This is a TCP packet captured by someone else, and you can see the entire process. This is the key point.
I just explained it with a diagram. Use Wireshark to capture a packet and perform detailed analysis.
This packet was captured and then filtered. Look at the final stage, a connection is about to be released. Here is the first packet:
Wasn’t it supposed to be just a FIN? Why is it a packet here?
Double-click to take a look:
The TCP packet is a reliable protocol. Every packet sent needs to be acknowledged, each packet sent has an ACK packet. This means that every packet sent must be confirmed.
So the first packet, ACK is marked, which actually confirms the previous packet’s data.
TCP is a conventional protocol where each packet must be acknowledged.
Only the ACK bit is marked, other bits are not marked because this is just an acknowledgment message.
The sequence number of the ACK packet is 952 because the client sent a packet wanting the next packet’s sequence number to be 952 (acknowledgment number is 952).
Send another packet, indicating I also want to release the connection.
The sequence number and acknowledgment number are the same as the ACK packet.
Because it is still sent by the server, the acknowledgment number and sequence number are the same.
The client also sent an ACK packet. The ACK number of this packet equals the sequence number of the previous packet (seq=5002) plus 1, which is 5003.
This is a packet captured by someone else, meaning the same thing.
Here, Wireshark is used to capture packets for everyone to see the four-way handshake process in detail. Packet —> Packet —> Packet —> Packet.
After that, the TCP connection is gone.
This is a TCP packet captured by someone else, and you can see the entire process. This is the key point.
After the three-way handshake, an HTTPS connection is initiated. Regular data packets are sent in the middle until the client finishes sending data packets, and the client initiates a packet to begin the four-way handshake until the connection ends.
The content above is organized from packet captures. There are some differences between two packet captures, but the technical content written in the images is accurate. The last complete image showing the entire process is the technical focus of this article. When learning, one should be flexible and not rigidly copy.
Except for the specified images, all other images in the article are drawn by myself. The computer knowledge is the same; any similarity is purely coincidental.