web协议与抓包实战第五章笔记

tcp/Web 协议详解与抓包实战/5、TCP协议.md

@@ -0,0 +1,437 @@
+> [TOC]
+
+# 1、TCP 历史及其设计哲学
+
+## 1.1、TCP/IP 的前身 ARPA：NCP 协议
+
+![image-20220819103419076](assets/image-20220819103419076.png)
+
+## 1.2、TCP/IP 协议发展
+
+![image-20220819103534060](assets/image-20220819103534060.png)
+
+## 1.3、TCPv4 协议分层后的互联网世界
+
+![image-20220819103643226](assets/image-20220819103643226.png)
+
+## 1.4、TCP/IP 的七个设计理念
+
+![image-20220819103731990](assets/image-20220819103731990.png)
+
+# 2、TCP 解决了哪些问题？
+
+## 2.1、TCP 的作用
+
+![image-20220819103925515](assets/image-20220819103925515.png)
+
+## 2.2、TCP协议的分层
+
+![image-20220819104250668](assets/image-20220819104250668.png)
+
+## 2.3、报文头部
+
+![image-20220819104444880](assets/image-20220819104444880.png)
+
+![image-20220819104539556](assets/image-20220819104539556.png)
+
+## 2.4、TCP 协议特点
+
+![image-20220819104557349](assets/image-20220819104557349.png)
+
+# 3、TCP 报文格式
+
+## 3.1、消息传输的核心要素
+
+![image-20220819104907273](assets/image-20220819104907273.png)
+
+## 3.2、IP头部
+
+![image-20220819105028413](assets/image-20220819105028413.png)
+
+![image-20220819105414479](assets/image-20220819105414479.png)
+
+## 3.3、UDP 头部
+
+![image-20220819105049681](assets/image-20220819105049681.png)
+
+![image-20220819105434419](assets/image-20220819105434419.png)
+
+## 3.4、TCP 协议的任务
+
+![image-20220819105137234](assets/image-20220819105137234.png)
+
+## 3.5、如何标识一个连接？
+
+![image-20220819105206106](assets/image-20220819105206106.png)
+
+## 3.6、TCP Segment 报文段
+
+![image-20220819105254952](assets/image-20220819105254952.png)
+
+![image-20220819105355131](assets/image-20220819105355131.png)
+
+* options选项
+
+![image-20220819105532495](assets/image-20220819105532495.png)
+
+# 4、三次握手建立连接
+
+## 4.1、握手的目标
+
+![image-20220819105816744](assets/image-20220819105816744.png)
+
+## 4.2、三次握手
+
+![image-20220819110855076](assets/image-20220819110855076.png)
+
+## 4.3、报文格式
+
+![image-20220819110950677](assets/image-20220819110950677.png)
+
+![image-20220819111000165](assets/image-20220819111000165.png)
+
+![image-20220819111006994](assets/image-20220819111006994.png)
+
+# 5、三次握手状态变迁
+
+## 5.1、三次握手流程
+
+![image-20220819112615675](assets/image-20220819112615675.png)
+
+## 5.3、netstat 命令查看TCP 状态
+
+![image-20220819112843131](assets/image-20220819112843131.png)
+
+## 5.2、两端同时发送SYN：双方使用固定源端口且同时建连接
+
+![image-20220819112853238](assets/image-20220819112853238.png)
+
+# 6、三次握手中的性能优化与安全问题
+
+## 6.1、服务器三次握手流程示例
+
+![image-20220819121223337](assets/image-20220819121223337.png)
+
+## 6.2、超时时间与缓冲队列（调整SYN队列大小）
+
+![image-20220819121317717](assets/image-20220819121317717.png)
+
+## 6.3、Fast Open 降低时延
+
+![image-20220819121417253](assets/image-20220819121417253.png)
+
+![image-20220819121444425](assets/image-20220819121444425.png)
+
+## 6.4、如何应对 SYN 攻击？
+
+![image-20220819121503161](assets/image-20220819121503161.png)
+
+![image-20220819121549058](assets/image-20220819121549058.png)
+
+## 6.5、TCP_DEFER_ACCEPT
+
+* 直到收到data分组再激活nginx功能
+
+![image-20220819121648544](assets/image-20220819121648544.png)
+
+# 7、数据传输与MSS 分段
+
+## 7.1、TCP 应用层编程示例
+
+![image-20220819121947777](assets/image-20220819121947777.png)
+
+## 7.2、TCP 流的操作
+
+![image-20220819122002481](assets/image-20220819122002481.png)
+
+![image-20220819122008552](assets/image-20220819122008552.png)
+
+* IP层分层损耗过大
+
+## 7.3、MSS：Max Segment Size（不包含头部大小）
+
+![image-20220819122137556](assets/image-20220819122137556.png)
+
+## 7.4、TCP 握手常用选项
+
+![image-20220819122235037](assets/image-20220819122235037.png)
+
+# 8、重传与确认
+
+## 8.1、报文有可能丢失
+
+![image-20220819122533560](assets/image-20220819122533560.png)
+
+## 8.2、解决方法
+
+![image-20220819122540118](assets/image-20220819122540118.png)
+
+* 串行执行
+* 效率低下
+
+![image-20220819122605119](assets/image-20220819122605119.png)
+
+* 限制发送
+
+## 8.3、存在问题（针对每一个字节）
+
+![image-20220819122719074](assets/image-20220819122719074.png)
+
+![image-20220819122725584](assets/image-20220819122725584.png)
+
+## 8.4、序列号复用
+
+![image-20220819123023018](assets/image-20220819123023018.png)
+
+![image-20220819123042085](assets/image-20220819123042085.png)
+
+* 解决方法：采用时间戳
+
+## 8.5、BDP 网络中的问题
+
+![image-20220819123223221](assets/image-20220819123223221.png)
+
+# 9、RTO 重传定时器的计算
+
+## 9.1、如何测量 RTT？
+
+![image-20220819135413904](assets/image-20220819135413904-16608884542752.png)
+
+![image-20220819135432532](assets/image-20220819135432532.png)
+
+## 9.2、TCB
+
+**Socket包含两部分，一个是IP地址，一个是端口号。**同一个设备可以对应一个IP地址，但不同的管道用不同的端口号区分，于是同一个设备发送给其他不同设备的信息就不会产生混乱。在同一时刻，设备可能会产生多种数据需要分发给不同的设备，为了确保数据能够正确分发，TCP协议用一种叫做**TCB（Transmission Control Block，传输控制块）**的数据结构把发给不同设备的数据封装起来。
+
+## 9.3、RTO（ Retransmission TimeOut ）应当设多大？
+
+![image-20220819140107392](assets/image-20220819140107392.png)
+
+## 9.4、RTO 应当更平滑
+
+![image-20220819140155305](assets/image-20220819140155305.png)
+
+## 9.5、追踪 RTT 方差（linux实际方案）
+
+![image-20220819140302454](assets/image-20220819140302454.png)
+
+# 10、滑动窗口：发送窗口与接收窗口
+
+## 10.1、滑动窗口：发送窗口快照
+
+![image-20220819140426261](assets/image-20220819140426261.png)
+
+## 10.2、可用窗口
+
+![image-20220819140538028](assets/image-20220819140538028.png)
+
+![image-20220819140622055](assets/image-20220819140622055.png)
+
+![image-20220819140633201](assets/image-20220819140633201.png)
+
+## 10.3、发送窗口
+
+![image-20220819140708300](assets/image-20220819140708300.png)
+
+## 10.4、接受窗口
+
+![image-20220819140804930](assets/image-20220819140804930.png)
+
+# 11、窗口的滑动与流量控制
+
+## 11.1、示例
+
+![image-20220819141127964](assets/image-20220819141127964.png)
+
+## 11.2、客户端消息的发送
+
+![image-20220819142823430](assets/image-20220819142823430.png)
+
+## 11.3、服务器消息的发送
+
+![image-20220819142838668](assets/image-20220819142838668.png)
+
+# 12、操作系统缓冲区与滑动窗口的关系
+
+## 12.1、窗口与缓存
+
+![image-20220819143103155](assets/image-20220819143103155.png)
+
+## 12.2、收缩窗口导致的丢包
+
+![image-20220819143813603](assets/image-20220819143813603.png)
+
+## 12.3、合适的窗口大小
+
+![image-20220819144026237](assets/image-20220819144026237.png)
+
+## 12.4、Linux下调整接收窗口与应用缓存
+
+![image-20220819144051325](assets/image-20220819144051325.png)
+
+![image-20220819144058827](assets/image-20220819144058827.png)
+
+# 13、如何减少小报文提高网络效率？
+
+## 13.1、SWS(Silly Window syndrome)糊涂窗口综合症
+
+![image-20220819144154909](assets/image-20220819144154909.png)
+
+## 13.2、SWS 避免算法
+
+![image-20220819144329292](assets/image-20220819144329292.png)
+
+* nagle算法等待ACK时候累计小报文
+* 如果报文超过MSS，则不论是否收到ACK，必须立即发送
+
+## 13.3、TCP delayed acknowledgment 延迟确认
+
+![image-20220819144456771](assets/image-20220819144456771.png)
+
+## 13.4、Nagle VS delayed ACK
+
+![image-20220819144632429](assets/image-20220819144632429.png)
+
+# 14、拥塞控制（1）：慢启动
+
+## 14.1、全局思考：拥塞控制
+
+![image-20220819145021860](assets/image-20220819145021860.png)
+
+## 14.2、定义
+
+![image-20220819145141426](assets/image-20220819145141426.png)
+
+* 通告窗口：实际上就是接受窗口
+
+## 14.3、慢启动的初始窗口
+
+![image-20220819145257235](assets/image-20220819145257235.png)
+
+# 15、拥塞控制（2）：拥塞避免
+
+## 15.1、定义
+
+![image-20220819145620822](assets/image-20220819145620822.png)
+
+## 15.2、慢启动与拥塞控制
+
+![image-20220819145739606](assets/image-20220819145739606.png)
+
+# 16、拥塞控制（3）：快速重传与快速恢复
+
+## 16.1、为何会接收到一个失序数据段？
+
+![image-20220819150016060](assets/image-20220819150016060.png)
+
+## 16.2、快速重传（RFC2581）
+
+![image-20220819150139111](assets/image-20220819150139111.png)
+
+## 16.3、注意事项、
+
+![image-20220819150425355](assets/image-20220819150425355.png)
+
+![image-20220819150410274](assets/image-20220819150410274.png)
+
+## 16.4、快速恢复（RFC2581）
+
+![image-20220819150522131](assets/image-20220819150522131.png)
+
+# 17、SACK 与选择性重传算法
+
+## 17.1、仅重传丢失段
+
+![image-20220819151255001](assets/image-20220819151255001.png)
+
+## 17.2、重传所有段
+
+![image-20220819151447238](assets/image-20220819151447238.png)
+
+## 17.3、SACK：TCP Selective Acknowledgment
+
+![image-20220819151508048](assets/image-20220819151508048.png)
+
+![image-20220819151521134](assets/image-20220819151521134.png)
+
+# 18、四次握手关闭连接
+
+## 18.1、关闭连接
+
+![image-20220819151812534](assets/image-20220819151812534.png)
+
+## 18.2、两端同时关闭连接
+
+![image-20220819152208472](assets/image-20220819152208472.png)
+
+## 18.3、TCP 状态机
+
+![image-20220819152233264](assets/image-20220819152233264.png)
+
+# 19、优化关闭连接时的TIME-WAIT状态
+
+## 19.1、TIME-WAIT状态过短或者不存在会怎么样？
+
+![image-20220819152436497](assets/image-20220819152436497.png)
+
+## 19.2、linux下TIME_WAIT优化：tcp_tw_reuse
+
+![image-20220819152636177](assets/image-20220819152636177.png)
+
+## 19.3、TIME_WAIT 优化
+
+![image-20220819152700842](assets/image-20220819152700842.png)
+
+## 19.4、RST 复位报文（直接关闭连接）
+
+![image-20220819152744767](assets/image-20220819152744767.png)
+
+# 20、keepalive 、校验和及带外数据
+
+## 20.1、TCP 的 Keep-Alive 功能
+
+![image-20220819152850211](assets/image-20220819152850211.png)
+
+## 20.2、违反分层原则的校验和
+
+![image-20220819152902603](assets/image-20220819152902603.png)
+
+## 20.3、应用调整 TCP 发送数据的时机
+
+![image-20220819152927259](assets/image-20220819152927259.png)
+
+![image-20220819152935358](assets/image-20220819152935358.png)
+
+# 21、面向字节流的TCP 连接如何多路复用？
+
+## 21.1、Multiplexing 多路复用
+
+![image-20220819153123437](assets/image-20220819153123437.png)
+
+## 21.2、HTTP2：TCP 连接之上的多路复用
+
+![image-20220819153227180](assets/image-20220819153227180.png)
+
+## 21.3、非阻塞 socket：同时处理多个TCP连接
+
+![image-20220819153239936](assets/image-20220819153239936.png)
+
+## 21.4、epoll
+
+![image-20220819153258192](assets/image-20220819153258192.png)
+
+![image-20220819153350185](assets/image-20220819153350185.png)
+
+![image-20220819153403993](assets/image-20220819153403993.png)
+
+# 22、四层负载均衡可以做什么？
+
+![image-20220819153549110](assets/image-20220819153549110.png)
+
+![image-20220819153556558](assets/image-20220819153556558.png)
+
+![image-20220819153605829](assets/image-20220819153605829.png)
+
+![image-20220819153619358](assets/image-20220819153619358.png)
+
+![image-20220819153626455](assets/image-20220819153626455.png)