![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/96100a76723949d5298ef3997d4e9bd9.png)
参数信息
SYN: Messages that have SYN flag set represent the first step of the three-way handshake, meaning they initiate the connection.
ACK: In combination with the acknowledgment number, the ACK flag acknowledges the receipt of TCP packets. If the flag is not set, the confirmation number is also invalid.
Sequence number (32 bits): The sequence number specifies the first byte of attached payload data or is sent when the connection is established or terminated. It is also used for validating and sorting the segments after transmission.
Acknowledgment number (32 bits): This field contains the next sequence number that the sender is expecting. An ACK flag (in the “Flags” field) is a precondition for validity.
握手过程
- 第一次握手:客户端发送联机请求报文(SYN = 1),seq = x (正整数),客户端随即进入syn-sent状态
- 第二次握手:服务器收到客户端请求后,根据SYN = 1,判断出需要创建连接,向客户端发送SYN = 1, ACK = 1,acknowledgment numbe = x + 1 , seq = y 服务器端随机正整数,服务器进入syn-recv状态
- 第三次握手:客户端收到返回后,验证ACK,acknowledgment numbe 等信息,验证通过返回ACK = 1,seq = x+1,ack = y+1,客户端创建连接成功,服务器收到验证后,进入established状态
为什么需要三次握手才能创建连接
- 为了防止已经失效的连接请求报文段突然又传到服务端,因而产生错误 --《计算机网络》
- 为了初始化Sequence number的初始值
首次握手隐患-SYN超时
问题:server收到client的syn后,回复syn-ack时未收到client的的ACK确认,server会不断重试直至超时,linux默认翻倍5次63秒断开连接(1+2+4+8+16+32)—retransmission timeout(RTO)的指数回避策略
当出现syn-floood,攻击时,可以在服务器etc_sysctl中设置
net.ipv4.tcp_syncookies = 1