Wireshark network protocol analysis: interpreting the TCP protocol and understanding TCP three-way handshake and four-way handshake

TCP Transmission Control Protocol is a connection-oriented, reliable, byte stream-based transport layer protocol that implements end-to-end connections for communication between applications.

1. TCP message header format

2. Analysis of TCP three-way handshake to establish a connection

Every TCP communication must go through a three-way handshake to establish a connection and a four-way handshake to disconnect the connection to ensure the reliability of communication.

The meaning of the flag bit:

• SYN means to establish a connection
• FIN means closing the connection
• ACK means response
• PSH indicates that there is DATA data transmission
• RST means connection reset

1. The process of establishing a connection:

• Client sends a request and waits for confirmation
• After receiving the request, the server responds and asks for confirmation
• After the client confirms, the connection is established

OK, handshake is successful, data transmission starts.

2. Interpretation of TCP's first handshake message (SYN)

3. Interpretation of TCP second handshake message (SYN/ACK)

4. Interpretation of TCP third handshake message (ACK)

3. TCP waved four times to disconnect

The data packet that waved four times to disconnect is shown in the figure below.

Waving process

The four waves are mainly for the interpretation of the FIN sign, and the rest are basically the same as above.