Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "what are the basic knowledge of TCP". In the operation of actual cases, many people will encounter such a dilemma. Then let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

TCP message paragraph: concept: divided into two parts: head and data.

The fields in the TCP segment header: source port / destination port these two fields, together with the source IP address and destination IP address in the IP header, uniquely identify each connection. The combination of an ip address and a port is called a socket or an endpoint. Serial number (seq) the sequence number of the first byte of the data sent in this paragraph, and the value of seq is equal to the sequence number of the last byte of previously sent data + 1. (when TCP transmits, each byte of data is numbered, which is the serial number.) the confirmation number (ack) expects to receive the sequence number of the first byte of the next message segment of the other party. If ack is x, then all data up to the serial number Xmur1 (including XMAE 1) has been received correctly. ACK the ack field is valid only when ACK=1, and ack is not valid when ACK=0. SYN SYN=1 and ACK=0 indicates that this is a connection request message segment. If the other party agrees to establish a connection, the other party should include SYN=1 and ACK=1 in the response message. The FIN FIN=1 indicates that the sender of this message has ended sending data to the other party and asked for the connection to be released. Reset (RST) reset the connection. Window size the remaining size of the buffer received by the receiver. This is a 16-bit field in bytes. The window size field can represent a maximum of 65535 bytes (64K), but the maximum receive window size for TCP is not 64K. The actual receive window size of TCP is that the value of the 16-bit window size field shifts M (M means window expansion factor) bit to the left, and the window expands twice as much as it moves by one bit. Checksum this field covers the TCP header and data, which is calculated by the sender and then verified by the receiver. Its purpose is to find any changes in the TCP header and data between the sender and the receiver. If the receiver detects an error in the checksum, the TCP message will be discarded directly. Note: after the connection is established, all messages sent must have ACK set to 1. SYN message segments and FIN message segments cannot carry data, but will consume a serial number. ACK message segments can carry data, but do not consume serial numbers if they do not carry data. TCP data

TCP three-way handshake

Concept: when establishing a TCP connection, the client and server need to interact 3 times, that is, send 3 TCP segments, so it is called 3-way handshake. Objective: to establish a TCP connection with the server and synchronize the serial number, confirmation number, TCP window size and other information of both sides of the connection. Description: changing three-way handshake to two-way handshake will cause deadlock: two handshakes: a sends connection request message, B receives A request message and sends out confirmation message, then the connection is considered to be established. For example: a sends a connection request message, B receives a request message from An and sends an acknowledgement message. If the confirmation message of B is lost during transmission, B thinks that the connection has been established and begins to send data. While A has been waiting for the confirmation message of B and will not accept the data sent by B, while B will always be in the state of waiting for A to be determined after sending the data, resulting in An and B waiting for each other. Form a deadlock. The first handshake: the client sends a connection request message segment to the server (message segment header: (initial) sequence number seq=x, synchronization SYN=1), when the client enters the SYN_SENT (synchronization has been sent) state. Note: synchronous SYN=1 will consume a sequence bit, that is, the sequence number of x will be occupied, so the sequence number sent next time should start from Xbox 1, and the same goes for the FIN when you wave for the first time. Second handshake: after receiving the connection request message segment, if the server agrees to establish a connection, it sends the response message segment to the client (message segment header: synchronization SYN=1, confirmation ACK=1, confirmation number ack=x+1, sequence number seq=y, at this time the server enters the SYN_RECV (synchronization has been received) state. The TCP connection at this time is called a half-open connect. The third handshake: after receiving the response message segment from the server, the client sends the message segment for confirmation to the server again (message segment header: synchronous SYN=0, confirmation ACK=1, confirmation number ack=y+1, sequence number seq=x+1). At this time, the TCP connection has been established, and both the client and the server enter the ESTABLISHED (established connection) state.

TCP waved four times.

Concept: when releasing a TCP connection, the client and server need to interact 4 times, that is, send 4 TCP segments, so it is called 4 waves. Description: 1) disconnect the TCP connection, that is, the client closes the channel for sending data and the server closes the channel for sending data. 2) Why is it a three-way handshake when connecting, but a four-way handshake when it is closed: 1 > when establishing a connection: when the server receives the SYN connection request message from the client, the server can directly send the SYN+ACK message, in which the ACK message is used to reply and the SYN message is used to synchronize. 2 > when closing the connection: when the server receives the FIN message from the client, it is likely that the server will not close SOCKET immediately, but will reply to an ACK message first, telling the client, "I have received the FIN message you sent, but I (possibly) have data to send." when all the messages on the Server side have been sent, the server will send the FIN message, that is, the server will need to wave twice in the process of notifying the client. So you need to wave a total of four times when closing the connection. First wave: the client sends a connection release message segment to the server (message segment header: termination FIN=1, serial number seq=u), stops sending data, actively closes the TCP connection, and the client enters the FIN_WAIT1 (termination waiting for 1) state. The second wave: after the server receives the connection release message segment of the client, it sends the confirmation message segment to the client (message segment header: confirmation ACK=1, confirmation number ack=u+1, sequence number seq=v). At this time, the server enters the state of CLOSE_WAIT (shutdown waiting) and notifies the application process. After receiving the acknowledgement message segment from the server, the client enters the FIN_WAIT2 (termination waiting 2) state. At this time, the client has no data to send, but the server may still have data to send, and the client can still accept the data sent by the server, and the TCP connection is semi-closed. The third wave: after the application process notifies the server to release the connection, the server issues a connection release message segment (header of the message segment: confirm ACK=1, termination FIN=1, sequence number seq=w (the server may send some more data in the semi-closed state), and the confirmation number ack=u+1). At this time, the server enters the state of LAST_ACK (final determination). The fourth wave: after receiving the connection release message segment of the server, the client sends a definite message segment to the server (message segment header: confirmation ACK=1, sequence number seq=u+1, confirmation number ack=w+1). At this time, the client enters the TIME-WAIT (time waiting) state, and only after the waiting time has passed, both of them enter the CLOSED state.

SYN attack: concept: SYN attack is a typical DDOS (Distributed Denial of Service: distributed denial of Service) attack.

Principle: the client forges a large number of non-existent IP addresses in a short period of time, and then continuously sends SYN packets to the server (that is, it constantly initiates the first handshake to establish a large number of semi-connected requests). After receiving the connection request, the server sends a response message and waits for the customer's confirmation. Because the source address does not exist, the server needs to constantly retransmit until the timeout. These forged SYN packets will occupy the unconnected queue (syns queue) for a long time, normal SYN requests will be discarded, the target system will run slowly, and seriously cause network congestion or even system paralysis. Detection: check the TCP connection with a status of SYN_RECV: netstat-npt | grep SYN_RECV # if the ip address of Foreign Address is random, the server is probably being attacked by SYN at this time. Statistics of TCP connection status: netstat-npt | awk'{print $6}'| grep-v "Foreign" | sort | uniq-c description: generally, newer TCP/IP protocol stacks modify this process to prevent SYN attacks and modify tcp protocol implementation. The main methods include SynAttackProtect protection mechanism, SYN cookies technology, increasing maximum semi-connection and shortening timeout time. However, it can not completely prevent SYN attacks.

Socket programming: Socket.connect () triggers TCP's three-way handshake. Socket.close () triggers four waves from TCP. Indicates that no data is sent or accepted.

Timeout retransmission: concept: when TCP transmits data, the sender will wait for the receiver to respond to the ACK message after sending the data, and judge whether the data is transmitted successfully according to the ACK message. If the sender does not wait for the receiver's ACK message for a long time after sending the data, the sender will resend the data.

The reason why the sender did not receive the ACK message: in the process of data transmission, due to network reasons and other direct packet loss, the receiver did not receive it at all. The receiver receives the response data, but the response ACK packet is lost due to network reasons. After that, if the receiver receives the re-transmitted data from the sender (which can be determined by the sequence number), the duplicate data will be discarded, but will still respond to the ACK message. Calculation of timeout: default 500ms. If there is still no response after a retransmission, the timeout will be retransmitted after waiting for 2*500ms. When the number of retransmissions reaches a certain value, TCP assumes that the network is down or that the other party has an exception, and then forcibly closes the connection. Too long timeout will reduce the overall efficiency of TCP transmission. Too short a timeout will result in frequent delivery of duplicate packets.

Window mechanism: concept: both ends of each TCP connection maintain a send window and a receive window.

Sending window: the data in the sending cache of the sender can be divided into four categories, of which type 2 and type 3 belong to the sending window: 1 > sent, received ACK 2 > sent, not received ACK 3 > not sent, but allowed to send 4 > not sent But the sending and receiving window is not allowed: the cached data of the receiver is divided into three categories, among which type 2 belongs to the receiving window: 1 > received 2 > not received but ready to receive 3 > not received and not ready to receive sliding mechanism: the sending window will not move the left boundary of the sending window until it receives the ACK acknowledgement of the bytes in the sending window. The receive window moves the left boundary only if all previous message segments are confirmed. If there are bytes in front of the receiving window that are not received, if the next bytes are received, the receiving window will not move, and TCP will not send an acknowledgement to the following bytes, and the sender will retransmit the data when it times out.

Flow control: concept: TCP determines the sending speed of the sender according to the data processing ability of the receiver (the value of the window size field). Process: the receiver sends the ACK message when confirming the reply, and the ACK message contains the size of the receiving window. The sender sets the speed of sending data according to the value of the window size in the ACK message. If the value of the window size in the ACK message is 0, the sender will stop sending data and periodically send the window probe data segment to the receiver in order to obtain the latest window size of the receiver in time.

Note: if the data sent by the sender is too fast, the receiving buffer of the receiver will soon be filled, and after the receiving buffer of the receiver is filled, the data sent by the sender will be discarded by the receiver, thus triggering the timeout retransmission of the sender.

Congestion control: concept: the phenomenon that routers are forced to discard data because they are unable to handle high-speed incoming traffic is called congestion. The cause of congestion: when the amount of data received by the router per unit time is greater than the amount of data it can send, the router needs to store the excess data. If the amount of data received continues to exceed the amount of data that can be sent, it will deplete the storage resources of the router and cause the router to discard some of the data.

Principle: the sender maintains a congestion window variable cwnd, and the size of the congestion window depends on the congestion degree of the network. The sender's sending window size takes the smaller value of the congestion window size and the receiver window size. TCP achieves congestion control by dynamically adjusting the size of the sending window. Slow start mechanism: the initial value of the congestion window is 1, and each time the sender receives the ACK message, the sender adds 1 to the congestion window. The "slow" in slow startup means that there is less data to be sent at the beginning, and the transmission speed is slow, but the growth of congestion window value is exponential, so it is growing very fast. When the congestion window value reaches the threshold, the growth of the congestion window value is changed to linear growth. At the beginning of slow start, the threshold of slow start is equal to the maximum value of the window. once TCP finds network congestion, the threshold of slow start will become half of the current threshold, and the congestion window will be reset to 1.

Reliability of TCP: connection management: three waves and four handshakes to transmit data: sequence number and acknowledgement number mechanism checksum timeout retransmission mechanism flow control congestion control

Frequently asked questions:

Server returns "RST" problem: analysis: after the server closes the connection, if the client is still reading and writing on the connection, and the server kernel receives the data and finds that the Socket has already been close, the server will return the "RST" flag to the client. Note: when the server returns "RST", if the client is reading data from the output stream of the Socket socket, it will prompt Connection reset "when the server returns" RST ", if the client is writing data to the input stream of the Socket socket, it will prompt" Connection reset by peer ".

Solution: try again. This is the end of "what are the basics of TCP". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.