Shulou(Shulou.com)05/31 Report--

What are the 11 states of TCP, many beginners are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

I originally wanted to write about the relevant tests and solutions of time_wait in the nginx server during the operation and maintenance process, and then found that the status of TCP needed to be laid down first, so I organized this article.

On the Internet, many bosses organize TCP three-way handshakes and four waves, and have seen many people write, but in fact, from the point of view of operation and maintenance, when we analyze the status of TCP links, we first use netstat or ss to check.

After that, packet analysis will be carried out according to the status of TCP to further identify some problems, so what we will see first is the status of TCP, so we need to have a clear understanding of what the 11 states of TCP represent.

The 11 states of TCP correspond to 5 states of TCP three-way handshake and 6 states of TCP four-wave disconnection.

As shown in the figure above, there are 11 states, the whole process of establishing and disconnecting connections throughout the TCP.

Below, I use tcpdump to grab a complete three-way handshake and four-wave package of the client and server, which can correspond to the status diagram above.

Let's look at it separately. First of all, there is a three-way handshake.

The picture above is a complete three-way handshake.

First of all, the request connection is issued by client, that is, SYN=1 ACK=0,TCP stipulates that SYN=1 cannot carry data, but it consumes a seq, so declare its own seq=x

Then Server replies to confirm, that is, SYN=1 ACK=1 seq=y ack=x+1

Finally, Client confirms it again, but does not need SYN, that is, ACK=1 seq=x+1 ack=y+1.

The corresponding TCP status throughout the process is as follows:

CLOSED: initial state indicating that the TCP connection is "closed" or "not open"

LISTEN: indicates that a SOCKET on the server is listening and can accept connections from the client

SYN_RCVD: indicates that the server received a SYN message from the client requesting a connection. This state is on the server side, but it is an intermediate state, which is very short. It is not easy to see this state when we use netstat or ss, but when we encounter SYN attacks such as SYN flood, there will be a large number of this state, that is, we will not receive the ACK from the last client of the three-way handshake, so it will always be this state and will not transition to ESTABLISHED.

SYN_SENT: this state corresponds to the SYN_RCVD state, which is the state of the TCP connection client. When the client SOCKET executes connect () to connect, it first sends the SYN message, then randomly enters the SYN_SENT state, and waits for the server's SYN and ACK, which indicates that the client's SYN has been sent.

ESTABLISHED: indicates that the TCP connection has been established successfully and starts to transfer data

These are the five TCP states of the three-way handshake. If you distinguish them from the client-server point of view, CLOSED and ESTABLISHED will appear on both the client and the server, while LISTEN and SYN_RCVD usually appear on the server, and SYN_SENT on the client.

But usually in the server and client is not absolute, for example, Nginx server, Nginx is usually used as a web proxy server, it is not only the server, but also the client, so in the query statistics of TCP status, it is best to match the port to distinguish between the client and the server, to more accurately locate the problem.

Then watch the state of waving four times.

FIN_WAIT_1: this state is rarely seen in practical work. When the client wants to close the connection actively, it sends a FIN message to the server, and the TCP status enters the FIN_WAIT_1 state. When the server replies ACK and confirms that it is closed, the client enters the FIN_WAIT_2 state, that is, the FIN_WAIT_1 status can be seen only if the server does not receive the server ACK. Then the ACK is not received for a long time, and usually enters the CLOSED state directly after the default timeout period of 60s (controlled by the kernel parameter tcp_fin_timeout).

FIN_WAIT_2: this state is relatively common, and it is also a state that needs to be paid attention to. After receiving the server ACK, the FIN_WAIT_1 enters the FIN_WAIT_2 state, and then waits for the server to send FIN, so the TCP will be in the FIN_WAIT_2 state before receiving the peer FIN, that is, when a large number of FIN_WAIT_2 states are found on the active disconnected end, you need to pay attention to. When the network is unstable or the program forgets to close the call connection, FIN_WAIT_2 also has a timeout, which is also controlled by the kernel parameter tcp_fin_timeout. When the FIN_WAIT_2 state times out, the connection is destroyed directly.

CLOSE_WAIT: indicates that it is waiting to be closed. This state only appears on the passive end, that is, when the active disconnected end calls close (), the passive segment will inevitably respond to an ACK (which is determined by the TCP protocol layer). At this time, the TCP connection state will enter the CLOSE_WAIT.

LAST_ACK: when the passively closed party sends the FIN message and waits for the other party's ACK message, it is in the LAST_ACK state, and when it receives the other party's ACK, it enters the CLOSED state.

TIME_WAIT: this is the most common state. After receiving the other party's FIN, the active party changes from the FIN_WAIT_2 state to the TIME_WAIT state.

CLOSING: this state is relatively special and rare, and normally does not occur, but when both parties, as active parties, call close () to close the connection, both sides enter the state of FIN_WAIT_1. At this time, they expect to receive the ACK packet and enter the state of FIN_WAIT_2, but receive the other party's FIN packet first. At this time, they will enter the state of CLOSING. Then give the other party an ACK, receive the ACK and enter the CLOSED state directly.

The above are the six states of four waves. knowing the detailed meaning of each state, you can quickly locate the problem and adjust the relevant parameters in performance tuning and troubleshooting.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.