Original article from the public account: “code nongfu brother”, if need to be reproduced, please indicate the source! Article if you have harvest, can collect forward! In addition, you can follow my public account “code nongfuge”, I will continue to output database, architecture, computer based original articles

TCP Protocol Description

TCP provides connection-oriented transmission. Connection-oriented transmission means that a connection must be established before data transmission and released after data transmission is complete.

Before either party can send data to the other, a connection must be established between the two parties. In TCP/IP, TCP provides a reliable connection service that is initialized with a three-way handshake. At the same time, TCP is a connection-oriented, reliable, byte stream based transport layer communication protocol. TCP is in full duplex mode, so it needs four times to close the connection.

TCP packet header

The packet transmitted over the network consists of two parts: one is the header used by the protocol, and the other is the data transmitted from the previous layer. The structure of the header is defined in detail by the protocol specification. At the beginning of the packet, it clearly states how the protocol should read the data. On the other hand, by looking at the header, you can see the information necessary for the protocol and the data to be processed. The front of the package is like the face of the agreement.

So before we learn TCP protocol, first of all to know TCP in the network transmission in which position, and its protocol specification, we look at the TCP head of the network transmission to play a role:

Network data transmission process

The following figure is a canonical definition of the TCP header, which defines how the TCP protocol reads and parses data:

The TCP header

The TCP header carries the information required by the TCP protocol, and we will analyze it below:

  • TCP port number A TCP connection requires four elements to determine a unique connection: (Source IP address, source port number) + (destination IP address, destination port number) Therefore, the TCP header reserves two 16-bits as the storage port number, and the IP address is transmitted by the IP protocol of the upper layer. The source port number and destination port account for 16 bits and two bytes each. That is, the port range is 2^16=65535. The following 1024 is reserved by the system. The range from 1024 to 65535 is used by users

  • TCP serial number and confirmation number: 32-bit seQ: Sequence number SeQ: Indicates the Sequence number of each byte of the byte stream in a certain transmission direction during TCP communication. This Sequence number is used to confirm the order of the sent data. For example, if 1000 is sent, the next Sequence number is 2000. 32 bit ACK: Acknowledge Number Abbreviation ACK, a TCP acknowledgement of the previous SEQ sequence number. It is used to respond to a TCP packet segment by adding one to the sequence number of the received TCP packet segment.

  • TCP flag bits Each TCP segment has a purpose, determined with the help of the TCP flag bit option, which allows the sender or receiver to specify which flags should be used so that the segment is properly processed by the other end. The most widely used flags are SYN, ACK, and FIN to establish a connection, confirm a successful segment transfer, and finally terminate the connection.

  1. SYN: abbreviated toS, synchronization flag bit, used to establish a session connection, synchronization serial number;
  2. ACK: abbreviated to., confirm the flag bit to confirm the received data packets;
  3. FIN: abbreviated toF, indicating that I have no data to send and will close the connection.
  4. PSH: for shortP, indicating that the data packet should be sent to the upper-layer application immediately after being received by the peer party, instead of queuing in the buffer.
  5. RST: For shortR, reset flag bit, used for connection reset, reject error and invalid packets;
  6. URG: for shortU, emergency flag bit, indicating that the emergency pointer field of packets is valid, which is used to ensure that the connection is not blocked and urge the intermediate device to process as soon as possible.

TCP Three-way handshake establishes a connection

Three-way Handshake Sets up a TCP connection with Three packets sent by the client and server.

The purpose of the three-way handshake is to connect to a specified port on the server, establish a TCP connection, synchronize the serial number and confirmation number of the two connected parties, and exchange TCP window size information. In socket programming, when the client executes connect(). Three handshakes will trigger.

A diagram of the three-way handshake process is shown below:

Three handshakes establish a connection

  • First handshake: The client sets the TCP packet flag bit SYN to 1 and randomly generates a Sequence Number value seq=J, which is stored in the Sequence Number field of the TCP header to specify the port of the server to which the client intends to connect, and then sends the packet to the server. After the packet is sent, The client enters the SYN_SENT state and waits for confirmation from the server.

  • Second handshake: After receiving the packet, the server knows that the client requests to establish a connection through the flag bit SYN=1. The server sets the flag bit SYN and ACK of TCP packets to 1, ACK =J+1, randomly generates a serial number value seq=K, and sends the packet to the client to confirm the connection request. The server enters the SYN_RCVD state.

  • Third handshake: After receiving the confirmation, the client checks whether the ACK is J+1 and ACK is 1. If yes, the client sets the flag ACK bit to 1, ACK =K+1, and sends the packet to the server. The server checks whether the ACK is K+1 and ACK is 1. The client and server enter the ESTABLISHED state and complete the three-way handshake. Data can then be transferred between the client and server.

Note: The ack and ack we wrote above are not the same concept:

  • The lowercase ACK indicates the Acknowledge number in the header. Acknowledge Number (ACK =seq+1) indicates the acknowledgement number of the previous packet.
  • The uppercase ACK is the flag bit of the TCP header. It is used to indicate whether the TCP packet has confirmed the previous packet. If yes, the ACK flag bit is set to 1.

Tcpdump Tcpdump Tcpdump Tcpdump Tcpdump Tcpdump Tcpdump Tcpdump Tcpdump Tcpdump

sudo tcpdump -n -t -S -i enp0s3  port 80 



For the first handshake, Flags=S

IP 10.02.2.51323. > 10.02.15.80.: Flags [S], seq 84689409, win 65535, options [mss 1460], length 0

For second handshake, Flags=[S.]

IP 10.02.15.80. > 10.02.2.51323.: Flags [S.], seq 1893430205, ack 84689410, win 64240, options [mss 1460], length 0

For the third handshake, Flags=[.]

IP 10.02.2.51323. > 10.02.15.80.: Flags [.], ack 1893430206, win 65535, length 0

After the connection is established, the client sends an HTTP request

IP 10.02.2.51321. > 10.02.15.80.: Flags [P.], seq 1:753, ack 1, win 65535, length 752: HTTP: GET / HTTP/1.1

Copy the code

-t: indicates that the time is not displayed. -s: indicates that the SERIAL number uses an absolute value. If -s is not specified, the serial number uses a relative value. Set the listening port to 80 host: specifies the listening host name

Let’s take a look at the TCP three-way handshake in action:

  • For the first handshake, port 51323 of the client initiates a connection to port 80 of the server. In this case, flags=S, that is, SYN=1, indicates that the client initiates a connection request to the server and generates the serial number SEQ =84689409
  • For the second handshake, the server flags=[S.], that is, the SYN+ACK flag bit is set to 1, indicating that the packet that requested the last connection is acknowledged. At the same time, the ACK = SEq +1=184689410 is set, and the sequence number seq=1893430205 is generated
  • For the third handshake, the client confirms the response from the server. Therefore, the flag bit is [.], that is, ACK=1, and the acknowledgement number of the seQ of the previous packet is returned, ACK= 1893430206

At this point, the three-way handshake is complete, a TCP connection is established, and it’s time for the two-way data transfer

Why three handshakes?

We assume that the segment of the first connection request packet sent by the client is not lost, but is detained at a network node for a long time, so that it is delayed to reach the server at a certain time after the connection is released.

Originally, this is an invalid packet segment. However, after the server receives the invalid connection request packet segment, it mistakenly thinks it is a new connection request sent by the client. Then the client sends a confirmation message to agree to establish a connection.

Assuming that the “three-way handshake” is not used, a new connection is established as soon as the server sends an acknowledgement. Since the client does not send a connection request, it ignores the server’s confirmation and does not send data to the server. However, the server assumes that the new transport connection has been established and waits for data from the client. As a result, many of the server’s resources are wasted.

Therefore, the “three handshakes” method can prevent the above phenomenon. For example, the client does not issue an acknowledgement to the server’s acknowledgement. Since the server receives no acknowledgement, it knows that the client has not requested a connection.

The TCP three-way handshake is very similar to a real-life person-to-person phone call:

Three handshakes: “Hello, can you hear me?” “I can hear you, can you hear me? “I can hear you, balabala today…”

After three times of mutual confirmation, people will think that the other party can hear them and they are willing to communicate with each other. Otherwise, the dialogue may not be normal.

TCP waves four times to close the connection

To terminate a TCP connection, the client and server need to send a total of four packets to confirm the disconnection. In socket programming, this process is triggered by either the client or the server executing a close. A TCP connection is full-duplex. Therefore, each direction must be closed separately. After completing the data transmission task, one party sends a FIN to terminate the connection in this direction. However, data can still be sent on this TCP connection until a FIN is also sent in that direction. The party that closes first performs an active shutdown, while the other party performs a passive shutdown.

A schematic diagram of the four-wave process is shown below:

Four waves close the connection

The wave request can be initiated by the Client side or the Server side, we assume that the Client side initiated:

  • First wave: The Client initiates a wave request and sends a FIN packet to the Server. Set the sequence number to SEQ. In this case, the Client accesses the packetFIN_WAIT_1State, which indicates that the Client has no data to send to the Server.
  • Second breakup: The Server receives the FIN packet from the Client and returns an ACK packet with the ACK bit set to SEQ plus 1. The Client accesses the FIN packetFIN_WAIT_2Status, the Server tells the Client, I confirm and agree to your shutdown request.
  • Breaking up for the third time: The Server sends a FIN packet to the Client to close the connection, and the Client accesses the packetLAST_ACKState.
  • Breaking up for the fourth time: The Client receives the FIN packet from the Server and sends an ACK packet to the Server. Then the Client accesses the FIN packetTIME_WAITState. After receiving the ACK packet from the Client, the Server closes the connection. At this point, the Client waits2MSLIf no reply is received from the Client, the Server is closed.

Why is there a three-way handshake when you connect and a four-way handshake when you close?

After receiving a SYN request packet from the Client, the Server sends a SYN+ACK packet. ACK packets are used for reply, and SYN packets are used for synchronization. So it only takes three handshakes to establish a connection.

Because TCP is a connection-oriented, reliable, byte stream based transport-layer communication protocol, TCP is in full duplex mode. This means that when the Client sends a FIN packet segment to close the connection, the Client only notifies the Server that the data has been sent. After receiving a FIN packet, the Server returns an ACK packet, indicating that it knows that no data is being sent from the Client. However, the Server can still send data to the Client. Therefore, the Server may not close the SOCKET immediately until the Server finishes sending data. When the Server also sends a FIN packet segment, the Server also has no data to send. The Server tells the Client that it has no data to send, and the TCP connection is happily interrupted.

Why wait for 2MSL?

MSL: The maximum lifetime of a packet segment, which is the maximum time that any packet segment is in the network before being discarded. There are two reasons:

  • First, ensure that TCP full-duplex connections can be closed reliably:

    If the Server does not receive the ACK packet from the Client due to IP protocol unreliability or other network reasons, the Server sends the FIN packet again after the TIMEOUT. If the connection to the Client is closed, the Server sends the FIN packet againCLOESDThe FIN cannot find the connection. As a result, the connection is deranged. Therefore, the Client cannot directly enter the connection after sending the final ACKCLOSEDState, but to maintainTIME_WAITWhen the FIN receives the PACKET again, it can ensure that the FIN receives an ACK and closes the connection.
  • The second point is to ensure that the duplicate data segment of this connection is removed from the network

    If the Client sends the last ACK, it enters directlyCLOSEDState, and then initiate a new connection to the Server. At this time, the port number of the new connection cannot be guaranteed to be different from that of the just closed connection, that is, the port number of the new connection and the old connection may be the same, then the problem may occur: If some data from the previous connection is retained on the network, the delayed data reaches the Client after a new connection is established. Because the port numbers and IP addresses of the new and old connections are the same, THE TCP protocol considers the delayed data to belong to the new connection, and the new connection receives dirty data, resulting in packet confusion. Therefore, the TCP connection needs to wait twice MSL in TIME_WAIT state to ensure that all data of this connection disappears in the network.

The last

Article if you have harvest, can collect forward! In addition, you can follow my public account “code nongfuge”, I will continue to output database, architecture, computer based original articles

Free access to graphic TCP/IP, hundreds of millions of large website architecture, Linux, HTTP, MySQL high performance e-books

Scan code to pay attention to me: code farmer rich brother