Hello everyone, I amAms,
Today I will talk about theTCP/IPThree-Way Handshake and Four-Way Teardown Process
Analysis
A virtual connection is established through a three-way handshake.
1. (Client) > [SYN] > (Server)IfClientandServerare communicating. WhenClientwants to communicate withServer,Clientfirst sends aSYN (Synchronize)marked packet toServerto request a connection.Note: A SYNpacket is a TCP packet with only the SYN flag set to1 (refer toTCP header Resources). It is important to recognize that only when theServerreceives theSYN packet sent byClient, can the connection be established; there is no other way. Therefore, if your firewall drops all outgoingSYN packets to the external network interface, you will not be able to allow any external host to actively establish a connection.
2. (Client) < [SYN/ACK] <(Server)Then,Serverreceives theSYN packet fromClient, it will send a confirmation packet for the SYN packet(SYN/ACK) toClient, indicating confirmation of the firstSYN packet and continuing the handshake process.Note: The SYN/ACK packet is a packet with only the SYN and ACK flags set to1.
3. (Client) > [ACK] > (Server)Clientreceives theSYN/ACK packet fromServer, andClientwill send another confirmation packet(ACK) toServerto notifyServerthat the connection has been established. Thus, the three-way handshake is complete, and aTCP connection is established.Note: The ACK packet is a TCP packet with only the ACK flag set to1. It is important to note that once the three-way handshake is complete and the connection is established, every packet in theTCP connection will have theACK bit set.
The four-way teardown is used to close an establishedTCP connection
· (Client) > ACK/FIN > (Server)
· (Client) < ACK < (Server)
· (Client) < ACK/FIN < (Server)
· (Client) > ACK > (Server)
The above process indicates how a browser communicates based on theIP/TCP protocol~If the network suffers aSYN attack, the length value will exceed 800 as shown in the following figure.
SYN attack, do you know?
Do you like it? Remember to like|comment|share
Long press the public account to “pin”
———————————-
News, useful content, original, professional follow “Black and White Path” WeChat: i77169 Huaxia Hacker Alliance we adhere to freedom, free, sharing!
