Shulou(Shulou.com)06/01 Report--

1. Handshakes by TCP/IP protocol for three times:

The so-called three-way handshake (Three-Way Handshake) is the establishment of a TCP connection, which means that when establishing a TCP connection, the client and server need to send a total of three packets to confirm the establishment of the connection. In socket programming, this process is triggered by the client executing connect, as shown in the following figure:

Figure 2 TCP three-way handshake

(1) first handshake: Client sets the flag bit SYN to 1, randomly generates a value of seq=J, and sends the packet to Server,Client to enter the SYN_SENT state, waiting for Server to confirm.

(2) second handshake: after the Server receives the packet, the flag bit SYN=1 knows that the Client requests to establish a connection. Server sets the flag bits SYN and ACK to 1 seq=K, randomly generates a value seq=K, and sends the packet to Client to confirm the connection request, and the Server enters the SYN_RCVD state.

(3) the third handshake: after receiving the confirmation, Client checks whether the ack is Jacks 1, if the flag bit ACK is set to 1, and sends the packet to Server,Server to check whether the ack is 1. If it is correct, the connection is established successfully, Client and Server enter the ESTABLISHED state, and the three-way handshake is completed, and then data transmission can begin between Client and Server.

SYN***:

During the three-way handshake, after Server sends the SYN-ACK, the TCP connection before receiving the ACK of the Client is called semi-connected (half-open connect), when the Server is in the SYN_RCVD state, and when the ACK is received, the Server is transferred to the ESTABLISHED state. SYN*** means that Client forges a large number of non-existent IP addresses in a short time, and constantly sends SYN packets to Server, Server replies to confirmation packets, and waits for Client confirmation. Because the source address does not exist, Server needs to be retransmitted until timeout. These forged SYN packets will take up the unconnected queue, resulting in normal SYN requests being discarded because the queue is full, resulting in network congestion and even system paralysis. In SYN***, a typical way for DDOS***, to detect SYN*** is very simple, that is, when there are a large number of semi-connected states on the Server and the source IP address is random, it can be concluded that the SYN*** has been encountered. Use the following command to make it current:

# netstat-nap | grep SYN_RECV

Waving three or four times

The three-way handshake is familiar. The so-called Four-Way Wavehand means that when a TCP connection is disconnected, the client and server need to send a total of 4 packets to confirm the disconnection. In socket programming, this process is triggered by the execution of close by either the client or the server, as shown in the following figure:

Fig. 3 TCP waved four times

Because the TCP connection is full-duplex, each direction must be closed separately. This principle is that when one party completes the data transmission task, it sends a FIN to terminate the connection in this direction. Receiving a FIN just means that there is no data flow in this direction, that is, no more data will be received, but data can still be sent on this TCP connection until FIN is also sent in this direction. The first party to perform the shutdown will perform an active shutdown, while the other party will perform a passive shutdown, as described in the figure above.

(1) first wave: Client sends a FIN to turn off the data transfer from Client to Server, and Client enters the FIN_WAIT_1 state.

(2) second wave: after Server receives the FIN, it sends an ACK to Client, confirming that the serial number is received by the serial number + 1 (same as SYN, a FIN occupies a serial number), and the Server enters the CLOSE_WAIT status.

(3) third wave: Server sends a FIN to turn off data transfer from Server to Client, and Server enters LAST_ACK state.

(4) the fourth wave: after Client receives the FIN, the Client enters the TIME_WAIT state, and then sends an ACK to the Server, confirming that the serial number is received + 1 Magi Server enters the CLOSED state and completes four waves.

Above, one party shuts down actively and the other party shuts down passively. In practice, an active shutdown is initiated at the same time, as shown in the following figure:

Figure 4 waving at the same time

The process and status are already clear in the figure above, so I'm not going to repeat them here, but you can refer to the previous four wave parsing steps.

IV. Notes

There are usually typical interview questions about three-way handshake and four-wave hands. Here are some suggestions for XDJM in need:

(1) what is the three-way handshake or process? What about four handshakes? The previous analysis of the answer is.

(2) Why does it take three handshakes to establish a connection and four waves to close a connection?

This is because the server in the LISTEN state, after receiving the SYN message of the connection request, sends ACK and SYN to the client in a single message. When you close the connection, when you receive the FIN message from the other party, it only means that the other party can no longer send data but can still receive data, and your own side may not send all the data to the other party, so you can immediately close, or send some data to the other party, and then send a FIN message to the other party to indicate that you agree to close the connection now. Therefore, your ACK and FIN will generally be sent separately.

There are several key fields in the figure to highlight:

(1) sequence number: the Seq sequence number, which occupies 32 bits, is used to identify the byte stream sent from the source side of the TCP to the destination side, which is marked when the initiator sends the data.

(2) confirmation serial number: Ack serial number, accounting for 32 bits. Only when the ACK flag bit is 1, the confirmation serial number field is valid, Ack=Seq+1.

(3) Mark bits: a total of 6, namely, URG, ACK, PSH, RST, SYN, FIN, etc., the specific meanings are as follows:

(a) URG: emergency pointer (urgent pointer) is valid.

(B) ACK: confirm that the serial number is valid.

(C) PSH: the receiver should deliver this message to the application layer as soon as possible.

(d) RST: reset the connection.

(e) SYN: initiates a new connection.

(F) FIN: release a connection.

It is important to note that:

(a) do not confuse the confirmation number Ack with the ACK in the flag bit.

(B) the confirmer Ack= initiator Req+1, both ends of the pair.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.