is data to be transmitted, so there is no hurry to reply FIN, but first get requests sent out, sending the disconnection request after FIN get request retransmission, but this time the server does not know what the reason is not confirmation before confirming the client is disconnected, so after receiving the get request, the RST returns a, abnormal disconnects this link.
Conclusion:
TCP three-way handshake and the usual four-way handshake to read this looks very jerky and difficult, but by following a http packet capture analysis, for seven tcp handshake with new knowledge and understanding.
I understand these theories is not deep enough, just apply their knowledge to analyze network packet capture. But in order to make the network application, or necessary for tcp, http do understand a little