Shulou(Shulou.com)06/01 Report--

Status of CP (SYN, FIN, ACK, PSH, RST, URG)

In the TCP layer, there is a FLAGS field with the following identities: SYN, FIN, ACK, PSH, RST, URG.

Among them, the first five fields are useful for our daily analysis.

What they mean is:

SYN means to establish a connection

FIN means to close the connection

ACK indicates response

PSH indicates that there is DATA data transmission

RST indicates that the connection is reset.

Among them, ACK may be used at the same time with SYN,FIN, for example, SYN and ACK may be 1 at the same time, which represents the response after the connection is established

If it's just a single SYN, it just means to establish a connection.

Several handshakes of TCP are shown through such ACK.

But SYN and FIN will not be 1 at the same time, because the former means to establish a connection, while the latter means to disconnect.

A RST of 1 usually occurs after FIN, indicating that the connection is reset.

Generally speaking, when there are FIN packages or RST packages, we think that the client is disconnected from the server, while when there are SYN and SYN+ACK packages, we think that the client has established a connection with the server.

When PSH is 1, it only occurs in packets whose DATA content is not 0, that is, a PSH of 1 means that the content of the real TCP packet is delivered.

The connection establishment and closure of TCP are done through the request-response mode.

Concept supplement-TCP three-way handshake:

TCP (Transmission Control Protocol) Transmission Control Protocol

TCP is a host-to-host layer transmission control protocol that provides reliable connection services and uses a three-way handshake to establish a connection:

The bit code is the tcp flag bit, and there are six kinds of marks: SYN (synchronous online) ACK (acknowledgement confirmation) PSH (push transfer) FIN (finish end) RST (reset reset) URG (urgent Emergency) Sequence number (sequence number) Acknowledge number (confirmation number)

First handshake: host A sends the bitcode syn=1 and randomly generates seq number=1234567 packets to the server. Host B is known by SYN=1, and A requires the establishment of online.

Second handshake: host B will confirm the online information after receiving the request, send ack number= (seq+1 of host A) and syn=1,ack=1 to A, and randomly generate seq=7654321 packets.

The third handshake: host A checks whether the ack number is correct, that is, the seq number+1 sent for the first time, and whether the bitcode ack is 1. If it is correct, host A will send ack number= (seq+1 of host B), ack=1, and host B will confirm the seq value and ack=1 to establish a successful connection.

After completing the three-way handshake, host An and host B begin to transmit data.

In TCP/IP protocol, TCP protocol provides reliable connection service and uses three-way handshake to establish a connection. First handshake: when establishing a connection, the client sends a syn packet (syn=j) to the server and enters the SYN_SEND state, waiting for the server to confirm; the second handshake: when the server receives the syn packet, it must confirm the customer's SYN (ack=j+1), and also sends a SYN packet (syn=k), that is, the SYN+ACK packet, at this time, the server enters the SYN_RECV state.

The third handshake: the client receives the SYN+ACK packet from the server and sends the confirmation packet ACK (ack=k+1) to the server. After the packet is sent, the client and the server enter the ESTABLISHED state and complete the three-way handshake. After completing the three-way handshake, the client and the server begin to transmit data. Excerpt from China Yunan Network (www.yunsec.net) original text: http://www.yunsec.net/a/school/wlcs/agreement/2012/0317/10262.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.