TCP is a protocol, this protocol is how to define, its data format is what kind of? To be deeper, you need to understand, even by the meaning of each field in the TCP protocol, oh, come on,
Is above the TCP protocol format of the head, because it is too important, is the basis of the understanding of other content, the following will each field information detail descriptions,
The Source Port and Destination Port: take up 16 respectively, represents the Source Port and Destination Port number; Used to distinguish between the different processes within the host, and is used to distinguish different host IP address, source port and destination port to cooperate on the source IP address and destination IP address of the IP header can only determine a TCP connection;
From TCP Sequence Number that is used to identify its origins to the TCP sending and receiving data byte stream, it said in the message section of the first data byte Sequence Number in the data stream; Is mainly used to solve the problem of network to random sequence;
Acknowledgment Number: 32 confirm the serial Number included send confirmation received expected at the end of the next Number, therefore, to confirm the serial Number should be the last time has been successfully received data byte serial Number plus 1, however, only when the flag bit in the ACK flag (described below) to 1 is valid this confirm the serial Number of the word, is mainly used to solve the problem of no packet loss.
Offset: first, the number of 32 bit word in need this value because of the length of the optional fields are variable, the field of bit 4 (up to 15 said 32 bit words, namely 4 * 15=60 bytes of the first length), so the TCP up to 60 byte first, however, no optional fields, normal length is 20 bytes;
TCP Flags: there are six indicators in the TCP header bits, several of them can be set to 1 at the same time, the state machine is mainly used to control the TCP, followed by URG, ACK, PSH, RST, SYN, FIN, the meaning of each sign bit is as follows:
URG: this mark means a TCP packet's emergency pointer field (behind soon said to) effectively, to ensure the TCP connection is not interrupted, and supervise and urge the middle tier equipment to deal with these data as soon as possible;
ACK: this mark means effective response domain, that is to say the above TCP reply will be included in the TCP packets; Has two values: 0 and 1, when 1 means effective response domain, instead of 0.
PSH: the sign said Push operation, a Push operation is refers to the packet arrived at the receiving end, immediately sent to the application, rather than a line in the buffer;
RST: the sign said connection reset request to reset the connection error, error are also used to reject and illegal packet;
SYN: synchronous serial number, which is used to establish connections, mark the SYN and ACK collocation is used, when the connection request, the SYN=1, ACK=0; Connection is response, SYN=1, ACK=1; The sign of packets are often used for port scanning, scanning is sending a SYN packet, only if the host response to a packet back, suggests that this host this port; But because this kind of scanning mode just for TCP three-way handshake shook hands for the first time, so the the success of the said machine of the scan is not very safe, a secure host will force a connection strictly the TCP three-way handshake;
FIN: said the sender has been achieved at the end of the data, that is, the data transfer is completed, both sides have no data can be transmitted, send FIN marks a TCP packet, connection will be disconnected, the sign of packets also is often used to undertake port scanning,
Window, the Window size, which is famous of sliding Window, used for flow control; This is a complicated problem, and this blog post will not be summarized;
Basic knowledge well, all ready, start the next leg of their journey,
Three-way handshake?
TCP is a connection-oriented, no matter which direction of the other party before sending data, must first establish a connection between both sides, in the TCP/IP protocol, TCP provides reliable connection service, a connection is initialized by the three-way handshake, three-way handshake is the purpose of synchronous connection of both serial number and confirmation number and exchange the TCP window size information, this is the interview often asked the TCP three-way handshake, only to understand the concept of the TCP three-way handshake, for you to get a job without any help, you need to understand some of the details of the TCP three-way handshake, see figure first talk,
How clear picture, of course, is not I, I also just came by to reference point,
First handshake: 1. The connection is established, the client sends a connection request message segment, to 1, the position of the SYN Sequence Number for x; Then, the client into SYN_SEND state, wait for the server to confirm;
2. The second handshake: server receives the SYN packet, the server received the client's SYN segment, need to confirm the SYN segment, set the Acknowledgment Number of x + 1 (the Sequence Number + 1); At the same time, their own will send SYN requests information, to 1, the position of the SYN Sequence Number to y; Server side put all of the above information in a message segment (SYN + ACK message section), and sent to the client, the server into SYN_RECV state;
3. The third handshake: the client receives the server's SYN + ACK message segment, and then the Acknowledgment Number is set to y + 1, the server sends an ACK message, the message segment is sent, the client and server side into the ESTABLISHED state, complete the TCP three-way handshake,
Completed the three handshake, client and server can begin to transmit data, the above is the general introduction of the TCP three-way handshake,
Break up the four times?
When the client and the server through the three-way handshake to establish a TCP connection, when the data is transferred, affirmation is to disconnect the TCP connection, the disconnected for TCP, here is the mysterious "break up" four times,
1. The first break up: host 1 (can make the client, the server), set the Sequence Number and Acknowledgment Number, send a FIN to host 2 message segment; At this point, the host 1 into FIN_WAIT_1 state; This means that host 1 no data to be sent to the host 2;
2. The second split: host 2 received the FIN host 1 send message segment, an ACK packet section back to the host 1, Acknowledgment Number for Sequence Number 1; Host 1 into FIN_WAIT_2 state; Host 2 tell the host 1, I also have no data to be sent, to close the connection;
3. The third time break up: host 2 send FIN a message to the host 1 section, request to close the connection, at the same time, the host 2 into CLOSE_WAIT state;
4. The fourth break up: host 1 received host 2 send FIN message segment, send an ACK packet to the host 2 section, and then the host 1 into the TIME_WAIT state; Host 2 after receiving host 1 ACK message section, close the connection; At this point, the host 1 waiting for 2 after MSL is still not received a reply, is that the Server end have been normally closed, that good, host 1 also can close the connection,
So far, four TCP break up so happy completed, when you see here, your mind will have a lot of questions, many do not understand, feel very messy; That's ok, we continue to summarize,
Why do you want to shake hands three times?
Since summarizes the TCP three-way handshake, that why three times? What do you think can be finished twice, why the TCP connection for three times? In the "computer network" Xie Xiren it this way:
To prevent the connection request failed message segment suddenly and transmitted to the server, thus errors,
In the book, at the same time a example, is as follows:
Connection request message of "failed" in such a case: the first connection request from the client message segment is not lost,
But in a network node of stranded for a long time, so that delay to the server connection release after a certain time to arrive, originally this is a
A failure message segment already, but the server received after the failure of the connection request message segment, was mistaken for a client again issued a new
The connection request, and then send a confirmation message to the client, agreed to establish a connection, do not use "three-way handshake" hypothesis, so as long as the server
Send confirmation, a new connection is established, because now the client did not send a connection request, so you don't ignore that a server,
Also can't send the data to the server, but thought that new transport server connection has been established, and has been waiting for the client from the data, in this way,
Many server resources waste, using "three-way handshake" on the way to prevent the above phenomenon occurs, just that kind of situation, for example,
Confirmation from client to server, the server due to not receive confirmation, just know that the client does not require a connection, "
It is understood that prevents the server-side wait and waste of resources,
Why do you want to break up four times?
And the four times and why break up? TCP is a connection-oriented, reliable, based on the transport layer protocol byte streams, TCP is full duplex mode, this means that, when the host 1 a FIN message segment, saying only that host 1 has no data to send, tell the host 2 host 1, all its data has been sent out; However, when the host 1 or can accept data from the host 2; When the host 2 returns an ACK message segment, says it has already know host 1 no data is sent, but the host 2 is can send data to host 1; When host 2 also send the FIN message segment, this time it means the host 2 is no data to send, will tell the host 1, and I also have no data to send, after each other will interrupt the TCP connection, if you want to break up the correct understanding of four principle, you need to understand four times the change of state in the process of break up,
FIN_WAIT_1: this state to explain well, in fact FIN_WAIT_1 and the real meaning of FIN_WAIT_2 state are said to be the other side of the FIN packet, and that is the difference between the two states: FIN_WAIT_1 state is, in fact, when the SOCKET in the ESTABLISHED state, when it wants to take the initiative to close the connection, send the FIN a message to the other party, at the moment the SOCKET into FIN_WAIT_1 state, when the response ACK newspaper article, it is to enter FIN_WAIT_2 state, of course in the actual under normal circumstances, no matter what kind of circumstances, each other should be immediately respond to an ACK packet, so FIN_WAIT_1 state is generally difficult to see, while FIN_WAIT_2 state and often can see, using netstat (active)
FIN_WAIT_2: it has been explained in detail in this state, actually FIN_WAIT_2 state of the SOCKET, said half a connection, that there is a request for the close connection, but also tell each other, I am still have some data need to send your information (ACK), close the connection later, (active)
CLOSE_WAIT: the meaning of this state is actually said waiting for close, how do you understand? When each other close a SOCKET after send FIN message to yourself, your system will no doubt in response to an ACK message to each other, at this time, enter the CLOSE_WAIT state, then, in fact you really need to consider the thing is to see whether you have the data sent to the other party, if not, then you can close the SOCKET send FIN a message to the other party, which is close connection, so you in CLOSE_WAIT state, need to do is wait for you to close the connection, (passive)
LAST_ACK: this state is relatively easy to understand, it is passive close one side after sending FIN message, finally wait for each other's ACK, when receives an ACK packet, which can enter the CLOSED state, available (passive)
TIME_WAIT: said received the FIN of the other message, and send the ACK packet, and 2 back to CLOSED after MSL available, if FINWAIT1 state, received each other at the same time with FIN marks and ACK message, can be directly into the TIME_WAIT state, and shall cover FIN_WAIT_2 state.it (active)
nullnullnullnullnullnullnullnullnull