TCP three-way handshake agreement with the four waving

I. Background description

By the OSI network model describes the IP layer, the network layer we know, can achieve communication between two hosts. But this is not specific, because, really is an entity that communicates process in the host, a host is a process with a process to another host in the exchange of data. Although the specific application can process IP protocol data packets to the destination host, but was not delivered to the host. The communication should be the end of the communication between the application process.

UDP, before transferring the data do not need to establish a connection, the remote host after receiving the UDP packets do not need to give any confirmation. Although UDP does not provide reliable delivery, but it is precisely because of this, and eliminating a lot of overhead, making it faster, such as some of the real-time requirements of the service, it is often using UDP. Application layer protocol corresponds mainly DNS, TFTP, DHCP, SNMP, NFS, etc.

TCP, connection-oriented service, you must first establish a connection, data transfer is complete to release the connection before transmitting data. Therefore, TCP is a reliable transport service, but precisely because of this, inevitably increased the number of overhead, such as confirmation and flow control. Corresponding to the application layer protocols include SMTP, TELNET, HTTP, FTP and the like.

Second, conventional well-known port number

application	FTP	TFTP	TELNET	SMTP	DNS	HTTP	SSH	MYSQL
Well-known port	21,20	69	23	25	53	80	22	3306
Transport Layer	TCP	UDP	TCP	TCP	UDP	TCP	TCP	TCP

Three, TCP Overview

The TCP connection as the basic objects, each TCP connection has two end points, which we call end socket (Socket), which is defined as the port number of the IP address that is spliced ​​to form the socket, e.g. If the IP address is 192.3.4.16 and the port number is 80, then you will get a socket for the 192.3.4.16:80.

Four, TCP packet header

1. Source and destination ports, each with 2 bytes, the write source and destination ports, respectively;
2. Number, 4 bytes, TCP byte stream transport connection in each byte are numbered sequentially. For example, the sequence number field value of the packet period is 301, and the data carried by the total of 100 fields, is clearly the next segment (if there is any) should start from the data number 401;
3. Acknowledgment number, 4 bytes, it is desirable first data byte received counterpart next packet sequence number. For example, B received a packet sent from A, which is the sequence number field 501, and the data length is 200 bytes, B which indicates the correct receipt of data up to 700 A number transmitted. Thus, B expects to receive next data number A is 701, then B in acknowledgment sent to the A segment of the acknowledgment number is set to 701;
4. Offset data, four bits, it is noted that the TCP packet data at the start of how close the TCP segment;
5. Reservations, accounting for 6, reserved for future use, but should have bit 0;
6. Emergency URG, when URG = 1, indicates that the urgent pointer field is valid. In this segment tells the system there is urgent data;
7. Acknowledgment ACK, only when ACK = 1, the acknowledgment number field is valid. TCP provides a connection is established in all the packets of the ACK transmission must be set to 1;
8. PSH push, when two interactive communication application process, the application process may wish to be able to receive an end of the other response immediately after typing a command, this time will PSH = 1;
9. Reset RST, when RST = 1, show that serious errors occurred in the connection TCP, the connection must be released, then re-establish the connection;
10. Sync SYN, when used to synchronize the serial connection is established. When SYN = 1, ACK = 0, indicates that the packet is a connection request, the connection if agreed, the response message should make SYN = 1, ACK = 1;
11. Termination FIN, for releasing the connection. When FIN = 1, data indicating the sender of this message has been sent, and release requirements;
12. Window, 2 bytes, referring to notify the recipient, sending the newspaper text you need much space to accept;
13. And testing, 2 bytes, and header checksum data two portions;
14. Urgent pointer, 2 bytes indicating the number of bytes of urgent data segment newspaper;
15. Options, variable length, defined a number of other optional parameters.

Fifth, establish a TCP connection (three-way handshake)

• The very beginning of the client and server are in CLOSED state. Active open connection to the client, the server is passive open connection.

1. TCP server process to create a Transmission Control Block TCB, always ready to accept connection requests from the client process, the server at this time to enter the LISTEN (monitor) state;
2. TCP客户进程也是先创建传输控制块TCB，然后向服务器发出连接请求报文，这是报文首部中的同部位SYN=1，同时选择一个初始序列号 seq=x ，此时，TCP客户端进程进入了 SYN-SENT（同步已发送状态）状态。TCP规定，SYN报文段（SYN=1的报文段）不能携带数据，但需要消耗掉一个序号。
3. TCP服务器收到请求报文后，如果同意连接，则发出确认报文。确认报文中应该 ACK=1，SYN=1，确认号是ack=x+1，同时也要为自己初始化一个序列号 seq=y，此时，TCP服务器进程进入了SYN-RCVD（同步收到）状态。这个报文也不能携带数据，但是同样要消耗一个序号。
4. TCP客户进程收到确认后，还要向服务器给出确认。确认报文的ACK=1，ack=y+1，自己的序列号seq=x+1，此时，TCP连接建立，客户端进入ESTABLISHED（已建立连接）状态。TCP规定，ACK报文段可以携带数据，但是如果不携带数据则不消耗序号。
5. 当服务器收到客户端的确认后也进入ESTABLISHED状态，此后双方就可以开始通信了。

六、TCP四次挥手

• 数据传输完毕后，双方都可释放连接。最开始的时候，客户端和服务器都是处于ESTABLISHED状态，然后客户端主动关闭，服务器被动关闭。

1. 客户端进程发出连接释放报文，并且停止发送数据。释放数据报文首部，FIN=1，其序列号为seq=u（等于前面已经传送过来的数据的最后一个字节的序号加1），此时，客户端进入FIN-WAIT-1（终止等待1）状态。 TCP规定，FIN报文段即使不携带数据，也要消耗一个序号。
2. 服务器收到连接释放报文，发出确认报文，ACK=1，ack=u+1，并且带上自己的序列号seq=v，此时，服务端就进入了CLOSE-WAIT（关闭等待）状态。TCP服务器通知高层的应用进程，客户端向服务器的方向就释放了，这时候处于半关闭状态，即客户端已经没有数据要发送了，但是服务器若发送数据，客户端依然要接受。这个状态还要持续一段时间，也就是整个CLOSE-WAIT状态持续的时间。
3. 客户端收到服务器的确认请求后，此时，客户端就进入FIN-WAIT-2（终止等待2）状态，等待服务器发送连接释放报文（在这之前还需要接受服务器发送的最后的数据）。
4. 服务器将最后的数据发送完毕后，就向客户端发送连接释放报文，FIN=1，ack=u+1，由于在半关闭状态，服务器很可能又发送了一些数据，假定此时的序列号为seq=w，此时，服务器就进入了LAST-ACK（最后确认）状态，等待客户端的确认。
5. 客户端收到服务器的连接释放报文后，必须发出确认，ACK=1，ack=w+1，而自己的序列号是seq=u+1，此时，客户端就进入了TIME-WAIT（时间等待）状态。注意此时TCP连接还没有释放，必须经过2∗ *∗MSL（最长报文段寿命）的时间后，当客户端撤销相应的TCB后，才进入CLOSED状态。
6. 服务器只要收到了客户端发出的确认，立即进入CLOSED状态。同样，撤销TCB后，就结束了这次的TCP连接。可以看到，服务器结束TCP连接的时间要比客户端早一些。

七、面试题

7.1 为什么客户端最后还要等待2MSL？

MSL（Maximum Segment Lifetime），TCP允许不同的实现可以设置不同的MSL值。

1. 保证客户端发送的最后一个ACK报文能够到达服务器，因为这个ACK报文可能丢失，站在服务器的角度看来，我已经发送了FIN+ACK报文请求断开了，客户端还没有给我回应，应该是我发送的请求断开报文它没有收到，于是服务器又会重新发送一次，而客户端就能在这个2MSL时间段内收到这个重传的报文，接着给出回应报文，并且会重启2MSL计时器。
2. 防止类似与“三次握手”中提到了的“已经失效的连接请求报文段”出现在本连接中。客户端发送完最后一个确认报文后，在这个2MSL时间中，就可以使本连接持续的时间内所产生的所有报文段都从网络中消失。这样新的连接中不会出现旧连接的请求报文。

7.2 为什么建立连接是三次握手，关闭连接确是四次挥手呢？

After the connection is established, the server in the LISTEN state, receiving the SYN packet to establish a connection request, and the SYN ACK packet was sent on to a client. And when the connection is closed, the server receives each other's FIN message that just means the other party no longer send data but also receive data, while he may not have all the data sent to each other, so one's own can be turned off immediately, you can also send after some data to each other, and then send a FIN packet to the other side to agree to close the connection now, therefore, own FIN and ACK generally transmitted separately, resulting in more than once.

How do 7.3 If you have already established a connection, but the client suddenly broke down?

TCP is also a keep-alive timer, apparently, a client if a failure occurs, the server can not keep on waiting, wasted resources. Each time the server receives the client's request will reset the timer set time is usually 2 hours, if two hours has not received any data from the client, the server sends a detection message segment, then every 75 send seconds once. If sending 10 consecutive probe packets still did not respond, the server brought out customers considered a failure, and then they close the connection.