Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

T TCP is a two-way communication protocol  , which means either end should be able to send data reliably, so the three-way handshake is just fine.

TCP is one of the main protocols of the Internet Protocol Suite. It is located between the application layer and the network layer to provide reliable connection services. It is a connection-oriented communication protocol that facilitates the exchange of messages between different devices through the network. .

When it comes to TCP, you must mention the three-way handshake of TCP. This is the core of the TCP connection core. So what is the process of the three-way handshake of TCP, and what are the excellent design features?

Today, Rui Ge will take you to explain a wave in the form of diagrams, let us start directly.

What is TCP?

  • English full name: Transmission Control Protocol
  • Chinese name: Transmission Control Protocol

TCP is a connection-oriented protocol that ensures complete delivery of data to its destination, TCP first establishes a session with a TCP port on each host by using the TCP three-way handshake, then it transmits the data in packets, Each packet has a sequence number, when a packet is received at the destination, TCP generates an acknowledgment to the sending host, and if no packet in the sequence is received, the TCP on the sending host restarts after a certain interval. transmit packets.

TCP three-way handshake

During the establishment and closing of the connection between two devices, TCP will have a 3-way handshake process, that is, three steps are required to establish and close the connection. Let's take a detailed look at these three processes.

Three handshakes in life

Let's first illustrate the three-way handshake process with an example in life:

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

Three handshakes in life

Xiaoming wants to call Xiaomei, but he is not sure whether the other party is Xiaomei, so he will go through the following process:

  • Xiao Ming: Hello, is this Xiao Mei? 【First handshake】
  • Xiaomei: Yes, I'm Xiaomei. 【Second handshake】
  • Xiao Ming: Okay, I know you are Xiaomei. 【Third handshake】

After three handshakes, Xiao Ming can clearly determine that the other party is Xiaomei, very reliable!

If there is only one handshake, then after Xiaoming asks "Hello, is this Xiaomei?", Xiaoming is not sure whether the other party has received this greeting, let alone whether the other party is Xiaomei.

If there are only two handshakes, then after Xiaoming receives Xiaomei's "Yes, I'm Xiaomei.", Xiaomei does not know whether Xiaoming has received her reply, so she is not sure whether to talk to the phone. Ask her people for correspondence.

So the three-way handshake is just right.

Professional three-way handshake

Let's take a look at the professional three-way handshake.

Professional terms involved in the three-way handshake

Server: A server is a physical computer dedicated to running services to meet the needs of other computers

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

client-server

  • Client: A client is a computer hardware device or software that accesses the services provided by the server
  • SYN: Synchronize Sequence Number, which is the first data packet from the client to the server. It can be described as a request to establish a connection. If SYN is 1, it means that the device wants to establish a secure connection, otherwise it does not.

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

SYN capture

ACK: Acknowledgement, which can be said to be the SYN response. If the ACK is 1, the device has received the SYN message and confirmed it, otherwise not.

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

ACK packet capture

Three-way handshake steps

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

Three-way handshake steps

Step 1: The client sets the SYN flag to 1 to send the message to the server.

Step 2: The server acknowledges the client request by setting the ACK flag to 1.

Step 3: After the client receives the synchronization (SYN) from the server, it sends an acknowledgment (ACK) to the server.

After getting (ACK) from the client, a connection is established between the client and the server, and now data can be transmitted between the client and the server.

more detailed process

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

More detailed process of three-way handshake

Step 1: The TCP client sends a TCP SYN packet to the server to start the connection. The packet contains a random sequence number n, which represents the beginning of the sequence number of the data that the client should transmit.

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

Step 2: The server receives the data packet and responds with its serial number (m). Its response also includes an acknowledgment number, that is, the client's serial number plus 1, which is n+1 here.

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

Step 3: The client responds to the server by sending an acknowledgment number, which is the server's serial number plus 1, here is m+1.

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

TCP three-way handshake packet capture analysis

No amount of theory is futile without practice, so the best way to verify our theory is to capture packets and look at the TCP three-way handshake process.

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

TCP three-way handshake packet capture analysis

As shown in the figure, the host 172.16.16.128:2826 and the host 212.58.226.142:80 establish a three-way handshake process:

  • Step 1: Host 172.16.16.128:2826 sends [SYN] Seq=0 to host 212.58.226.142:80
  • Step 2: Host 212.58.226.142:80 sends [SYN,ACK] Seq=0, Ack=1 to host 172.16.16.128:2826
  • Step 3: Host 172.16.16.128:2826 sends [ACK] Seq=1, Ack=1 to host 212.58.226.142:80

This is the detailed three-way handshake message. I think at this moment, you can open your own wireshark packet capture tool and experience the magic of the TCP three-way handshake.

TCP window

When you look at the wireshark screenshot in the picture above, you must have noticed the word Win=8192, which is the TCP window.

The client sends a bunch of data to the server, and the server verifies all packet-level checksums and sends an ACK packet, indicating that everything was received correctly.

If not everything is received, some or all of the data needs to be retransmitted, each device maintains a buffer of all the data in case it needs to be sent again, receiving an ACK packet means that the device can remove the old data from the buffer Clear.

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

TCP window

The TCP window is the maximum number of bytes that can be sent before an ACK is received.

If the network is unreliable, it is best to set the TCP window small so that you don't have to retransmit very large data if something goes wrong.

Another excellent design of TCP is the sliding window, that is, the device can dynamically change the window size, shrinking the window when it is congested, and expanding the window when it is normal.

Other parameters

There are not only TCP windows in the packet capture screenshots, but also other parameters:

  • MSS (Maximum Segment Size), the maximum segment size.
  • WS (Windows Scaling), used to control the maximum TCP receive window size.

Why can't TCP do a second handshake to establish a connection?

We need to know that for Server and Client to establish a connection, the following four conditions must be met:

  • The server needs to confirm that the server can receive packets from the client
  • The client needs to confirm that the client can receive packets from the server
  • The client needs to confirm that the server can receive packets from the client
  • The server needs to confirm that the client can receive packets from the server

The four conditions seem to be very confusing, but in fact, they are:

Graphical network: The principle behind the TCP three-way handshake, why is the two-way handshake not possible?

  • Xiaoming asked: "Hello, may I ask Shi Xiaomei?": After the transmission was successful, Xiaoming was sure that he could receive information from Xiaomei, and verified the first condition [the server needs to confirm that the server can receive data packets from the client]
  • Xiaomei replied: "Yes, I'm Xiaomei": After the transmission was successful, Xiaomei confirmed that she could receive information from Xiaoming, and also confirmed that Xiaoming could receive information from her, verifying the second and third conditions [ The client needs to confirm that the client can receive packets from the server] [The client needs to confirm that the server can receive packets from the client]
  • Xiao Ming replied: "Okay, I know you are Xiaomei": After the transmission was successful, Xiaoming determined that Xiaomei could receive information from him, and verified the four conditions [the server needs to confirm that the client can receive information from the server data pack】

TCP is a two-way communication protocol, which means either end should be able to send data reliably, so the three-way handshake is just fine.