当前位置:网站首页>TCP connection is more than communicating with TCP protocol
TCP connection is more than communicating with TCP protocol
2022-07-06 17:32:00 【Tang Monk riding white horse】
1、 If the server doesn't want to accept this handshake , What will it do ? There may be several situations :
- Ignore this connection , Just treat it as if nothing has been received , Nothing happened . Such behavior , You could say “ pretend to be ignorant of sth ”.
- Reply , Expressly refuse . It's equivalent to someone reaching over to shake hands , You slap it off , It's really very rigid .
Case one , Because the server has done “ Silent packet loss ”, That is, although I received SYN, But it just discarded , And don't reply to any messages to the client . This also leads to a problem , That is, the client can't distinguish this SYN Which of the following is the case :
- Lost on the network , The server cannot receive , Naturally, there will be no reply ;
- The opposite end received it but didn't reply , That's what I just said “ Silent packet loss ”;
- The opposite end received it and returned it , But this packet was lost in the network .
2、 test
First step , On the server , Execute the following command , Give Way Iptables Silently discard it and send it to yourself 80 The packets on the port :
Iptables -I INPUT -p tcp --dport 80 -j DROP
The second step , Start on the client tcpdump Grab the bag :
sudo tcpdump -i any -w telnet-80.pcap port 80
The third step , Initiate a from the client telnet:
telnet Server side IP 80
telnet That's the reason for the suspension : The handshake request has never been successful . The client has 7 individual SYN The bag was sent out , Or say , Except for the first time SYN, And then there's 6 Retries . The client is certainly not “ A fool ”, So many times , Gave up the connection attempt , Pass the failed message to the user space program , Then is telnet sign out .
TCP If the handshake doesn't respond , The operating system will retry
stay Linux in , This setting is determined by kernel parameters net.ipv4.tcp_syn_retries The control of the , The default value is 6
$ sudo sysctl net.ipv4.tcp_syn_retries
net.ipv4.tcp_syn_retries = 6
REJECT, This should enable the client to exit immediately . Execute the following command , Give Way Iptables Refuse to send to 80 The packets on the port :
Iptables -I INPUT -p tcp --dport 80 -j REJECT
here telnet I will quit immediately
see iptables The rule found that it was automatically supplemented –reject-with icmp-port-unreachable, That is to say, it is practical ICMP The message was replied . Of course , You can also define this action as –reject-with tcp-reset, That would meet our initial expectations .
sudo tcpdump -i any -w telnet-80-reject.pcap host 47.94.129.219 and port 80
To configure iptables Put the port Reset
iptables -I INPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset
3、TCP Handshake flow chart
In the picture above , Whether client or server , Let's look down , It has to go through all TCP state , They are all displayed very clearly . I interpret this process as follows :
SYN_SENT This state , It means that the connection request at that time (SYN package ), Already from this Windows The server sends out , Try to talk to the remote AD Connect to the domain controller . However, due to the delayed response of the opposite end SYN+ACK message , Then the status of the client connection , Just “ Stop ” stay SYN_SENT state , Can't be converted into ESTABLISHED state .
边栏推荐
- [CISCN 2021 华南赛区]rsa Writeup
- Brush questions during summer vacation, ouch ouch
- Koa Middleware
- JVM之垃圾回收器下篇
- Case: check the empty field [annotation + reflection + custom exception]
- JVM垃圾回收概述
- [reverse primary] Unique
- Learn the wisdom of investment Masters
- SQL调优小记
- Akamai talking about risk control principles and Solutions
猜你喜欢
学习投资大师的智慧
Deploy flask project based on LNMP
1. Introduction to JVM
虚拟机启动提示Probing EDD (edd=off to disable)错误
自动化运维利器ansible基础
03 products and promotion developed by individuals - plan service configurator v3.0
yarn : 无法加载文件 D:\ProgramFiles\nodejs\yarn.ps1,因为在此系统上禁止运行脚本
Set up the flutter environment pit collection
Compile homework after class
Application service configurator (regular, database backup, file backup, remote backup)
随机推荐
Start job: operation returned an invalid status code 'badrequst' or 'forbidden‘
03 products and promotion developed by individuals - plan service configurator v3.0
Only learning C can live up to expectations Top1 environment configuration
Deploy flask project based on LNMP
华为认证云计算HICA
Flink 解析(一):基础概念解析
数据仓库建模使用的模型以及分层介绍
Redis installation on centos7
JVM运行时数据区之程序计数器
Flink源码解读(一):StreamGraph源码解读
MySQL Advanced (index, view, stored procedures, functions, Change password)
Redis quick start
C#WinForm中的dataGridView滚动条定位
Brush questions during summer vacation, ouch ouch
February database ranking: how long can Oracle remain the first?
Flink 解析(二):反压机制解析
07 personal R & D products and promotion - human resources information management system
How does wechat prevent withdrawal come true?
JVM class loading subsystem
吴军三部曲见识(五) 拒绝伪工作者