TCP, relative to the SOCKET developers create process and link remove process consists of the TCP/IP protocol stack is automatically created. So the developer doesn't need to control this process. But to understand TCP the underlying mechanism is quite helpful.

 
And for a network protocol engineer such as written, is almost mandatory content. Enterprise enthusiasm high, on the problem to my surprise: -).Emphasized this question before the interview in the morning, sometimes speak and repeat once, almost every one in the afternoon was asked about the problem.
 
So here to explain it in detail the two processes.
 
The TCP three-way handshake
 
The so-called three-way Handshake (Three - way Handshake), refers to establish a TCP connection, the need to the client and the server a total of Three packages sent.
 
Three-way handshake aims to connect to the server specified port, to establish a TCP connection, and synchronous connection of both serial number and confirmation number and information exchange of the TCP window size. In socket programming, the client performs the connect ().Will trigger the three-way handshake.
 
 
 
 
  • Shake hands for the first time:
    The client sends a TCP SYN mark position 1 bag indicate the customer intend to connect the server port, as well as the initial Sequence Number X, saved in baotou's serial Number (Sequence Number) in the field.
  • The second handshake:
    The server send back confirmation package (ACK) response.The SYN flag bit and 1 at the same time, the ACK flag bit to confirm the serial Number (Acknowledgement Number) I S N + 1 is set to the customer to. Namely, X + 1.

  • The third handshake.
    Client again send confirmation packet (ACK) SYN flag bit is 0, the ACK flag bit is 1. The multi-server and serial number fields + 1 ACK, found in certain fields to each other. And in the data segment, let write ISN + 1

The SYN attack

In three times handshake process, the server sends a SYN - after an ACK, before an ACK is received on the client side of a TCP connection is called half connection (half - open the connect). At this point the server at Syn_RECV state. When after an ACK is received, the server into the ESTABLISHED state.

Syn attack is against the client in a short period of time the IP address of the forged a lot does not exist, sends a Syn packet to the server constantly server reply to confirm the package, and wait for customers confirmation, because the source address is not exist, the server needs to continually resend straight to timeout, the forgery of the Syn packet will occupy not connected for a long time queue, normal Syn requests are discarded, the target system run slowly, serious cause network congestion and even system paralysis.

The Syn attack is a typical DDOS attack.Detect SYN attack is very convenient, when you see so many half connection state on the server, especially the source IP address is random, basically may conclude that this is a SYN attack. Under Linux can be tested to the following commands are SYN attack

netstat -n -p TCP | grep SYN_RECV

Generally, a new TCP/IP protocol stack are to modify the process to prevent the Syn attacks, modified TCP protocol implementation.Main methods are SynAttackProtect protection mechanism, SYN cookies technology, increased the most of the connection, and shorten the timeout time, etc.

But can not completely prevent the syn attacks.

TCP four wave

The removal of TCP connection needs to be sent four packages, and so called four wave (four - way handshake).Client or server can initiate to wave action, in socket programming, any one party performs the close () operation can produce wave operation.

 
 
 

See the wireshark caught, the measured wave caught the results did not strictly according to the sequence.I estimate is the time interval is too short.

 
 
 
 
 
 

1
, to set up the connection protocol (three-way handshake)


(1) the client sends a TCP packet with the SYN mark to the server.This is in the process of three-way handshake packet 1.


(2) the response to the client on the server, this is the second of three times handshake packet, the packet with the SYN and ACK flags logo at the same time.It said to the client of the SYN packet just response;Mark the SYN again at the same time to the client, ask the client if ready for data communications.


(3) the customer must respond again service period of an ACK message, this is a message section 3.


2
Wave, connection termination agreement (four times)


Since TCP connection is full-duplex, so every direction must be independently closed.This principle is when one party after done with its data can be sent to end the direction of a FIN.Receive a FIN only means no data on this direction flow, a TCP connection after receiving a FIN can send data.First close party will perform the initiative, while the other performs passive closure.


(1) the TCP client sends a FIN, used to close the client to the server data transfer (packet 4).


(2) the server receives the FIN, it sends back an ACK, confirm the serial number to receive the serial number + 1 (paragraph 5) message.Like the SYN, a FIN will take up a serial number.


(3) the server is shut down the client connection, sending a FIN to the client (section 6) message.


(4) the customer sends back an ACK message confirmation, and will confirm the serial number is set to receive the serial number + 1 (paragraph 7) message.


CLOSED: this have nothing to say, according to its original state.


LISTEN: this state is also very easy to understand a, said a SOCKET in a listening state on the server that can accept connections.


SYN_RCVD: this status indicates that have received a SYN packet, in normal circumstances, the state is a TCP connection to the server SOCKET in the handshake session three times in the process of an intermediate state, very short, basically use netstat to you is difficult to see this status, unless you deliberately wrote a client test program, deliberately TCP handshake process three times in the final ACK packet will not be sent.So this kind of state, when client after an ACK packet is received, it will enter the ESTABLISHED state.


SYN_SENT: this state and SYN_RCVD imagine echo, when the client SOCKET when performing the CONNECT link it first sends a SYN packet, so then it will be into the state SYN_SENT, and wait for the server send the second message in the three-way handshake.State SYN_SENT said the client sent the SYN packet.


ESTABLISHED: that's easy to understand, said the connection has been ESTABLISHED.


FIN_WAIT_1: this state to explain well, in fact FIN_WAIT_1 and FIN_WAIT_2 state true meaning is waiting for the other side of the FIN packet.And this is the difference between two states: FIN_WAIT_1 state is, in fact, when the SOCKET in the ESTABLISHED state, it want to voluntarily close connection, the send the FIN a message to the other party, the SOCKET that is into FIN_WAIT_1 state at this time.And when a response after an ACK packet, then enter the FIN_WAIT_2 state, of course in the actual under normal circumstances, no matter what kind of situation, each other should be immediately respond to an ACK packet, so FIN_WAIT_1 state is usually difficult to see, and FIN_WAIT_2 state and can often use netstat to see.


FIN_WAIT_2: it has been explained in detail in this state, in fact FIN_WAIT_2 state of the SOCKET, said half connection, which is a request for the close connection, but also tell each other, I still have some data need to be sent to you, later again close the connection.


TIME_WAIT: said received the other side of the FIN packet, and send the ACK packet, just after 2 MSL available can be returned to the CLOSED state.If FIN_WAIT_1, received each other at the same time with FIN marks and ACK packet, can directly into the TIME_WAIT state, without having to pass FIN_WAIT_2 state.


CLOSING: this state is more special, in the actual situation should be very rare, belongs to a state of relatively rare exception.Under normal circumstances, when you send a FIN packet, it is morally should first receive an ACK packet (or received) at the same time each other, from the other side of the FIN message again.But after CLOSING state said you send FIN packet, and did not get the other side of the ACK packet, it has also received the FIN message each other.What circumstances appear this kind of situation?Actually consider, also it is not difficult to conclude that it is almost at the same time if the two sides to close a SOCKET, then appeared on both sides at the same time send FIN packet, that there will be a CLOSING state, said the two sides are about to close the SOCKET connection.


CLOSE_WAIT: the meaning of this state is actually said waiting for closure.How to understand?When close a SOCKET send FIN after message to yourself, your system will no doubt in response to an ACK message to each other, at this time, enter the CLOSE_WAIT state.Next, in fact, you really need to consider the thing is to see whether you have the data sent to the other party, if not, then you can close the SOCKET send FIN message to each other, which is close the connection.In CLOSE_WAIT state, so you need to do is waiting for you to close the connection.


LAST_ACK: this state is relatively easy to understand, it is a passive closing side FIN message after it was sent, wait for the final ACK packet.When receipt of ACK packet, which can enter to the CLOSED state is available.


The last two questions, I analysis after the conclusion (100% correct) doesn't necessarily guarantee


1, why to establish the connection protocol is three times handshake, shake hands and closing connections is four times?


This is because the server SOCKET under the LISTEN state when the SYN packet is received even after the request of building, it can put the SYN and ACK (ACK response function, and plays a role of synchronous SYN) in a message to send.But when closing a connection, when I received the other side of the FIN message notification, it just means no data is sent to you the other;All but not necessarily all of your data is sent to each other, so you can not necessarily immediately close the SOCKET, or you may also need to send some data to each other, after send the FIN message to each other to indicate you agree to can close the connection now, so it is the ACK packet and FIN packet in most cases are sent separately.


2, why the TIME_WAIT state still need to wait for 2 to return to the CLOSED state after MSL?


This is because, although both sides have agreed to close the connection, and shook hands with coordination and send 4 packets are finished, arguably can direct return to the CLOSED state (like from SYN_SEND state to ESTABLISH state);But because we have to be supposed the network is not reliable, you can't guarantee that you will finally send an ACK packet must be received, so the other SOCKET LAST_ACK conditions may because timeout ACK message is not received, and retransmission FIN packet, so the TIME_WAIT state function is used to resend may missing ACK message.

The TCP three-way handshake (connect)/four wave (closed)的更多相关文章

  1. 【Linux网络编程】TCP网络编程中connect()、listen()和accept()三者之间的关系

    [Linux网络编程]TCP网络编程中connect().listen()和accept()三者之间的关系 基于 TCP 的网络编程开发分为服务器端和客户端两部分,常见的核心步骤和流程如下: conn ...

  2. 从Linux源码看Socket(TCP)Client端的Connect

    从Linux源码看Socket(TCP)Client端的Connect 前言 笔者一直觉得如果能知道从应用到框架再到操作系统的每一处代码,是一件Exciting的事情. 今天笔者就来从Linux源码的 ...

  3. Charles 抓包 Client SSL handshake failed - Remote host closed connection during handshake

    Charles 抓包 https 报错: Client SSL handshake failed - Remote host closed connection during handshake # ...

  4. 【Linux 网络编程】TCP网络编程中connect()、listen()和accept()三者之间的关系

    基于 TCP 的网络编程开发分为服务器端和客户端两部分,常见的核心步骤和流程如下: connect()函数:对于客户端的 connect() 函数,该函数的功能为客户端主动连接服务器,建立连接是通过三 ...

  5. TCP之非阻塞connect和accept

    套接字的默认状态是阻塞的,这就意味着当发出一个不能立即完成的套接字调用时,其进程将被投入睡眠,等待响应操作完成,可能阻塞的套接字调用可分为以下四类: (1) 输入操作,包括read,readv,rec ...

  6. UNIX网络编程卷1 时间获取程序client TCP 使用非堵塞connect

    本文为senlie原创,转载请保留此地址:http://blog.csdn.net/zhengsenlie 1.当在一个非堵塞的 TCP 套接字(可使用 fcntl 把套接字变成非堵塞的)上调用 co ...

  7. TCP之connect

    1. connect函数: #include <sys/socket.h> int connect(int sockfd, const struct sockaddr *servaddr, ...

  8. TCP 状态机

    TCP 状态机 TCP 协议的操作可以使用一个具有 11 种状态的有限状态机( Finite State Machine )来表示,图 3-12 描述了 TCP 的有限状态机,图中的圆角矩形表示状态, ...

  9. TCP Connection Establishment and Termination

    Three-Way Handshake The following scenario occurs when a TCP connection is established: The server m ...

随机推荐

  1. [转载]Asp.net MVC2 与 MVC3 路由调试好帮手RouteDebug 与 RouteDebugger

    RouteDebug 与 RouteDebugger是什么? 在Asp.Net MVC程序中,路由(Route)是一个非常核心的概念,可以说是MVC程序的入口,因为每一个Http请求都要经过路由计算, ...

  2. Eclipse导入git上的maven web项目 部署

    1 Eclipse中导入Git的maven项目 方法1: (1)首先当然是拉代码. 在Eclipse里面有个Git Repositories Exploring.就是Git仓库,clone a git ...

  3. [状压dp]HDOJ4539 郑厂长系列故事——排兵布阵

    中文题,题意不再赘述 对于“?”这一格,它所能攻击到的(曼哈顿距离为2的) 前方的 即“√”的四个位置 那么与此格有关的即它前方两行(即状压这两行) 首先预处理每行能满足的: i 和(i<< ...

  4. 环信_EaseUI 使用指南

    EaseUI 使用指南 简介 EaseUI 封装了 IM 功能常用的控件(如聊天会话.会话列表.联系人列表).旨在帮助开发者快速集成环信 SDK. 源码地址: EaseUI:https://githu ...

  5. input checkbox问题和li里面包含checkbox

    <input type="checkbox" id="checkbox1"/> $("input#checkbox1").cli ...

  6. 手势识别官方教程(2)识别常见手势用GestureDetector+手势回调接口/手势抽象类

    简介 GestureDetector识别手势. GestureDetector.OnGestureListener是识别手势后的回调接口.GestureDetector.SimpleOnGesture ...

  7. Android开发之BroadcastReceiver的使用

    1.静态注册. 在manifest中注册. <receiver android:name="com.exce.learnbroadcastreceiver.MyReceiver&quo ...

  8. Eclipse使用技巧及个性化设计

    以下除特殊说明均在 Windows->Preferences里面操作 如何把Eclipse关闭提示调出来? General->Startup and Shutdown,在 Confirm ...

  9. ☀【DOM对象 / jQuery对象】

    jQuery对象和DOM对象 √http://www.ituring.com.cn/article/38868 <!DOCTYPE html> <html lang="zh ...

  10. Azure Backup 简介

    ViswanathTata云 +Enterprise 项目经理 AzureBackup是 Azure恢复服务的一部分,在安全高效的环境中对上传到 Azure的数据提供简单可靠的管理和保护.Azur ...