Network communication protocol TCP

It is very easy to create a local TCP server, which can be used to analyze the TCP request and response process.

In this article, I will introduce the process of TCP establishing a connection (three-way handshake), transmitting data, and disconnecting (four-way handshake).

TCP Introduction

TCP: TCP (Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol defined by IETF's RFC 793.

When talking about network protocols, we often think of the OSI (Open System Interconnection) seven-layer model, the TCP/IP protocol suite, and the question of which layer of the OSI or TCP/IP protocol suite it is located at.

As shown in the figure below of the OSI seven-layer model and the corresponding TCP/IP protocol suite, TCP is located at the fourth layer (transport layer) in OSI. It is located at the fourth layer (TCP or UDP) in the TCP/IP protocol suite.

The following figure shows the OSI seven-layer model and the corresponding TCP/IP protocol suite

OSI TCP/IP Family

TCP is connection-oriented, which means that the client needs to establish a connection before sending or receiving data. This connection process requires three handshakes to complete. The author built a local TCP service with Python and used Wireshark (Wireshark (formerly known as Ethereal) is a network packet analysis software. The function of network packet analysis software is to capture network packets and display the most detailed network packet data as possible.)

The request and response process between the local TCP server and the TCP client is captured. Let's take a look at the process of establishing a connection (three-way handshake), transmitting data, and disconnecting the connection (four-way handshake).

Preparation for setting up TCP service locally

In the previous article, I mentioned that I would use Python to create a local TCP server and analyze the TCP request and response process. Here, I used PythonIDE and the terminal that comes with Mac to simply create a local TCP server and client.

The author will analyze the process as follows:

• Create and start a TCP server with port number 20000
• Create a client and establish a connection with the server (three-way handshake)
• The client sends data 'AB' to the server
• After receiving the data, the server sends data 'AB' to the client
• The server receives the data and sends it to the client (currently 'AB')
• The client and server are disconnected (wave four times)
• Use Wireshark to analyze the process of establishing a connection (three-way handshake), transmitting data, and disconnecting (four-way handshake).

Server code:

 Python 3.7.1 (v3.7.1:260ec2c36a, Oct 20 2018, 03:13:28)  
 [Clang 6.0 (clang-600.0.57)] on darwin  
 Type "help", "copyright", "credits" or "license()" for more information.  
 > > > from socketserver import BaseRequestHandler, TCPServer  
 > > > class EchoHandler(BaseRequestHandler):  
 def handle(self):  
 print('Got connection from', self.client_address)  
 while True:  
 msg = self .request.recv(8192)  
 if not msg:  
 break  
 self.request.send(msg)  
 
     
 > > > if __name__ == '__main__':  
 serv = TCPServer (('', 20000), EchoHandler)  
 serv.serve_forever() 
 
      
 Got connection from ('127.0.0.1', 59006)

Client code:

 wangyongwangdeiMac:~ wangyongwang$ python  
 Python 2.7.15 (default, Oct 2 2018, 11:47:18)
 [GCC 4.2.1 Compatible Apple LLVM 10.0.0 (clang-1000.11.45.2)] on darwin
 Type "help", "copyright", "credits" or "license" for more information.  
 > > > from socket import socket, AF_INET, SOCK_STREAM  
 > > >   s = socket (AF_INET, SOCK_STREAM)  
 > > > s.connect(('localhost', 20000))

The effect of the above code is shown in the following figure:

TCP request response effect diagram

TCP connection establishment effect diagram

As shown in the figure above, Got connection from ('127.0.0.1', 62515) we can determine that the port used by the client is 59006.

Through the above preparations, the author will use Wireshark to capture the entire process of TCP request response and perform corresponding analysis.

TCP three-way handshake

TCP establishes a connection through a three-way handshake. We should be familiar with the following figure:

TCP three-way handshake diagram

Explanation of the codes in the figure above and the following text:

• Seq is the sequence number in the following text. The sequence number refers to the location of the sent data. Every time data is sent, the size of the data bytes is accumulated. Generally, the Seq captured by Wireshark in our usual requests is a random number.
• Ack stands for Acknowledgement number, which refers to the sequence number of the data that should be received next time.
• SYN is the Syn in the Flags part. Syn being 1 indicates that a connection is desired to be established.
• ACK is the ACK of the Flags part. Ack is 1, indicating that the field of the confirmation response becomes valid.

TCP first handshake, the client sends a message to the server, the key information is Syn = 1, Seq = 0. As shown in the figure below, sequence number = x = 0, Syn = 1.

TCP first handshake

TCP second handshake, the server sends a message to the client, the key information is Ack = x + 1 = 1, Syn = 1, Seq = y = 0. As shown in the following figure, sequence number = y = 0, Ack = x + 1 = 1, Syn = 1.

TCP second handshake

TCP third handshake, the client sends a message to the server, Seq = x+1 = 1, Ack = y+1 = 1, ACK = 1. As shown in the following figure, Seq = x+1 = 1, Ack = y+1 = 1, ACK = 1.

TCP third handshake

We can find that after the three-way handshake, there is another TCP Window Update.

TCP Window Update

TCP Window Update is a state in TCP communication. It can occur for many reasons, but it ultimately comes down to the sender transmitting data faster than the receiver can read the data. This forces the receiver to release some space in the buffer to hold the data sent, and then send a Windows Update to the sender to tell the sender how fast it should send data, so that data transmission and reception can resume normal. Reference: TCP three-way handshake

From the TCP Window Update figure above, according to Source Port: 20000 and Destination Port: 59006, we can know that the current sender is the client. To explain the meaning of the previous paragraph, the client sends data too fast and the server reads data slowly, so the server sends a TCP Window Update message to the client.

The above content is the process of TCP establishing a connection. Below I will introduce the content of the data transmission part:

TCP data transmission process

Check the data transmission process and the previous connection establishment part, using the following code for analysis:

The code content is the same as the previous code for establishing a connection, except for adding a few lines of code for sending data and disconnecting. It can be seen that the port number assigned by the client this time is 53262.

Before analyzing the data transmission process, the author first briefly explains the terms and tools that will be used below:

• Byte is a byte, bit is a bit, 1 byte = 8 bits.
• ASCII code: It is a computer coding system based on the Latin alphabet, mainly used to display modern English and other Western European languages. It is the most commonly used single-byte coding system today.

ASCII code comparison table:

For example, the ASCII code of 'A' is 0x41

Basic conversion between hexadecimal, binary, and decimal: Hexadecimal 0x41 corresponds to binary 0100 and decimal 0001 corresponds to decimal 4 * 16 + 1 = 65

Online conversion:

Next, I will take you through the analysis of the data transmission part:

The following figure shows the client s.send(b'A') transmitting 'A' (its corresponding ASCII code is 65) in binary form:

Client to Server

The following shows a process where a client s.send(b'AB') and the server gives a corresponding response (the server also sends the received '' to the client):

• The Acknowledgement field in the Flags section of the received data is set to 1, indicating that the acknowledgement field is valid.
• The Push flag in the received data flag is set to 1, indicating that the receiver should pass the data to the upper layer application protocol as soon as possible.

From the source port 53262 and the destination port 20000, we can see that the following figure shows that the client sends a message to the server. The data sent is 'AB', and the ASCII code of 'AB' is 0x4142.

The client sends a message to the server

From the source port 20000 and the destination port 53262, it can be seen that the following figure shows that the server has fed back to the client that the message has been received.

The Acknowledgement number is 4 because the server receives 2 bytes of data from the client and adds 2 to the previous client's Sequence number.

The server receives the message response from the client

From the source port 20000 and the destination port 53262, we can see that the following figure shows that the server sends a message to the client. The data sent is 'AB', and the ASCII code of 'AB' is 0x4142.

The server sends a message to the client

From the source port 53262 and the destination port 20000, we can see that the following figure shows that the client has sent a message back to the server. The Acknowledgement number is 4 because the client has received 2 bytes of data from the server and has added 2 to the previous Sequence number of the server.

The client responds after receiving the server message

TCP disconnects four times

The TCP disconnection diagram is as follows:

TCP disconnection diagram

The corresponding Python client code is s.shutdown(2), and the client actively disconnects.

• In the disconnection Flags, Fin is set to 1, indicating that you want to disconnect.
• The Ack in the disconnected Flags is set to 1, indicating that the confirmation response field is valid.

The Wireshark packet capture analysis of the response is as follows:

TCP disconnects the first wave, from source port 53262 to destination port 20000, it can be seen that the client actively disconnects. Fin in Flags is set to 1, and Sequence number is 7.

TCP disconnects the first wave

The second TCP disconnect wave, from source port 20000 to destination port 53262, shows that the server responds to the client disconnection. And the Acknowledge number is incremented by 1 compared to the previous client's Sequence number.

TCP disconnects the second wave

TCP disconnects the connection for the third time, from source port 20000 to destination port 53262. The Fin in Flags is set to 1, which shows that the server sends a disconnect signal to the client. The sequence number is 7.

TCP disconnects the third wave

The fourth TCP disconnect wave, from source port 53262 to destination port 20000, shows that it is the client's response to the server's disconnection. And the Acknowledge number is incremented by 1 compared to the previous server's Sequence number.

TCP disconnects the fourth wave

Below, I have posted the IP and TCP headers and the image of the TCP request captured by Wireshark. Interested readers can do a simple analysis on their own.

TCP data encapsulation in IP datagram and TCP packet header

Later, I discussed with Brother Kun and he pointed out that the TCP header in the above figure has been updated. The newer TCP header format is as follows:

TCP header

The following figure shows the control bit part in the TCP header:

Control Flag

TCP

TCP

[This article is an original article from 51CTO columnist 360 Technology, WeChat public account "360 Technology (id: qihoo_tech)"]

Click here to read more articles by this author