In the TCP layer, there is a FLAGS field, which has the following identifier: SYN, FIN, ACK, PSH, RST, URG.
Among them, for our daily analysis is useful in front of the five fields.
Their meanings are:
SYN indicate a connection,
FIN connecting means closed,
ACK indicates the response,
PSH expressed DATA data transmission,
RST represents a reset connection.
Wherein, while ACK is possible to use the SYN, the FIN, etc., such as SYN and ACK may simultaneously 1, it represents the response after the connection is established,
If only a single SYN, it represents only establish a connection.
Several TCP handshake is manifested through this ACK.
But SYN and FIN are not simultaneously 1, because the former is to establish a connection represented, while the latter represents the disconnect.
RST typically appear after FIN is 1, it represents the connection reset.
In general, when a FIN packet or RST packets appear, we believe that the client and the server was disconnected; and when the SYN and SYN + ACK packet occurs, we believe that the client and server to establish a connection.
PSH is 1, generally only in the content of DATA packet is not zero, i.e. PSH are represented as real content to be transmitted TCP packets.
TCP connection is established and the connection is closed, it is through requests - the response mode is completed.
Concept of complementarity -TCP three-way handshake:
TCP (Transmission Control Protocol) transport control protocol
TCP is the host to host transmission control protocol layer, to provide reliable connectivity services, three-way handshake to establish a connection confirmation:
I.e. tcp flag bit code, there are six kinds Flag: SYN (synchronous connection establishment) ACK (acknowledgement acknowledgment) PSH (push transfer) FIN (finish end) RST (reset Reset) URG (urgent emergency) Sequence number (sequence number) Acknowledge number (confirmation number)
The first handshake: Host A sends bit code syn = 1, randomly generated seq number = 1234567 packet data to the server, by the host B knows SYN = 1, A requirement to establish a connection;
Second handshake: Host B after receiving the request for a connection acknowledgment message, to send ack number A = (seq host A + 1), syn = 1, ack = 1, randomly generated seq = 7654321 of the packet;
Third handshake: Host A receives the ack Number check is correct, i.e., the first transmission seq number + 1, and the ack bit code is 1, if correct, then the host A transmits ack number = (host B seq + 1), ack = 1, the host B receives the acknowledgment seq value ack = 1 the connection is successfully established.
Three-way handshake is completed, the host A and the host B starts transmitting data.
In the TCP / IP protocol, TCP protocol provides reliable connectivity services, three-way handshake to establish a connection. The first handshake: a connection is established, the client sends syn packets (syn = j) to the server, and enters SYN_SEND state, waiting for the server to confirm; second handshake: server receives syn packets, must confirm the customer SYN (ack = j + 1), while themselves sends a SYN packet (syn = k), i.e., SYN + ACK packet, then the server enters a state SYN_RECV;
Third handshake: the client receives the SYN + ACK packet to the server, the server sends an acknowledgment packet ACK (ack = k + 1) , this packet is sent, the client and server into the ESTABLISHED state, complete the three-way handshake. Complete three-way handshake, the client and the server begins transmitting data extracted from the Chinese cloud security network (www.yunsec.net) Original:. Http://www.yunsec.net/a/school/wlcs/agreement/2012/0317/10262. html