TCP connection is more than communicating with TCP protocol

1、 If the server doesn't want to accept this handshake , What will it do ？ There may be several situations ：

• Ignore this connection , Just treat it as if nothing has been received , Nothing happened . Such behavior , You could say “ pretend to be ignorant of sth ”.
• Reply , Expressly refuse . It's equivalent to someone reaching over to shake hands , You slap it off , It's really very rigid .

Case one , Because the server has done “ Silent packet loss ”, That is, although I received SYN, But it just discarded , And don't reply to any messages to the client . This also leads to a problem , That is, the client can't distinguish this SYN Which of the following is the case ：

1. Lost on the network , The server cannot receive , Naturally, there will be no reply ;
2. The opposite end received it but didn't reply , That's what I just said “ Silent packet loss ”;
3. The opposite end received it and returned it , But this packet was lost in the network .

2、 test

First step , On the server , Execute the following command , Give Way Iptables Silently discard it and send it to yourself 80 The packets on the port ：

Iptables -I INPUT -p tcp --dport 80 -j DROP

The second step , Start on the client tcpdump Grab the bag ：

sudo tcpdump -i any -w telnet-80.pcap port 80

The third step , Initiate a from the client telnet：

telnet  Server side IP 80

telnet That's the reason for the suspension ： The handshake request has never been successful . The client has 7 individual SYN The bag was sent out , Or say , Except for the first time SYN, And then there's 6 Retries . The client is certainly not “ A fool ”, So many times , Gave up the connection attempt , Pass the failed message to the user space program , Then is telnet sign out .

TCP If the handshake doesn't respond , The operating system will retry

stay Linux in , This setting is determined by kernel parameters net.ipv4.tcp_syn_retries The control of the , The default value is 6

$ sudo sysctl net.ipv4.tcp_syn_retries
net.ipv4.tcp_syn_retries = 6

REJECT, This should enable the client to exit immediately . Execute the following command , Give Way Iptables Refuse to send to 80 The packets on the port ：

Iptables -I INPUT -p tcp --dport 80 -j REJECT

here telnet I will quit immediately

see iptables The rule found that it was automatically supplemented –reject-with icmp-port-unreachable, That is to say, it is practical ICMP The message was replied . Of course , You can also define this action as –reject-with tcp-reset, That would meet our initial expectations .

sudo tcpdump -i any -w telnet-80-reject.pcap host 47.94.129.219 and port 80

To configure iptables Put the port Reset

iptables -I INPUT -p tcp --dport 80  -j REJECT --reject-with tcp-reset

3、TCP Handshake flow chart

In the picture above , Whether client or server , Let's look down , It has to go through all TCP state , They are all displayed very clearly . I interpret this process as follows ：

SYN_SENT This state , It means that the connection request at that time （SYN package ）, Already from this Windows The server sends out , Try to talk to the remote AD Connect to the domain controller . However, due to the delayed response of the opposite end SYN+ACK message , Then the status of the client connection , Just “ Stop ” stay SYN_SENT state , Can't be converted into ESTABLISHED state .