Animation explains TCP. If you still don’t understand, please hit me up

Preface

The TCP three-way handshake process is a must-know for interviews, so not only do you have to master the entire TCP handshake process, but some of the small details are also more favored by interviewers.

For this part of the mastery and the four waves of TCP, the deer will present it to everyone in the form of animation, which will simplify the complex knowledge and make it much easier to understand, especially for a beginner.

Mind Map

What is TCP

TCP (Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol.

We know the definition of TCP above. In simple terms, TCP is a standard (protocol) for two-way communication.

Before we learn the TCP handshake process, we must first understand some flag information in the TCP message header, because these message information will be used in the TCP handshake process. If we do not master this information, we will be confused during the handshake process. This is also to be able to deeply understand the principle of TCP three-way handshake.

TCP header message

1. Source port and destination port

The two are "source port number" and "destination port number" respectively.

The source port number refers to the local port, and the destination port number refers to the remote port.

After a data packet (pocket) is decapsulated into a data segment (segment), the port problem of connecting to the upper-layer protocol becomes involved.

It can be understood in this way. We can imagine that the sender has many windows and the receiver has many windows. These windows are marked with different port numbers. The source port number and the destination port number represent the specified serial port from which the data is sent to the window on the other side. Different application levels have different ports, which has been mentioned in the previous article on network layering.

Extensions:

The port number of the application and the IP address of the host where the application is located are collectively called a socket. IP:port number. On the Internet, a socket uniquely identifies each application. The source port + source IP + destination port + destination IP is called a "socket pair". A pair of sockets is a connection, a connection between a client and a server.

2. Sequence Number

It is called "sequence number". It is used to number each byte of the byte stream in a certain transmission direction during TCP communication to ensure the orderliness of data communication and avoid disorder in the network. The receiving end confirms based on this number to ensure that the divided data segment is in the position of the original data packet.

To put it more simply, each field is marked with a sequence number during transmission, and this field is used to ensure that the original position of the field is in the transmission order during transmission between the two parties. (The sender is the order of the data, and the receiver must also ensure that it is in this order)

• PS: The initial sequence number is set by yourself, and the subsequent sequence number is determined by the peer end.
• ACK determines: SN_x = ACK_y (sequence number of x = ACK sent by y to x), which will be discussed later.

3. Acknowledgment Number

It is called "confirmation sequence number". The confirmation sequence number is the next sequence number that the receiving confirmation end expects to receive. The confirmation sequence number should be the last successfully received data byte sequence number plus 1. The confirmation sequence number field is only valid when the ACK flag in the flag bit is 1. It is mainly used to solve the problem of packet loss.

If the confirmation number = N, it means that all data up to sequence number N-1 have been received correctly.

Here, we only need to know what its function is, that is, when data is transmitted, it is in segments, all of which are identified by sequence numbers. Therefore, after the receiver receives each segment, the sequence number of the next segment it wants is called the "confirmation sequence number."

4. TCP Flag

There are 6 flag bits in the TCP header, multiple of which can be set to 1 at the same time. They are mainly used to control the TCP state machine, namely URG, ACK, PSH, RST, SYN, and FIN.

It is not required for beginners to master all of them. Here we only talk about three key signs:

(1) ACK

This flag can be understood as the sender sending data to the receiver. When sending, ACK is 0, indicating that the receiver has not responded. Once the receiver receives the data, it sets ACK to 1. After the sender receives it, it knows that the receiver has received the data.

This flag indicates that the "response field is valid", which means that the TCP response number mentioned above will be included in the TCP data packet;

There are two values: 0 and 1. When it is 1, it means the response domain is valid, otherwise it is 0;

(2) SYN

It stands for "Synchronization Sequence Number" and is the first data packet sent in the TCP handshake.

Used to establish a TCP connection. The SYN flag and the ACK flag are used together. When a connection is requested, SYN=1, ACK=0. When a connection is responded, SYN=1, ACK=1. This flagged packet is often used for port scanning. The scanner sends a packet with only SYN. ​​If the other host responds with a packet, it means that this host has this port. See the animation below:

(3) FIN

Indicates that the sender has reached the end of the data, that is, the data transmission between the two parties is completed and there is no data to be transmitted. After sending a TCP data packet with the FIN flag, the connection will be disconnected. Data packets with this flag are also often used for port scanning.

This is easy to understand. That is, the sender only has the last piece of data left, and at the same time needs to tell the receiver that there is no more data to be received, so it uses FIN to mark it. After the receiver sees this FIN, it will think, "Oh! This is the last piece of data to be received," and it will close the connection after receiving it. The animation is as follows:

5. Window size

It is called the sliding window size. The sliding window is used for flow control.

Why TCP three-way handshake?

First, to confirm whether the receiving and sending capabilities of both parties are normal. Second, specify your own initialization sequence number to prepare for the subsequent reliable transmission. Third, if it is the https protocol, the three-way handshake process will also verify the digital certificate and generate the encryption key.

If you know UDP, the emergence of TCP officially makes up for the disadvantage of UDP's unreliable transmission. However, the birth of TCP also inevitably increases the complexity of the connection.

What is the TCP three-way handshake process?

The two most important points to grasp in the TCP three-way handshake process are the changes in the client and server status, and the changes in the flag information during the three-way handshake process. Then it is much easier to grasp the TCP three-way handshake. Below we will disassemble the three-way handshake process in the form of animation.

Initial state: The client is in the closed state and the server is in the listening state.

First handshake: The client sends a request message and sends the SYN = j(1) initialization sequence number to the client. After sending, the client is in the SYN_Send state.

Second handshake: After receiving the SYN request message, if the server agrees to connect, it will respond with its own SYN (server) = K (0) and ack (1) = SYN (client) + 1 (ACK = 1) message, and the server is in the SYN_Receive state.

Third handshake: The client receives SYN + ACK from the server, and then sends an ack = SYN (server) + 1 (ACK = 1) confirmation packet as a response, and the client changes to the established state.

Why not one or two handshakes?

This prevents the server from waiting and wasting resources.

In order to prevent the invalid connection request message segment from being suddenly sent to the server, thus causing an error, if the server receives the delayed handshake message sent by the client, and then responds, it thinks that the client wants to establish a connection with it, but the client does not mean to do so. However, the server thinks that a new transport connection has been established and keeps waiting for the client to send data. In this way, a lot of server resources are wasted.