门户网站排行榜,微信网页版登录手机版下载,wordpress菜单调用标签,超简单做网站软件#x1f30a; TCP三次握手与四次挥手全解析#xff08;含序列号动态追踪#xff09;#x1f511; TCP 协议核心机制
序列号 (seq)#xff1a;数据字节流的唯一标识#xff08;32位循环计数器#xff09;确认号 (ack)#xff1a;期望接收的下一个序列号#xff08;ack … TCP三次握手与四次挥手全解析含序列号动态追踪TCP 协议核心机制
序列号 (seq)数据字节流的唯一标识32位循环计数器确认号 (ack)期望接收的下一个序列号ack 接收方seq 1标志位SYN建立连接、ACK确认、FIN关闭连接️ 三次握手详解连接建立
#mermaid-svg-BNTw4xvvPjygjogI {font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;fill:#333;}#mermaid-svg-BNTw4xvvPjygjogI .error-icon{fill:#552222;}#mermaid-svg-BNTw4xvvPjygjogI .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-BNTw4xvvPjygjogI .edge-thickness-normal{stroke-width:2px;}#mermaid-svg-BNTw4xvvPjygjogI .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-BNTw4xvvPjygjogI .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-BNTw4xvvPjygjogI .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-BNTw4xvvPjygjogI .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-BNTw4xvvPjygjogI .marker{fill:#333333;stroke:#333333;}#mermaid-svg-BNTw4xvvPjygjogI .marker.cross{stroke:#333333;}#mermaid-svg-BNTw4xvvPjygjogI svg{font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-BNTw4xvvPjygjogI .actor{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-BNTw4xvvPjygjogI text.actortspan{fill:black;stroke:none;}#mermaid-svg-BNTw4xvvPjygjogI .actor-line{stroke:grey;}#mermaid-svg-BNTw4xvvPjygjogI .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333;}#mermaid-svg-BNTw4xvvPjygjogI .messageLine1{stroke-width:1.5;stroke-dasharray:2,2;stroke:#333;}#mermaid-svg-BNTw4xvvPjygjogI #arrowhead path{fill:#333;stroke:#333;}#mermaid-svg-BNTw4xvvPjygjogI .sequenceNumber{fill:white;}#mermaid-svg-BNTw4xvvPjygjogI #sequencenumber{fill:#333;}#mermaid-svg-BNTw4xvvPjygjogI #crosshead path{fill:#333;stroke:#333;}#mermaid-svg-BNTw4xvvPjygjogI .messageText{fill:#333;stroke:#333;}#mermaid-svg-BNTw4xvvPjygjogI .labelBox{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-BNTw4xvvPjygjogI .labelText,#mermaid-svg-BNTw4xvvPjygjogI .labelTexttspan{fill:black;stroke:none;}#mermaid-svg-BNTw4xvvPjygjogI .loopText,#mermaid-svg-BNTw4xvvPjygjogI .loopTexttspan{fill:black;stroke:none;}#mermaid-svg-BNTw4xvvPjygjogI .loopLine{stroke-width:2px;stroke-dasharray:2,2;stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#mermaid-svg-BNTw4xvvPjygjogI .note{stroke:#aaaa33;fill:#fff5ad;}#mermaid-svg-BNTw4xvvPjygjogI .noteText,#mermaid-svg-BNTw4xvvPjygjogI .noteTexttspan{fill:black;stroke:none;}#mermaid-svg-BNTw4xvvPjygjogI .activation0{fill:#f4f4f4;stroke:#666;}#mermaid-svg-BNTw4xvvPjygjogI .activation1{fill:#f4f4f4;stroke:#666;}#mermaid-svg-BNTw4xvvPjygjogI .activation2{fill:#f4f4f4;stroke:#666;}#mermaid-svg-BNTw4xvvPjygjogI .actorPopupMenu{position:absolute;}#mermaid-svg-BNTw4xvvPjygjogI .actorPopupMenuPanel{position:absolute;fill:#ECECFF;box-shadow:0px 8px 16px 0px rgba(0,0,0,0.2);filter:drop-shadow(3px 5px 2px rgb(0 0 0 / 0.4));}#mermaid-svg-BNTw4xvvPjygjogI .actor-man line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-BNTw4xvvPjygjogI .actor-man circle,#mermaid-svg-BNTw4xvvPjygjogI line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;stroke-width:2px;}#mermaid-svg-BNTw4xvvPjygjogI :root{--mermaid-font-family:"trebuchet ms",verdana,arial,sans-serif;}ClientServerSYN1, seqX (随机生成)状态: SYN_SENTSYN1, ACK1, seqY, ackX1状态: SYN_RECEIVEDACK1, seqX1, ackY1状态: ESTABLISHED状态: ESTABLISHEDClientServer
序列号变化追踪假设初始序列号Client1000, Server5000步骤方向标志位seq 值ack 值关键说明1C → SSYN11000-客户端随机初始化seq2S → CSYN1,ACK150001001服务端ack客户端seq13C → SACK110015001客户端seq1ack服务端seq1SYN消耗序列号发送SYN会使序列号1SYN标志位占据1字节序列空间四次挥手详解连接释放
#mermaid-svg-2PWOR7y5eA3p0UvK {font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;fill:#333;}#mermaid-svg-2PWOR7y5eA3p0UvK .error-icon{fill:#552222;}#mermaid-svg-2PWOR7y5eA3p0UvK .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-2PWOR7y5eA3p0UvK .edge-thickness-normal{stroke-width:2px;}#mermaid-svg-2PWOR7y5eA3p0UvK .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-2PWOR7y5eA3p0UvK .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-2PWOR7y5eA3p0UvK .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-2PWOR7y5eA3p0UvK .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-2PWOR7y5eA3p0UvK .marker{fill:#333333;stroke:#333333;}#mermaid-svg-2PWOR7y5eA3p0UvK .marker.cross{stroke:#333333;}#mermaid-svg-2PWOR7y5eA3p0UvK svg{font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-2PWOR7y5eA3p0UvK .actor{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-2PWOR7y5eA3p0UvK text.actortspan{fill:black;stroke:none;}#mermaid-svg-2PWOR7y5eA3p0UvK .actor-line{stroke:grey;}#mermaid-svg-2PWOR7y5eA3p0UvK .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333;}#mermaid-svg-2PWOR7y5eA3p0UvK .messageLine1{stroke-width:1.5;stroke-dasharray:2,2;stroke:#333;}#mermaid-svg-2PWOR7y5eA3p0UvK #arrowhead path{fill:#333;stroke:#333;}#mermaid-svg-2PWOR7y5eA3p0UvK .sequenceNumber{fill:white;}#mermaid-svg-2PWOR7y5eA3p0UvK #sequencenumber{fill:#333;}#mermaid-svg-2PWOR7y5eA3p0UvK #crosshead path{fill:#333;stroke:#333;}#mermaid-svg-2PWOR7y5eA3p0UvK .messageText{fill:#333;stroke:#333;}#mermaid-svg-2PWOR7y5eA3p0UvK .labelBox{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-2PWOR7y5eA3p0UvK .labelText,#mermaid-svg-2PWOR7y5eA3p0UvK .labelTexttspan{fill:black;stroke:none;}#mermaid-svg-2PWOR7y5eA3p0UvK .loopText,#mermaid-svg-2PWOR7y5eA3p0UvK .loopTexttspan{fill:black;stroke:none;}#mermaid-svg-2PWOR7y5eA3p0UvK .loopLine{stroke-width:2px;stroke-dasharray:2,2;stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#mermaid-svg-2PWOR7y5eA3p0UvK .note{stroke:#aaaa33;fill:#fff5ad;}#mermaid-svg-2PWOR7y5eA3p0UvK .noteText,#mermaid-svg-2PWOR7y5eA3p0UvK .noteTexttspan{fill:black;stroke:none;}#mermaid-svg-2PWOR7y5eA3p0UvK .activation0{fill:#f4f4f4;stroke:#666;}#mermaid-svg-2PWOR7y5eA3p0UvK .activation1{fill:#f4f4f4;stroke:#666;}#mermaid-svg-2PWOR7y5eA3p0UvK .activation2{fill:#f4f4f4;stroke:#666;}#mermaid-svg-2PWOR7y5eA3p0UvK .actorPopupMenu{position:absolute;}#mermaid-svg-2PWOR7y5eA3p0UvK .actorPopupMenuPanel{position:absolute;fill:#ECECFF;box-shadow:0px 8px 16px 0px rgba(0,0,0,0.2);filter:drop-shadow(3px 5px 2px rgb(0 0 0 / 0.4));}#mermaid-svg-2PWOR7y5eA3p0UvK .actor-man line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-2PWOR7y5eA3p0UvK .actor-man circle,#mermaid-svg-2PWOR7y5eA3p0UvK line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;stroke-width:2px;}#mermaid-svg-2PWOR7y5eA3p0UvK :root{--mermaid-font-family:"trebuchet ms",verdana,arial,sans-serif;}ClientServerFIN1, seqU状态: FIN_WAIT_1ACK1, seqV, ackU1状态: CLOSE_WAIT状态: FIN_WAIT_2FIN1, ACK1, seqW, ackU1状态: LAST_ACKACK1, seqU1, ackW1状态: TIME_WAIT (2MSL)状态: CLOSEDClientServer
序列号变化追踪通信结束时Client seq8000, Server seq12000步骤方向标志位seq 值ack 值状态变化1C → SFIN18000-Client: ESTAB→FIN_WAIT_12S → CACK1120008001Server: ESTAB→CLOSE_WAIT Client: FIN_WAIT_1→FIN_WAIT_23S → CFIN1,ACK1120018001Server: CLOSE_WAIT→LAST_ACK4C → SACK1800112002Client: FIN_WAIT_2→TIME_WAIT Server: CLOSED 等待2MSL后Client关闭
⚠️ 序列号递增规则
FIN标志位消耗1序列号与SYN相同发送数据时seq增加 数据字节数发送控制位seq增加 标志位数量关键机制深度解析
1. 初始序列号 (ISN) 的随机性
生成算法ISN (计时器 × 加密因子) mod 2³²
现代系统使用安全随机数生成目的防止前序连接的报文混淆旧连接相同端口复用
2. TIME_WAIT 状态2MSL等待
// Linux内核参数配置
net.ipv4.tcp_fin_timeout 60 // 控制TIME_WAIT持续时间
net.ipv4.tcp_max_tw_buckets 18000 // 最大TIME_WAIT连接数MSL定义Max Segment Lifetime报文最大生存时间通常30秒2MSL 60秒保证网络中残余报文消亡
3. 半关闭状态Half-Close
当一方发送FIN后进入半关闭状态
4. 序列号回绕处理
32位序列号在高速网络中可能溢出10Gbps≈1.2GB/s
// Linux内核序列号比较函数
static inline bool tcp_before_seq(u32 seq1, u32 seq2) {return (s32)(seq1 - seq2) 0;
}
// 处理示例
// seq10xFFFFFF00, seq20x00000010 → 判断seq1 seq2溢出场景⚠️ 高频面试问题为什么是三次握手阻止历史重复连接初始化防止旧SYN干扰新连接为什么需要TIME_WAIT状态确保被动关闭方能收到最终ACK防止LAST_ACK超时重传FIN服务器如何应对大量TIME_WAIT
# 内核优化命令
echo 1 /proc/sys/net/ipv4/tcp_tw_reuse # 重用TIME_WAIT连接
echo 1 /proc/sys/net/ipv4/tcp_tw_recycle # 快速回收慎用握手时的序列号为什么随机避免TCP序列号预测攻击如IP欺骗攻击为什么挥手是四次而不是三次TCP连接允许单向关闭半关闭状态需要独立确认双向关闭
