+(65) 8344 4290 Ciscodumps.net@gmail.com Room 907, Block B, Baoneng Entrepreneurship Center, Guangrong Road, Hongqiao District, Tianjin

ThinkMo EDU Share – network 20.What is the TCP/IP protocol

蒂娜 No Comments 10/25/2022

ThinkMo EDU Share – network 20.What is the TCP/IP protocol

What is the TCP/IP protocol?

If a computer and a network device want to communicate with each other, both sides must be based on the same method. For example, how to detect the communication target, which side initiates communication first, which language is used for communication, and how to end communication, etc., all need to be determined in advance. Communication between different hardware, operating systems, all this requires a kind of rules. And we call this rule a protocol.

That is to say, TCP/IP is a general term for various protocols related to the Internet.

Layered Management of TCP/IP

The most important point in the TCP/IP protocol is layering. The TCP/IP protocol suite is divided into layers: application layer, transport layer, network layer, data link layer, and physical layer. Of course, there are also 4 or 7 layers according to different models.

Why stratify?

After layering the TCP/IP protocol, if the design is modified in a later stage, there is no need to replace all of them, only the changed layers need to be replaced. And from the design point of view, it has become simpler. The application at the application layer can only consider the tasks assigned to itself, and does not need to find out where the other party is on the earth, how to transmit, and how to ensure the arrival rate.

As shown in the figure above, we divide TCP/IP into 5 layers, the lower the lower, the closer to the hardware. Let’s take a look at these layers from the bottom up.

  1. Physical layer
    This layer is responsible for the transmission of bit streams between nodes, that is, responsible for physical transmission. The protocol of this layer is related to both the link and the transmission medium. In layman’s terms, it is the physical means of connecting computers.
  2. The data link layer
    controls the communication between the network layer and the physical layer, and its main function is to ensure reliable data transmission on the physical line. In order to guarantee transmission, the data received from the network layer is divided into specific frames that can be transmitted by the physical layer.

A frame is a structural packet used to move data structures. It contains not only the original data, but also the physical addresses of the sender and receiver, as well as error correction and control information. The address in it determines where the frame will be sent, while error correction and control information ensures that the frame arrives error-free. If the receiving point detects that there is an error in the transmitted data when transmitting data, it will notify the sender to resend the frame.

  1. The network layer
    decides how to route data from sender to receiver. The network layer decides the best way from node A to node B in the network by comprehensively considering sending priority, degree of network congestion, quality of service and cost of optional routing. That is, host-to-host communication is established.
  2. Transport layer
    This layer provides end-to-end communication for applications on two hosts. The transport layer has two transport protocols: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). Among them, TCP is a reliable connection-oriented protocol, and UDP is an unreliable or connectionless protocol.
  3. Application layer
    After the application program receives the data of the transport layer, it is necessary to interpret it next. Interpretation must specify the format in advance, and the application layer is to specify the data format of the application. The main protocols are: HTTP . FTP , Telent and so on.


TCP/UDP are transport layer protocols, but they have different special effects and different application scenarios.

The packet
-oriented transmission method is to send the application layer to UDP and send the length of the packet, that is, to send one packet at a time. Therefore, the application must choose the appropriate size of the message.

Byte Stream Orientation
While an application interacts with TCP one data block at a time (of varying sizes), TCP treats an application as a series of unstructured byte streams. TCP has a buffer. When the data block sent by the program is too long, TCP can divide it into shorter and then send it.

of TCP’s three-way handshake and four-way wave
is as follows:

The first handshake : establishing the connection. The client sends a connection request segment, and sets the syn ( marker bit ) to 1, the Squence Number ( packet sequence number ) (seq) to x, and then waits for the server to confirm, and the client enters the SYN_SENT state ( requests to connect );

The second handshake : The server receives the SYN segment of the client, confirms the SYN segment, and sets the ack ( confirmation number ) to x+1 ( ie seq+1 ); at the same time, it also sends the SYN request information. Set SYN to 1 and seq to y. The server puts all the above information into the SYN+ACK segment and sends it to the client together. At this time, the server enters the SYN_RECV state.

SYN_RECV refers to the state when the server receives the SYN of the client and sends an ACK after it is passively opened. After further receiving the ACK from the client, it will enter the ESTABLISHED state.

The third handshake : the client receives the SYN+ACK ( confirmation ) segment from the server; then sets the ACK to y+1, and sends the ACK segment to the server. After the segment is sent, the client Both the server and the server enter the ESTABLISHED ( successful connection ) state and complete the three-way handshake of TCP.

The above explanation may be a bit difficult to understand, but use an illustration in “Illustrated HTTP” to help you.

When the client and the server establish a TCP connection through three-way handshake, when the data transmission is completed, it needs to wave four times of TCP to disconnect the connection. Its four waves are as follows:

For the first wave
, the client sets seq and ACK, and sends a FIN (final) segment to the server. At this point, the client enters the FIN_WAIT_1 state, indicating that the client has no data to send to the server.

The second wave
server receives the FIN segment sent by the client and returns an ACK segment to the client.

For the third wave
, the server sends a FIN segment to the client, requesting to close the connection, and the server enters the LAST_ACK state.

For the fourth wave
, after the client receives the FIN segment sent by the server, it sends an ACK segment to the server, and then the client enters the TIME_WAIT state. After the server receives the ACK segment from the client, it closes the connection. At this time, if the client waits for 2MSL (referring to the maximum survival time of a segment in the network) and still does not receive a reply, it means that the server has been shut down normally, so that the client can close the connection.

Finally, look at the complete process:

If there are a large number of connections, each time the connection is closed, it has to go through three handshakes and four waves, which will obviously cause poor performance. therefore. Http has a mechanism called keepalive connections. It can keep the connection after transmitting data, and when the client needs to obtain data again, it can directly use the connection that has just been idle without handshake again.

Summary of problems

  1. Why three handshakes?

In order to prevent the failed connection request message from being suddenly sent to the server again because of an error.

Specific explanation: “Invalid connection request segment” occurs:

The first connection request segment sent by the client was not lost, but stayed at a certain network node for a long time, resulting in a delay in reaching the service at a certain time after the connection was released. If there is no three-way handshake, then when the server receives the invalid connection request segment, it mistakenly believes that it is a new connection request sent by the client again, so it sends a confirmation segment to the client and agrees to establish a connection. The client does not issue a connection establishment, so it does not care about the server’s response, and the service will always wait for the client to send data, so this connection line will be wasted.

Wouldn’t it be alright if it turned into two waves of hands at this time?
At this time, you need to understand full-duplex and half-duplex before answering. for example:

First handshake: A calls B and says, can you hear me?

The second handshake: B received A’s message, and then said to A: I can hear you, can you hear me?

The third handshake: A received the message from B, and said yes, I want to send you a message! After shaking hands three times, both A and B can be sure of one thing: what I say, you can hear; what you say, I can also hear. In this way, normal communication can start, if it is twice, it is impossible to determine.

  1. Why wave four times?
    The TCP protocol is a connection-oriented, reliable, byte stream-based transport layer communication protocol. TCP is full-duplex mode (can send and receive at the same time), which means that when host 1 sends a FIN segment, it just means that host 1 has no data to send, and host 1 tells host 2 that it All data has been sent; however, host 1 can still accept data from host 2 at this time; when host 2 returns an ACK segment, it means that host 2 has no data to send, and will tell host 1 , I also have no data to send, and then each other will interrupt the TCP connection.
  2. Why wait for 2MSL?
    MSL : The maximum lifetime of a segment, which is the longest time in the network before any segment is discarded.
    The reasons are as follows:

Ensure that the full-duplex connection of the TCP protocol can be closed reliably

Ensure that duplicate data for this connection is messaged from the network

The first point: if host 1 is directly shut down, due to the unreliability of the IP protocol or other network reasons, host 2 does not receive the ACK last reply from host 1. Then host 2 will continue to send FIN after the timeout. At this time, since host 1 has been closed, the connection corresponding to the retransmitted FIN cannot be found. Therefore, host 1 does not go directly to shutdown, but the TIME_WAIT state. When the FIN is received again, it can ensure that the other party receives the ACK and finally closes the connection correctly.

The second point: if host 1 closes directly, and then initiates a new connection to host 2, we cannot guarantee that this new connection is different from the connection port that was just closed. That is to say, it is possible that the port number of the new connection and the old connection are the same.

Generally speaking, there is no problem, but there are still special cases; assuming that the port number of the new connection and the old connection that has been closed are the same, if some data of the previous connection is still stuck in the network (Lost Duplicate), those The delayed data arrives at host 2 after the new connection is established. Since the port number of the new connection and the old connection is the same, the TCP protocol considers which delayed data belongs to the new connection, which is the same as the real new connection. Confused. Therefore, the TCP connection must wait twice MSL in the TIME_WAIT state to ensure that all data of this connection disappears from the network.

ThinkMo CCNA Dump exam information exchange group:

CCNA/CCNP/CCIE telegram study group:https://t.me/ccie_ei_lab
WAHTAPP:+65 83444290
WAHTAPP:+63 9750724648

ThinkMo CCNA 200-301 Tutorial VIP Exclusive:

The complete EVE_NG file, free learning PDF and PPT that can be used directly, as well as video explaining the technical points are all here!

Post Tags :

Leave a Reply