Certainly! Here is a concise rewrite of your content that includes the keyword:—Author: Tage Chasing Clouds Source: [Link](https://urlify.cn/jYVZn2) The TCP/IP protocol suite is essential for enabling communication over the internet, providing a reliable framework for data exchange between devices.
This article combines Wireshark packet capture to provide a detailed explanation of the TCP protocol’s three-way handshake and four-way termination. Make sure to read it thoroughly; it might be the most detailed article on the internet.
01 TCP/IP Protocol Suite
TCP/IP is a protocol suite typically developed in layers, each responsible for different communication functions. It includes the following four layers:
Also known as the Data Link Layer or Network Interface Layer, it usually includes device drivers in the operating system and corresponding network interface cards. It handles the physical interface details between the transmission medium (such as cables) and the physical layer.
Also known as the Internet Layer, it processes packet activities on the network, such as routing and forwarding. Network layer protocols include IP (Internet Protocol), ICMP (Internet Control Message Protocol), and IGMP (Internet Group Management Protocol).
This layer provides end-to-end communication between applications on two host computers. Main protocols include: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). TCP provides high reliability data communication between two hosts, while UDP offers best-effort communication, with reliability being managed by the application layer.
Responsible for handling specific application logic. Includes Telnet (remote login), FTP (File Transfer Protocol), SMTP (Simple Mail Transfer Protocol), and SNMP (Simple Network Management Protocol).
The packets captured by Wireshark and their corresponding protocol layers are shown in the image below:
The results displayed in the packet capture interface and the protocol stack’s layer relationships are exactly reversed; the top is the Physical Layer, and the bottom is the Application Layer. The specific relationships are as follows:
02 TCP Protocol
TCP is a connection-oriented, reliable, byte-stream-based transport layer communication protocol. TCP packages user data into segments and, after sending, starts a timer. The data received on the other end is acknowledged, reordered if out of sequence, and duplicate data is discarded.
The TCP header is shown in the following image:
The fields in the TCP packet captured by Wireshark are shown below:
03 TCP Three-Way Handshake
When establishing a connection, TCP goes through a three-way handshake process, as shown in the image below. Wireshark captured three packets from the handshake. The fourth packet is HTTP, which confirms that HTTP establishes a connection using TCP.
Let’s analyze this step by step
The client sends a connection request packet to the server, setting the SYN (synchronize sequence number) flag to 1, with a sequence number of X=0.
The server receives the message from the client and knows the client wants to establish a connection by SYN=1. It sends back a TCP packet with both SYN and ACK set to 1, with an initial sequence number Y=0 and an acknowledgment number set to the client’s sequence number plus 1, i.e., X+1 = 0+1=1, as shown below:
The client checks the acknowledgment number sent by the server to see if it is correct (i.e., the first sent sequence number plus 1, X+1=1) and whether the ACK flag is set to 1. If correct, the client sends another acknowledgment with the ACK flag set to 1 and the SYN flag set to 0. The acknowledgment number is Y+1=0+1=1, and the sent sequence number is X+1=1. After the server receives this and verifies the acknowledgment number and ACK=1, the connection is successfully established, and data transfer can begin.
04 TCP Four-Way Termination
When TCP disconnects, there is a four-way termination process, as shown below. Wireshark captured four packets from the termination process.
Let’s analyze this step by step
The client sends a TCP packet to the server to close the data transfer from the client to the server. It sets the FIN and ACK flags to 1, with a sequence number of X=1 and an acknowledgment number of Z=1.
After receiving the FIN, the server sends back an ACK with the ACK flag set to 1. The acknowledgment number is the received sequence number plus 1, i.e., X=X+1=2, and the sequence number is the received acknowledgment number=Z.
The server closes the connection to the client, sending a FIN. The FIN and ACK flags are set to 1, with a sequence number of Y=1 and acknowledgment number of X=2.
After receiving the FIN from the server, the client sends back an ACK confirmation (ACK flag set to 1), with an acknowledgment number equal to the received sequence number plus 1, i.e., Y+1=2. The sequence number is the received acknowledgment number X=2.
Okay, that’s the process of capturing the TCP three-way handshake and four-way termination using Wireshark, complete with text and images. If you still don’t understand it, come and beat me up.