Home > Article > Operation and Maintenance > Detailed explanation of TCP's three-way handshake and four-way wave
1. TCP (Transmission Control Protocol)
TCP is connection-oriented. A reliable process-to-process communication protocol
TCP provides full-duplex service, that is, data can be transmitted in both directions at the same time
2. TCP segment (encapsulation) In IP datagram)
1, port number
1) Source port number: the port number corresponding to the sender process , the function of the source IP and port is to mark the return address of the message.
2) Target port number: Corresponds to the process of the receiving end. After the receiving end receives the data segment, it maps the data to the application interface based on this port.
Note: The source port number and destination port number in the TCP header are the same as the source IP and destination IP in the IP datagram to uniquely determine a TCP connection.
2. Sequence number: The sending end numbers each byte to facilitate correct reassembly by the receiving end.
3. Confirmation number: used to confirm the information from the sender.
4. Control bits
1) URG: Emergency pointer valid bit.
2) ACK: Confirm sequence number bit. When this bit is 1, it is used to confirm the sender's data.
3) PSH: When the flag bit is 1, the receiving amplifier is required to deliver the data end to the application layer as soon as possible.
4) RST: Re-establish the TCP connection when it is 1
5) SYN: Synchronization sequence number bit, set this value to 1 when TCP needs to establish a connection
6) FIN: When TCP disconnects Set this position to 1
5. Window value: Used to indicate the number of locally receivable data segments. The window size is variable. This controls the rate at which the sending end sends data, thereby achieving flow control.
6. Checksum: used for error control
7. Emergency pointer: The emergency pointer is valid only when the URG flag is set to 1.
8. Options: 40 bytes of optional information located in the TCP header. The most common optional field is the longest message size.
Note: The more important of the 8 fields are the port number, sequence number, confirmation sequence number, and the three control bits of ACK, SYN, and FIN.
3. TCP three-way handshake (packet capture analysis through wireshark)
##PC1 is For a real machine, PC2 is a virtual machine CentOS. PC1 and PC2 are bound to the same virtual network card VNet8. The IP address of PC1 is 192.168.90.10 and the IP address of PC2 is 192.168.90.40. Build the account website on CentOS in advance, PC1 accesses PC2, and then uses the packet capture tool to capture TCP reports, as shown below: 1. First handshake As shown above, through the packet capture tool, it is found that the source address (source) is 192.168.90.10, the source port number (source port) is 55604, the destination address (destination) is 192.168.168.90.40, and the destination port number (destination port) is 80. The initial sequence number (sequence number) and the confirmation sequence number (acknowledgment number) are both 0. In the first handshake, PC1 uses a random port number to send a connection establishment request to port 80 of PC2. The most typical representation of this process is that the SYN control bit of TCP is 1 and the other five control bits are all 0. 2. The second handshake As shown above, the second handshake, the source address, port number, destination address and port are the same as the first handshake Instead, the initial sequence number is 0, the acknowledgment sequence number is 1, and both ACK and SYN in the control bits are 1. The second handshake is actually completed in two parts:1) PC2 receives the request from PC1 and replies with a confirmation message to PC1. The sign of this process is that the TCP ACK control bit is 1 and the other five control bits are all 0. , and confirm that the serial number is the initial serial number of PC1 plus 1.
2) PC2 also sends a request to establish a connection to PC1. The flags of this process are the same as the first handshake. The SYN control bit of TCP is 1 and the other five control bits are all 0.
4. Four waves of TCP connection termination
At this time, PC1 is CentOS, and the corresponding IP address is 192.168.90.40. PC2 is a real machine, and the corresponding IP address is 192.168.90.10. Analyze his disconnection by capturing packets. The process is as follows:
1. Wave for the first time
PC1 (server) sends FIN and ACK bits of 1 to PC2 client TCP segment.
2. Wave for the second time
PC2 client returns a TCP segment with an ACK bit of 1 to the PC1 server.
3. Wave for the third time
PC2 client sends a TCP segment with FIN and ACK bits of 1 to PC1 server.
4. Wave for the fourth time
The PC1 server returns a TCP segment with an ACK bit of 1 to the PC2 client, completing the connection termination.
5. The semi-closed concept of TCP four waves (the TCP side stops sending data but can receive it)
1) PC2 client FIN message segment, semi-closed the connection, PC1 server Send ACK segment and receive half-closed.
2) The PC1 server continues to send data, while the PC2 client only sends ACK confirmation and no longer sends any data.
3) When the PC1 server has sent all the data, it sends a FIN segment, and the PC2 client sends an ACK segment, thus closing the TCP connection.
The above is the detailed content of Detailed explanation of TCP's three-way handshake and four-way wave. For more information, please follow other related articles on the PHP Chinese website!