First, the TCP connection
The process of sending and returning data between client and server needs to create something called TCP Connection;
Because TCP does not exist the concept of connection, only exist request and response, request and response are packets, between them are created by TCP from a client initiated, the server received similar connection channel, the connection can always be maintained, HTTP request is sent on the basis of this connection;
Multiple HTTP requests can be sent over a TCP connection, and this pattern varies with different versions.
In HTTP/1.0, this TCP connection is created synchronously when the HTTP request is created. When the HTTP request is sent to the server, the server responds, and the TCP connection is closed. HTTP/1.1 can somehow state that the connection is always maintained, and that after one request is transmitted, another request can be transmitted. The advantage of this is that during the creation of a TCP connection, the consumption of “three-way handshake” is required. “three-way handshake” represents three network transfers. If the TCP connection remains, the second request is sent without the consumption of this “three-way handshake.” HTTP requests can also be sent concurrently within the same TCP connection in HTTP/2.
2. Introduction to TCP packet formats
Among them, the more important fields are:
Sequence number: Seq sequence number, consisting of 32 bits, which identifies the byte stream sent from the TCP source to the TCP destination and is marked when the initiator sends data.
(2) Acknowledgement number: Ack number, accounting for 32 bits. Only when the Ack flag bit is 1, the acknowledgement number field is valid. Ack=Seq+1.
(3) Flags: 6 Flags, including URG, ACK, PSH, RST, SYN, AND FIN. The meanings are as follows:
- URG: Urgent Pointer is valid.
- ACK: Confirms that the serial number is valid.
- PSH: The receiver should send the packet to the application layer as soon as possible.
- RST: resets the connection.
- SYN: Initiates a new connection.
- FIN: Releases a connection.
Note that:
- Do not confuse the acknowledgement sequence Ack with the Ack in the flag bit.
- Ack of the confirming party = Seq+1 of the initiating party.
TCP three-way Handshake
1. Three handshakes
The so-called three-way handshake is the establishment of a TCP connection. The connection must be actively opened by one party and passively opened by the other.
The following is a diagram of the client initiating the connection:
The client that actively opens the connection before the handshake ends the CLOSED phase. The server that passively opens the connection also ends the CLOSED phase and enters the LISTEN phase. Then begin the “three handshakes” :
(1) The client sends a TCP packet to the server. The flag bit is SYN, indicating that a new connection is requested. The serial number is Seq=X (X is generally 1); The client then enters the SYN-sent phase.
(2) After receiving the TCP packet from the client, the server ends the LISTEN phase. A TCP packet is returned with the following flag bits: SYN and ACK, indicating that “Confirm that the Seq number of the packet sent by the client is valid and the server can normally receive the data sent by the client and agrees to create a new connection” (that is, tell the client that the server has received your data). The serial number is Seq=y; If the Ack number is Ack= X +1, it indicates that it receives the serial number Seq from the client and adds 1 to the value as its Ack number. Then the server enters the SYN-RCVD phase.
(3) After receiving the TCP packet from the server, the client confirms that the data transmission from the client to the server is normal. The SYN-sent phase is ended. And returns the last TCP packet. Where: the flag bit is ACK, which means “confirm receipt of the signal that the server agrees to connect” (that is, tell the server, I know you have received the data I sent); Seq= X +1 indicates that it receives the Ack number from the server and uses the Ack number as its serial number. If the Ack number is Ack= Y +1, it indicates that the server receives Seq and adds 1 to it as its Ack number. The client then enters the ESTABLISHED phase.
After the server receives the TCP packet confirming the receipt of server data from the client, the data transmission from the server to the client is normal. The SYN-sent phase is ended and the ESTABLISHED phase is displayed.
In TCP packets transmitted by the client and server, the Ack and Seq numbers of both sides are calculated based on the Ack and Seq values of each other. This ensures the consistency of TCP packet transmission. If TCP packets sent by one party are lost, the handshake cannot be continued, ensuring the smooth completion of the three-way handshake.
After that, data is normally transmitted between the client and server. This is the “three-way handshake” process.
2. The dynamic process of “three-way handshake”
3. Popular understanding of the “three handshakes.
For example: compare the client to a boy and the server to a girl. Use their interactions to illustrate the “three handshakes” process:
- The boy liked the girl, so he wrote a letter to the girl: I love you, please come with me. ; After writing the letter, the boy waited anxiously because he did not know if the letter would reach the girl smoothly.
- After the girl received the boy’s love letter, she was elated. It turned out that we were two lovers. So to the boy wrote a reply: I received your love letter, also understand your mind, in fact, I also like you! I want to date you! ; After writing the letter, the girl also waited anxiously, because she did not know whether the reply could be smoothly conveyed to the boy.
- (3) The boy was very happy after receiving the letter, because the girl had received the love letter, and he knew from the letter that the girl liked him and was willing to have a relationship with him. Then the boy wrote a letter to the girl: I have received your letter, thank you, and I love you!
After the girl received the boy’s reply, she was also very happy, because the boy had received the love letter. Both boys and girls know each other’s intentions, and then they communicate happily
This is the popular version of the “three handshakes”, during which three letters are exchanged, known as the “three handshakes”, to confirm that the data transmission channel in both directions is normal.
4. Why the third handshake?
An error is generated to prevent the server from opening some useless connections and increasing server overhead, and to prevent the invalid connection request message segment from suddenly being sent to the server.
Because network traffic is delayed (through network fiber and various intermediate proxy servers), during transmission, for example, a client initiates a SYN=1 request to create a connection (first handshake). If the server creates the connection and returns a packet containing SYN, ACK, and Seq to the client, the packet is lost due to network transmission, and the client never receives the packet returned by the server. The client may set a timeout period and then close the connection creation request. The server does not know whether the client has received the message from the server if there is no third handshake to tell the server that the client received the data transferred to the server.
This process can be understood as:
Instead of giving the server a request to create or close the connection port, the server port stays open until the client reissues the request due to timeout and the server reopens a port connection. The last port on the server that did not receive the request data will remain open, and over time, such a large number of ports will cause a serious waste of server-side overhead.
Another case is that the request information sent by the invalid client is transmitted to the server for some reason. The server thinks it is a valid request sent by the client, and an error occurs after receiving it.
Therefore, we need a “third handshake” to confirm the process, so that the client and the server can detect the failure of connection creation due to network problems in time, so that the server port can be closed without waiting forever.
The “third handshake” is the data sent by the client to the server. This data is to tell the server whether the client received the data sent by the server during the “second handshake”. If the message is received, the server establishes a TCP connection. Otherwise, the TCP connection fails to be established and the server closes the connection port. This reduces server overhead and errors that occur when invalid requests are received.
5. Verify packet capture
Here are some packets caught with the packet capture tool to analyze the TCP three-way handshake:
The figure shows the complete “three-way handshake” of a TCP connection. In 52528 -> 80, 52528 is the local (client) port and 80 is the server port. The three back and forth between port 80 and port 52528 is the “three-way handshake”.
- The TCP packet sent by the First Handshake client uses [SYN] as the flag bit and the serial number of the client is Seq=0.
- In the second handshake, the TCP packet returned by the server uses [SYN, ACK] as the flag bit. The serial number of the server is Seq=0. Ack=1(the value of the client serial number Seq in First Handshake +1);
- In the third handshake, the client sends a TCP packet to the server with [ACK] as the flag bit. The client serial number Seq=1 (the Ack number of the server in Second Handshake). Ack=1(Seq +1 in Second Handshake). This completes the “three-way handshake” process, consistent with the results of the previous analysis.
4, TCP four-way Wavehand
The foreword 0.
We’re all familiar with the “three-way handshake” because it’s relatively simple. But we don’t often hear about the quadruple wave, and even if we do, we don’t necessarily know exactly how it works. Here is a detailed, intuitive, complete introduction to the “four wave” process.
1. Four waves of the Hand
The so-called quad wave is the release (disconnection) of the TCP connection. The connection must be released actively on one side and passively on the other. The following is a diagram of the client initiating the release of the connection:
End the ESTABLISHED phase before actively releasing the connection to the client. Then began the “four waves” :
(1) The client wants to release the connection and sends a TCP packet to the server, in which:
The flag bit is FIN, indicating that the connection is requested to be released.
Serial number: Seq=U;
The client then enters the Fin-WaIT-1 phase, which is the half-closed phase. And stops sending data up from the client to the server, but the client can still receive data from the server.
Note: This does not send the data that was transmitted during normal connection (not the acknowledgement packet), not all data, so the client can still send the ACK acknowledgement packet.
(2) After receiving the TCP packet from the client, the server confirms that the client wants to release the connection. Then the server ends the ESTABLISHED phase, enters the close-wait phase (half-closed state), and returns a TCP packet, in which:
The flag bit is ACK, indicating that the request to release the connection sent by the client has been received.
Serial number: Seq=V;
The Ack number is U+1, indicating that after receiving the packet from the client, the Seq value is added to 1 as the Ack number of this packet.
The server then prepares to release the connection from the server side to the client side.
After receiving the TCP packet from the server, the client confirms that the server receives the connection release request from the client. Then the client ends fin-WaIT-1 phase and enters Fin-WaIT-2 phase
The first “two waves” let the server know that the client wants to release the connection, and also let the client know that the server knows about its request to release the connection. You are now ready to close the connection from the client to the server side
(3) After sending the ACK packet, the server is ready to release the connection from the server to the client in the closed-wait phase, and sends a TCP packet to the client again, in which:
The flag bit is FIN, ACK, which means “ready to release the connection.” Note: An ACK is not an acknowledgement of receiving a server packet.
Serial number: Seq=W;
The confirmation number is Ack=U+1. The value of Seq plus 1 is the Ack number of the received packet.
Then the server ends the close-wait phase and enters the last-ACK phase. And stops sending data from the server to the client, but the server can still receive data from the client.
(4) The client receives a TCP packet from the server, confirming that the server is ready to release the connection, terminates the FIN-WaIT-2 phase, enters the time-WAIT phase, and sends the following packet to the server:
The flag bit is ACK, indicating that a signal has been received that the server is ready to release the connection.
Serial number: Seq=U+1; Indicates that the Ack number of the received server packet is used as the sequence number of this packet.
The confirmation number is Ack=W+1. The value of Seq is used as the confirmation number of the packet.
The client then begins to WAIT for 2MSL in the time-wait phase
Why should the client wait for 2MSL? See later in this article.
After receiving the TCP packet from the client, the server ends the last-ACK phase and enters the CLOSED phase. This officially confirms closing the connection from the server side to the client side.
After 2MSL, the client completes the time-wait phase and enters the CLOSED phase, thus completing the “four waves”.
The latter “two waves” let the client know that the server is ready to release the connection, and also let the server know that the client is ready to release the connection. You can then confirm that the connection from the server side to the client side is closed, thus completing the “four waves”.
Like the “three waves”, the client and server side in the transmission of TCP packets, both sides of the confirmation number Ack and serial number of the Seq values, are all in each other Ack and Seq values calculated on the basis of, doing this ensures the continuity of the TCP packet transmission, once appear, one side of the TCP packet loss, cannot continue to “wave”, This ensures the smooth completion of the four waves.
2. The “four waves” dynamic
3. Popular understanding of “four waves.
For example: compare the client to a boy and the server to a girl. Illustrate the “four waves” process through their breakup.
-
“First wave” : after a long time, the boy found that the girl had become a person he hated, so he decided to break up, and then wrote a letter to tell the girl.
-
“Second wave” : after the girl received the letter, knew that the boy wanted to break up with himself, burning with anger, in the heart of the dark scold: what are you, at the beginning you are not like this! So immediately to the boy wrote a reply: break up on break up, give me some time, I will put your things in order, all back to you!
After receiving the girl’s first letter, the boy realized that the girl knew he was going to break up with her. Then she waited for the girl to put her things away.
-
“Third wave” : after a few days, the girl sorted out the things the boy had sent, so she wrote to the boy again: I sorted out your things, take them away quickly, from now on you and I will be severed from friendship!
-
“Fourth wave” : after the boy received the girl’s second letter, he knew that the girl had packed up her things and could formally break up, so he wrote to the girl again and told her: I know, I’m going to get it back!
Both sides have their own arguments here.
- Since the girl sent the second letter, the limit of one day can not receive the boy’s reply, will send a letter to urge the boy to get things!
- The boy thought that the girl had received his second letter if he did not receive the girl’s letter again within two days. If you receive a letter from the girl again within two days, you will think that your second letter has not been received by the girl and need to write a letter again, and wait for another two days…..
If both parties can receive regular letters, it only takes at least four letters to break up completely! This is called “Four waves”.
4. Why “shake hands” three times and “wave hands” four times?
The three-way handshake is required for establishing a TCP connection because the TCP packet sent from the server to the client uses SYN and ACK as flag bits during the second handshake. SYN: Indicates that the server agrees to establish a connection. An ACK message informs the client that the server has received its request packet.
That is, SYN connection establishment packets and ACK acknowledgement packets are transmitted in the same handshake. Therefore, the three-way handshake is neither more nor less, ensuring that the two parties can communicate with each other.
TCP requires four waves to release a connection because the FIN release packet and ACK acknowledge packet are transmitted by the second and third waves, respectively. Why are connections made together and released separately?
- When establishing a connection, the passive server completes the CLOSED phase and enters the Handshake phase without any preparation. It can directly return SYN and ACK packets to start establishing a connection.
- When releasing a connection, the passive server receives a request from the active client to release the connection but cannot release the connection immediately because necessary data needs to be processed. Therefore, the server sends an ACK message to confirm receipt of the packet and then returns a FIN packet to release the connection after the close-wait phase is complete.
So “three handshakes”, “four waves”.
5. Why does the client WAIT for 2MSL in time-wait?
To check whether the server receives an ACK packet from the client
When the client sends the final ACK packet, it is not certain that the server can receive the ACK packet. Therefore, after the client sends the ACK acknowledgement packet, it sets a timer for 2MSL. MSL indicates the Maximum Segment Lifetime. 2MSL indicates the maximum duration for FIN packets sent by the server and ACK packets sent by the client to remain valid.
If the server does not receive an ACK packet from the client within 1MSL, it sends a FIN packet to the client again.
- If the client receives a FIN packet from the server within 2MSL, the server does not receive the ACK packet from the client for various reasons. The client sends an ACK message to the server again, and the timer is reset to restart the timing of 2MSL.
- Otherwise, the client does not receive a FIN packet from the server within 2MSL. If the server receives an ACK packet, the client can enter the CLOSED phase and complete the “four wave”.
Therefore, the client undergoes a time-wait phase of 2SML; This is why clients enter the CLOSED phase later than servers
6. Verify packet capture
The figure shows the complete “four wave” process of TCP connection release. In 80 -> 55389, assume that 80 is the local (client) port and 55389 is the server port. The four back and forth between port 80 and 55389 is the “quadruple wave” process.
- The FIN request packet sent by the first Wave client uses [FIN, ACK] as the flag bit, and the packet serial number is Seq=2445. Confirmation number Ack=558;
Note: The ACK with “handshake for the third time” is not an acknowledgement ACK packet.
- The ACK packet returned by the “Second Wave” server uses [ACK] as the flag bit. Seq=558; Confirmation number Ack=2246;
- “Third wave” The FIN that continues to return from the server agrees to release the connection packet with [FIN, ACK] as the flag bit. Seq=558; Confirmation number Ack=2246;
- The ACK packet sent by the “fourth Wave” client uses [ACK] as the flag bit. Seq=2446; Confirmation number Ack=559;
The serial number Seq value in the subsequent wave transmission packet is equal to the Ack value in the previous handshake transmission packet.
The Ack number in the subsequent wave transmission packet is equal to the Seq number in the previous handshake transmission packet.
Therefore, this is a continuous “four wave” process, which is consistent with the previous analysis.