Three-way handshake process
1. The client send a request to "open the door Now, I want to come in" to the server
2. The server sends a "Come in, I'll get you to open the door" to the client
3. The client has sent a very polite "Thank you, I will come in" to the server
Four waving Process
1. The client send "the hour is late, I'm leaving" to the server, such as server up and send him
2. Server hear, send "I know, I send you out of it" to the client, such as client go
3. After the server to shut the door, send "I closed" to the client, and then wait for the client to go (~ Nima hypocritical ah)
4. The client send a "I know, I'm gone," after his own left
TCP packet format
Figure above highlights the need for several fields:
(1) Reference: Seq number , representing 32 bits, used to identify the TCP source to the destination of the transmitted stream of bytes , this time to mark the sender sends data.
(2) the acknowledgment number: Ack number, accounting for 32, only the ACK flag bit is 1, the acknowledgment number field is valid, the Ack + 1 = Seq .
(3) Flags: a total of six, i.e. URG, ACK, PSH, RST, SYN, FIN , and specific meanings are as follows:
(A) the URG: Urgent Pointer (urgent pointer) effective.
(B) ACK: acknowledgment number is valid.
(C) PSH: recipient should be the message to the application layer as soon as possible.
(D) RST: reset the connection.
(E) SYN: initiate a new connection.
(F) FIN: releasing a connection.
Specific flowchart follows:
Three-way handshake process (client we use the A, server-side is represented by B)
Premise: A initiative to open, B passive open
TCP three-way handshake
(1) The first handshake: Client flag bit SYN is set to 1 , a randomly generated value SEQ = J , and the packet is sent to the Server, Client enters SYN_SENT state, waiting for acknowledgment Server.
(2) The second handshake: Server receives the packet data from the flag bit SYN = 1 know Client requests to establish a connection, the Server flags SYN and ACK are set to. 1, ACK = + J. 1 , a randomly generated value seq = K , and transmits the data packet to acknowledge a connection request to the Client, Server enters SYN_RCVD state.
(3) third handshake: the Client receives acknowledgment, checking ack whether J + 1, ACK is 1 , then the flag correctly if ACK is set to 1, ack = K + 1 , and the data packet to Server, Server check a if ck is K + 1, whether the ACK is 1 , if correct, the connection is established, Client and Server enters eSTABLISHED state, complete the three-way handshake, then you can begin to transfer data between Client and Server.
SYN attack:
the three-way handshake process, Server after sending the SYN-ACK, before receiving the ACK TCP connection is called the Client connection half (half-open connect), Server SYN_RCVD state at this time, when the ACK is received, Server into the ESTABLISHED state. Client SYN attack is a large number of forged IP address does not exist in a short time, and continue to send Server SYN packet , Server reply to the confirmation packet, and wait for confirmation of the Client, since the source address does not exist, therefore, Server requires constant weight hair until the timeout, the forged SYN packet will take up production time is not connection queue, leading to the normal SYN requests because the queue is full are discarded, thereby causing network congestion or even system failure. SYN attack a typical DDOS attack detection SYN attack is very simple, that is, when the Server There are a large number of semi-connected state and the source IP address is random , it can be concluded that the attack was a SYN, use the following command allows the current:
#netstat -nap | grep SYN_RECV
Four break up of the process (we use the client A, the server side is represented by B)
Premise: A proactive closed, B passive close
TCP four wave
due to the TCP connection is full-duplex, thus, each direction must be shut down separately, this principle is that when one task is finished sending data, sending a FIN to terminate the connection in this direction, received a FIN simply means that there is no data on the direction of the flow, and that is no longer receive data, but still be able to send data over the TCP connection until this direction also send a FIN. To shut down one of the first active close, while the other performs a passive closed, the description is the case of FIG.
(1) First Wave: Client sends a FIN = 1, the data transfer for closing the Client to the Server, a randomly generated value seq = u, Client enters FIN_WAIT_1 state.
(2) Second wave: Server receives the FIN, ACK = 1 to send a Client, the acknowledgment number for the receipt number ack = u + 1 (the same SYN, FIN a occupy a sequence number), to generate a random value seq = v, Server CLOSE_WAIT into the state.
(3) Third Wave: Server sends a FIN = 1, to disable the Client Server data transfer, ACK = 1, seq = w , ack = u + 1; Server enters LAST_ACK state.
(4) Fourth wave: the Client receives the FIN, Client enters TIME_WAIT state, ACK = 1 then transmits a Server to, receipt of the acknowledgment number for the number + 1, ack = w + 1 , seq = u + 1; Server enter CLOSED state, completed four times and waved.
The above is a party to take the initiative to shut down, the other passive case is closed, will appear in the actual situation at the same time launched the initiative to shut down
(2) Why is a three-way handshake to establish a connection, and close the connection is four times waving it?
This is because the server in the LISTEN state, received after establishing a connection request SYN packet, the SYN ACK and placed in a packet sent to the client . The connection is closed, upon receipt of each other's FIN message that just means the other party no longer send data but also receive data, it may not own all the data are sent to each other, so one's own can close immediately, you can also send some data (ACK) to the other party and then send a FIN packet to the other party to agree to close the connection now, therefore, one's own and FIN ACK generally transmitted separately.
