1. TCP definition:

The transport layer protocol of the seven-layer network model is TCP, which is defined by RFC 793 of the IETF. TCP(TCP) is a reliable, connection-oriented, byte stream based communication protocol with low transmission efficiency. The transport layer is located in the middle of the seven-layer model. Below is the network layer, and above is the application layer, which is still very important. There is also udp(connectionless, unreliable) protocol at the transport layer. In comparison, TCP has the following characteristics:

  • Reliable transmission, data loss with retransmission mechanism
  • Data segmentation package transmission, for each data number, control sequence
  • Traffic control to avoid congestion, because both sides of the TCP connection have fixed buffer space. The receiving end of TCP allows the other end to send only as much data as the receiving end buffer can accept
  • TCP provides the full-duplex service, that is, data can be transmitted in both directions at the same time.
  • TCP combines several bytes into a group, which is called a Segment. Provides an end-to-end connection.

2. TCP packet format



  • The source port number and destination port number are both 16 bits. The computer uses the port number to identify which service to access, such as HTTP service or FTP service. The sending port number is random. The target port number determines which program receives it and since it is 16 bits, the maximum port number of the program is 65535
  • 32-BIT sequence Number TCP marks packets with sequence numbers so that they can be reassembled at the destination. Assume that the current sequence Number is S and the length of the sent data is L. Then, the sequence Number of the next data is S + L. When establishing a connection, the computer usually generates a random number as the initial value of the serial number
  • Acknowledgement Number It is the serial number of the data that should be received next time. If the serial number of the sender is S and the length of the data sent is L, the acknowledgement number returned by the receiver is also S + L. When the sender receives this acknowledgement, it can be assumed that all previous data at this location has been received normally.
  • Header length: indicates the length of the TCP header, in 4 bytes. If there are no optional fields, then the value here is 5. Indicates that the length of the TCP header is 20 bytes.
  • Control bits TCP connections, transmissions, and disconnections are directed by these six control bits
    • PSH(Push urgency bit) cache will be full, immediate transmission speed, indicating that DATA is being transmitted
    • RST(reset reset bit) The connection is disconnected and the connection is reconnected
    • URG(Urgent Urgent Bit) Emergency signal
    • An ACK(Acknowledgement) value of 1 indicates the acknowledgement number
    • SYN(synchronous connection, used when establishing TCP connections) Serial number bit Set this value to 1 when establishing TCP connections
    • The FIN sender completes the bit, indicating that no data needs to be sent. The FIN sender sets the FIN to 1, indicating that the connection needs to be disconnected
  • The window value indicates the number of data segments that can be received locally. The size of this value is variable. When the network is smooth, increase the value of this window to speed up the transmission speed; when the network is unstable, reduce the value of this window to ensure the reliable transmission of network data. It is used for flow control over TCP transmissions
  • Window size (Windows) : Indicates the free space of the receive buffer. It is 16 bits and is used to tell the other end of the TCP link the maximum length of data it can receive. The flow control mechanism is based on this.
  • Checksum: Used for error control. The CALCULATION of the TCP checksum includes the TCP header, data, and other padding bytes. The checksum is calculated by the sender when the TCP data segment is sent, and is checked and calculated again when the destination is reached. If the two checksums are the same, the data is correct. Otherwise, the data is considered corrupted and the receiver discards the data
  • Urgent pointer: 16 bits, valid only when URG control bit is 1. Represents the position of the end of the emergency data in the TCP data section. Usually used to temporarily break communication (e.g. Ctrl + C).

3. Three handshakes



For ease of description, we call the host 172.16.17.94:8080 that initiates the request the client and the host 172.16.17.94:8080 that returns the data the server, as follows.

  • First handshake: Establish a connection. The client sends a connection request, sends a SYN packet, and sets seQ to 0. The client then enters the SYN_SEND state and waits for confirmation from the server.
  • Second handshake: The server receives a SYN packet from the client. The SYN segment needs to be acknowledged, and an ACK packet needs to be sent with ACK set to 1. It also sends a SYN request, setting seq to 0. The server sends all the above information to the client, and the server enters the SYN_RECV state.
  • Third handshake: After receiving ACK and SYN packets from the server, the client acknowledges them, sets ACK to 1 and SEQ to 1, and sends an ACK packet to the server. After the ACK packet is sent, the client and server enter the ESTABLISHED state to complete the TCP three-way handshake.

The serial number SEQ is randomly generated by both parties and the default is 0. Ack = Serial number of the other party + 1; Seq = Ack of the other party.

The three-way handshake is used to confirm that the client and server can send and receive data properly. First confirmation: The client can send. Second confirmation: the server can receive and send; Third confirmation: The client can receive.

4. Data transmission



  • The client first sends data to the server in a datagram of 159 bytes.
  • After receiving the packet, the server also sends a data acknowledgement (ACK) to the client and returns the data requested by the client. The length of the data is 111, the SEQ is set to 1, and the ACK is set to 160 (1 + 159).
  • The client acknowledges (ACK) upon receiving the data returned from the server, setting seQ to 160 and ACK to 112 (1 + 111).

Ack = serial number of the other party + length of data sent; Seq = Ack of the other party.

5. Wave four times

    

  • First wave: The client sends a FIN packet segment to the server, and sets seQ to 160 and ACK to 112. At this point, the client enters the FIN_WAIT_1 state, which means that the client has no data to send to the server and requests to close the connection.
  • Second wave: The server receives the FIN packet from the client and sends an ACK packet with ACK set to 1 and SEQ set to 112 to the client. The server enters the CLOSE_WAIT state. After receiving the ACK packet from the server, the client enters the FIN_WAIT_2 state.
  • Third wave: The server checks whether any data has not been sent to the client. If yes, the server sends the data to the client and then sends a FIN packet. If no, the server directly sends FIN packets to the client. The server is requested to close the connection and enter the LAST_ACK state.
  • Fourth wave: The client receives the FIN packet from the server, sends an ACK packet to the server, sets seQ to 161, ACK to 113, and enters the TIME_WAIT state. After receiving the ACK packet from the client, the server closes the connection. At this point, the client waits for 2MSL and still does not receive a reply, it proves that the Server has been shut down normally, the client can also close the connection.

Note: when shaking hands and waving hands, the confirmation number should be the serial number of the other party plus 1. When transmitting data, it should be the serial number of the other party plus the length of the application layer data carried by the other party.

Problem of 6.

  1. Why three handshakes? Make sure both parties are sending and receiving normally
  2. Why do you need four waves? After sending data, both parties agree to disconnect
  3. Why wait? A sent it to BFINMay be lost
  4. Why shake hands three times, but wave hands four times? After receiving a FIN packet, the Server may not close the SOCKET immediately

                                                                                                                                

The Wireshark packet capture tool is installed

Wireshark download address https://www.wireshark.org/download.html

Note: Wireshark cannot capture native access to native services.

Wireshark error: Wireshark is not fully installed.



The Wireshark starts to capture packets

Three-way handshake



172.18.254.177 is the client. 111.13.2.158 is the server

1. Open it. SYN is sent, TCP is negotiated Window size, TCP MSS seq=0 Len =0 MSS=1460 win=65535 Maximum window size

The client is syn_sent

The server is syn_recv

2. Syn is received. Reply SYN ack seq=0 ACK =1=0+1 Confirm your Max win=14480 MSS=1460

The client is Established

The server is syn_recv

Ack seq=1 ACK =1=0+1 The handshake is established.

The client is Established

The server is Established

Four disconnect



1. Close the device and send the FIN. Seq=328

The server status is fin_WAIT1

The client status is closed_wait

Ack =329=328+1

The server status is fin_WAIT2

3. The client sends fin SEq =133

The client status is last_ACK

The status of the server is time_wait

Ack =134=133+1

The client is closed

The service end is closed

Packet ACK= Segment len+seq = SeQ of the next packet to be received



Figure 1



Figure 2



Figure 3

Segment len=1440 segment LEN =1440 segment LEN =1440

Seq =349 segment len=0 so the next ack=349+0=349.


If ack=349 in Figure 1 359, seQ =349 in Figure 2 350 ACK =2881 can be inferred from SEQ =2881 in Figure 3 361.

A full session refers to the communication between two different ports of two different IP addresses in the same transport protocol. If the IP address or port change belongs to different sessions, the SEQ and ACK are independent of each other without any association.

Win 65535: The window size is 65535 bytes. The window size refers to the number of bytes that the peer party can receive at the same time. The larger the network bandwidth, the larger the window, the larger the data that can be sent. The smaller the network bandwidth, the smaller the window, the smaller the data that can be sent. The HTTP protocol is 83 bytes. TCP segment len == HTTP len.