What is TCP / IP protocol? What does TCP’s three handshakes mean? Why do you have to shake hands three times instead of four or two?

This is the back-end small class of the monastery. Each article is shared from

[background introduction] [knowledge analysis] [common problems] [solutions] [coding practice] [extended thinking] [more discussion] [References]

Eight aspects of in-depth analysis of back-end knowledge / skills. This article shares:

[what is TCP / IP protocol? What does TCP's three handshakes mean? Why do you have to shake hands three times instead of four or two times?]

title:

[Java class of Xiuzhen academy] what is TCP / IP protocol? What does TCP's three handshakes mean? Why do you have to shake hands three times instead of four or two?

Hello, I'm Lu Boliang, a student of Xi'an Branch of it Academy of Sciences. I'm an honest, pure and kind java programmer. Today, I'd like to share with you the knowledge points in deep thinking - what is TCP / IP protocol? What does TCP's three handshakes mean? Why do you have to shake hands three times instead of four or two?

(1) Background:

If you want to know a person, you can talk from the group he belongs to. Our HTTP protocol is a member of the TCP / IP protocol family. If you understand the status of HTTP protocol in the whole network process, you can also fully understand HTTP protocol.

If you want to know what TCP / IP protocol is, you need to know why it exists. When Chinese people talk to Chinese people, they should follow the Chinese grammatical structure and use Chinese pronunciation. When we communicate with foreigners, we should apply foreign languages and follow foreign grammatical institutions and pronunciation. In fact, this is an agreement, but we call it language. The computer is more intuitive in this aspect. How to communicate between two machines needs to formulate various protocols. For example, TCP protocol is applicable to file transfer. The DNS protocol is applicable to the domain name system. With the existence of some protocols, various data streams are transmitted according to rules, and computers communicate with each other

(2) Knowledge analysis:

TCP / IP layer 4

1. Link layer

It is used to handle the hardware part connected to the network Including control operating system Hardware device driver NIC, optical fiber and other physical visible parts (including connectors and other transmission media) The scope of hardware is within the scope of the link layer

2. Network layer

The network layer is used to process packets rolling over the network A packet is the smallest unit of data transmitted over a network This layer specifies the path (so-called transmission route) to call the other party's computer and transmit the data packet to the other party

When transmitting with the other computer through multiple computers or network devices, the role of the network layer is to select an output route among many options

3. Transport layer

TCP

UDP

4. Application layer

FTP (File Transfer Protocol)

DNS (domain name system)

Http: Protocol

IP protocol

IP (Internet Protocol), the IP here is not worth the 192.168 we usually call 1.1. This IP refers to a protocol, and the following number is the IP address. The role of IP protocol is to accurately deliver various data packets to each other. Two important conditions are IP address, And MAC address (media access control address). Because IP address is a rare resource, it is impossible for everyone to have an IP address, so our usual IP address is the IP address generated by the router, and our MAC address will be recorded in the router. The MAC address is unique in the world and cannot be repeated except for human factors. For example, in real life, IP address is It's like the address of our residential area, and the MAC address is the person in the room of the building we live in

TCP protocol

If the IP protocol is to find the detailed address of the other party. So the TCP protocol is to bring something safe to the other party. Each has its own division of labor and does not conflict with each other

According to the hierarchy, TCP belongs to the transport layer and provides reliable byte stream services. What is a byte stream service? The name sounds confusing. Let's listen to my popular explanation. The so-called byte stream is actually similar to information cutting. For example, if you are a bike seller, you have to deliver the goods. The installed bicycle is too large, unstable and easy to damage. It's better to take the bike apart and stick the name of the consignee on each part. Finally, the bicycles belonging to the same person are reassembled after delivery. The process of disassembly, transportation and assembly is actually the process of TCP byte stream

DNS

DNS (domain names system), like HTTP protocol, is a service at the application layer, providing resolution services from domain names to IP addresses.

The Internet communicates through IP addresses, but IP addresses do not conform to the habit of recognition and memory. People like to remember meaningful words. So DNS service was born to solve this problem. In fact, it is easy to understand, such as the host file in our computer. 192.168. 1.11 roverliang. Com when we visit roverliang COM, the computer will not go to the Internet server to query, but directly visit 192.168 1.111。 This is a simple domain name hijacking, which is enough to explain the meaning of DNS.

We visit a web page and each protocol plays a role

one

DNS resolves the IP corresponding to the domain name

two

Responsibilities of HTTP protocol

Generate HTTP request message for target web server

three

Responsibilities of TCP protocol

In order to facilitate communication, the HTTP request message is divided into message segments, which are divided into multiple message segments according to the serial number, and each message segment is reliably transmitted to the other party

four

Responsibilities of IP protocol

Collect the other party's address and transfer it at the same time

five

It's TCP again

The received message segment from the other party, reorganize the arrived message segment, and reorganize the request message in the original order according to the serial number

six

Responsibilities of HTTP protocol

Processing of content requested by web server

TCP triple handshake

Step 1: the client sends a request to the server indicating that it needs to connect. Then wait for the server to respond.

Step 2: after receiving this request packet, the server checks whether the specified port is being answered. If not, it refuses to establish a connection. Tell us that the server connection is ready for our confirmation..

Step 3: we send the information confirming the establishment of the connection to the server.

So our connection is established.

for instance

QQ chat

A: Are you there? I have bad news for you? (first handshake) syn

B: I'm ready to say (second handshake) ack and syn

A: "Mumbling, mumbling, mumbling, mumbling, mumbling, mumbling, mumbling, mumbling, mumbling, mumbling..." (third handshake on business) ack

Four waves to close the connection

Because TCP connections are full duplex, each direction must be closed separately. This principle is that when one party completes its data transmission task, it can send a fin to terminate the connection in this direction. Receiving a fin only means that there is no data flow in this direction. A TCP connection can still send data after receiving a fin. The party that first performs the shutdown will run the active shutdown. The other side runs passive shutdown.

(1) the TCP client sends a fin, which is used to close the data transmission from the client to the server.

(I'm finished)

(2) the server receives this fin. It sends back an ACK and confirms that the serial number is the received serial number plus 1.

(OK)

(3) the server closes the client's connection and sends a fin to the client.

(that's it, bye)

(4) the customer section sends back ACK message for confirmation, and sets the confirmation sequence number to the received sequence number plus 1

(bye)

(3) Frequently asked questions:

Why is the establishment of a connection protocol three handshakes and the closure of a connection four handshakes?

(4) Solution:

This is because the socket in the listen state of the server receives the connection establishment request of the syn message. It can combine ACK and syn (ACK plays the role of reply. Syn plays the role of synchronization) and sends it in a message. However, when you close the connection, when you receive the fin message notification from the other party, it only means that the other party has no data to send to you. However, not all your data has been sent to the other party. Therefore, you may not close the socket immediately, that is, you may have to send some data to the other party And then send a fin message to the other party to indicate that you are allowed to close the connection now. Therefore, the ACK message and fin message here are sent separately in most cases.

(5) Coding practice:

(6) Expand thinking:

DOS attack

Generally, the normal three-time handshake process is completed after ① ② ③, and the client and server can successfully establish a TCP connection. If the client sends a syn message to the server by forging a non-existent IP as the source address, the server will respond to a syn + ACK message after receiving it, create an entry for the received SYN message in its semi connection queue, and wait for the ACK response of the client. However, because the client adopts IP spoofing, the syn-ack message sent by the server can not get a response at all. At this time, the server will continue to wait and retransmit until the retransmission times exceed the maximum retransmission times specified by the system, and delete the syn item from the semi connection queue. SYN flooding attack is to forge a large number of nonexistent IP addresses in a short time and quickly send a large number of such syn messages to the attack target computer, so that its semi connection queue is blocked, and the normal syn requests are discarded. At the same time, syn + ack retries are constantly performed on all items in this huge semi connection queue, resulting in a sharp reduction of available resources and slow system operation, Serious cases will cause network congestion and even system paralysis.

(7) References:

internet

(8) More discussion:

Q1: questioner: can't two handshakes establish a connection? A1: respondent: can I hear you? I said I could hear you But how do I know if you can hear me? I must ask if you can hear me. Out of politeness, you should also answer me if you can hear me

That's three handshakes Q2: questioner: I didn't understand the four waves mentioned earlier. Can you briefly say it again? A2: respondent: that is to say, syn ack messages can be sent at the same time when the connection is established, and three handshakes can establish the connection. When the connection is closed, fin messages can only be sent separately, so there is no way to determine whether the data of both sides have been sent Then, just like the three handshakes, both sides confirm that Q3 can be closed: questioner: how does TCP control traffic? A3: respondent: Generally speaking, we always want data transmission to be faster. However, if the sender sends the data too fast, the receiver may not have time to receive it, which will cause data loss. The so-called flow control means that the sending rate of the sender should not be too fast, and the receiver should have time to receive.

Using the sliding window mechanism, the flow control of the sender can be easily realized on the TCP connection.

The following is an example of how to use the sliding window mechanism for flow control.

(10) Conclusion:

That's all for today's sharing. You are welcome to like, forward, leave messages and make bricks~

Ppt link video link