tcp连接是如何建立的

少年乘勇气，百战过乌孙。这篇文章主要讲述tcp连接是如何建立的相关的知识，希望能为你提供帮助。
This post describes how to see TCP connection establishment and termination as packets using tcpdump on linux.
Preparing
Install following commands on your linux.

tcpdump
nc
telnet
netstat

See TCP connection establishment 1. start TCP serverStart TCP server using nc command with l,k option.
$ nc -lk 12345
Open a Listening port on Linux
Open another terminal and verify 12345 port is listening using netstat command.
$ netstat -anp | grep 12345
tcp000.0.0.0:123450.0.0.0:*LISTEN< PID> /nc
2. start TCP client and establish connectionStart TCP client using telnet to establish TCP connection with TCP server of step 1.
$ telnet 127.0.0.1 12345
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is ^].
Open another terminal and verify nc process and telnet are establishing connection using netstat command.
5 ways to Check a remote port is open in Linux
$ netstat -anp | grep 12345
tcp00 0.0.0.0:123450.0.0.0:*LISTEN< PID> /nc
tcp00 127.0.0.1:< port> 127.0.0.1:12345ESTABLISHED < PID> /telnet
tcp00 127.0.0.1:12345127.0.0.1:< port> ESTABLISHED < PID> /nc
Terminate TCP client with type " Ctrl+[" and " quit" on telnet. Then Connection is close.
$ telnet 127.0.0.1 12345
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is ^].
^]
telnet> quit
Connection closed.
$
Its ready to see TCP connection establishment with tcpdump.
3. See TCP 3-Way Handshake as TCP connection establishmentVerify TCP server that start at step 1 listen 12345 port.
$ netstat -anp | grep 12345
tcp000.0.0.0:123450.0.0.0:*LISTEN< PID> /nc
Perform tcpdump with specify local interface and port 12345 as follows.
$ sudo tcpdump -i lo -nnn port 12345
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
Start TCP client using telnet to establish TCP connection with TCP server of step 1.
$ telnet 127.0.0.1 12345
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is ^].
Tcpdump: Filter Packets By Port
Verify tcpdump output as follows.
HH:mm:ss.SSSSSS IP 127.0.0.1.< port> > 127.0.0.1.12345:Flags [S], seq ...
HH:mm:ss.SSSSSS IP 127.0.0.1.12345> 127.0.0.1.< port> : Flags [S.], seq ...
HH:mm:ss.SSSSSS IP 127.0.0.1.< port> > 127.0.0.1.12345:Flags [.], ack ...
The format is as follows
timestamp IP source IP.port destination > IP.port: flags
First line means a SYN packet as " [S]" flag that telnet sent to TCP server.
Second line means SYN + ACK packet as " [S.]" flag that TCP server sent to telnet.
Third line means ACK packet as " [.]" flag that TCP server sent to telnet.
Exploring Tcpdump Filters with Examples
Understanding TCP Socket With Examples
See TCP connection terminationOpen another terminal and verify nc process and telnet are establishing connection using netstat command.
$ netstat -anp | grep 12345
tcp00 0.0.0.0:123450.0.0.0:*LISTEN< PID> /nc
tcp00 127.0.0.1:< port> 127.0.0.1:12345ESTABLISHED < PID> /telnet
tcp00 127.0.0.1:12345127.0.0.1:< port> ESTABLISHED < PID> /nc
3. See terminate TCP connection establishmentKeep tcpdump, and terminate TCP client with type " Ctrl+[" and " quit" on telnet. Then Connection is close.
$ telnet 127.0.0.1 12345
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is ^].
^]
telnet> quit
Connection closed.
$
Verify tcpdump output as follows.
Understanding TCP Flags SYN ACK RST FIN URG PSH
HH:mm:ss.SSSSSS IP 127.0.0.1.< port> > 127.0.0.1.12345:Flags [F.], seq 1,
HH:mm:ss.SSSSSS IP 127.0.0.1.12345> 127.0.0.1.< port> : Flags [F.], seq 1,
HH:mm:ss.SSSSSS IP 127.0.0.1.< port> > 127.0.0.1.12345:Flags [.], ack 2,
First line means a FIN packet as " [F]" flag that telnet sent to TCP server.
Second line means FIN + ACK packet as " [F.]" flag that TCP server sent to telnet.
Third line means ACK packet as " [.]" flag that TCP server sent to telnet.
【tcp连接是如何建立的】Tcpdump: Filter Packets with Tcp Flags
Understanding TCP Connection with Examples
Understanding TCP Sequence Number with Examples