關於部落格
最會的事 就是這個不會和那個不會此網誌以 轉貼 文章為主
  • 225072

    累積人氣

  • 13

    今日人氣

    2

    追蹤人氣

Windows 2000 TCPWindowSize Registry

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q263/0/88.ASP&NoWebContent=1

Windows 2000 Does Not Use Configured TCPWindowSize Registry Parameter When Accepting a Connection

 

適用於

This article was previously published under Q263088

SYMPTOMS

 

Windows 2000 does not use the configured TCPWindowSize registry parameter when accepting a connection (SYN-ACKing) if you configure the parameter per interface and if the value is equal to or greater than 64240 (it uses a window size of 17520 instead, if you are using Ethernet).

CAUSE

 

The TCP connection accept functionality does not correctly parse the window size if you configure the parameter per interface.

RESOLUTION

 

To resolve this issue, set the TCPWindowSize value globally or use a value smaller than 64240 (this value is a multiple of the Ethernet Maximum Segment Size).

STATUS

 

Microsoft has confirmed this to be a problem in Microsoft Windows 2000.

MORE INFORMATION

 

The TCPWindowSize registry parameter determines the maximum TCP receive window size offered by a computer when establishing a TCP connection. The receive window specifies the number of bytes that a sender can transmit without receiving an acknowledgment.

You can set the TCPWindowSize parameter in either of the following locations in the registry in Windows 2000:

Global:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters

Per interface:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersInterfacesinterface

Although the TCP window size used by the Internet Protocol (IP) stack may not be the same value configured using the TCPWindowSize registry parameter, the value should be obtained by rounding up the TCPWindowSize to a multiple of the Ethernet Maximum Segment Size (MSS), which is 1460 for Ethernet. To use a TCP window size greater than 65535, you need to turn on the Window Scaling option.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

172983 Explanation of the

Three-Way
Handshake via TCP/IP

224829 Description of Windows 2000 TCP Features

The information in this article applies to:

 

*           Microsoft Windows 2000 Server

 

*           Microsoft Windows 2000 Advanced Server

*           Microsoft Windows 2000 Professional

Last Reviewed:

 

11/20/2003 (3.0)

 

Keywords:

 

kbbug kbenv kbnofix kbStack KB263088

 

 

 

 

 

 

172983 Explanation of the

Three-Way
Handshake via TCP/IP

 

http://support.microsoft.com/default.aspx?scid=kb;EN-US;172983

Explanation of the
Three-Way
Handshake via TCP/IP

 

適用於

This article was previously published under Q172983

SUMMARY

 

This article is intended for audiences who are familiar with Transmission Control Protocol/Internet Protocol (TCP/IP) and discusses the process of the TCP three-way handshake that occurs between a client and server when initiating or terminating a TCP connection.

For additional information on TCP/IP, please see the following white paper available on the Microsoft anonymous ftp server:

File Name: Tcpipimp2.doc
Location :
ftp://ftp.microsoft.com/bussys/winnt/winnt-docs/papers/ "Microsoft Windows NT 3.5/3.51/4.0: TCP/IP Implementation Details TCP/IP Protocol Stack and Services, Version 2.0"

MORE INFORMATION

 

The Transmission Control Protocol (TCP) level of the TCP/IP transport protocol is connection-oriented. Connection-oriented means that, before any data can be transmitted, a reliable connection must be obtained and acknowledged. TCP level data transmissions, connection establishment, and connection termination maintain specific control parameters that govern the entire process. The control bits are listed as follows:

URG: Urgent Pointer field significant
ACK: Acknowledgement field significant
PSH: Push Function
RST: Reset the connection
SYN: Synchronize sequence numbers
FIN: No more data from sender

There are two scenarios where a three-way handshake will take place:

*           Establishing a connection (an active open)

*           Terminating a connection (an active close)

The following sample information was obtained from a Network Monitor capture. Network Monitor is a protocol analyzer that can be obtained from Microsoft Systems Management Server.

Establishing a Connection

 

The following sequence shows the process of a TCP connection being established:

Frame 1:

As you see in the first frame, the client, NTW3, sends a SYN segment (TCP ....S.). This is a request to the server to synchronize the sequence numbers. It specifies its initial sequence number (ISN), which is incremented by 1, 8221821+1=8221822, and that is sent to the server. To initialize a connection, the client and server must synchronize each other's sequence numbers. There is also an option for the Maximum Segment Size (MSS) to be set, which is defined by the length (len: 4). This option communicates the maximum segment size the sender wants to receive. The Acknowledgement field (ack: 0) is set to zero because this is the first part of the three-way handshake.

1    2.0785 NTW3 --> BDC3 TCP ....S., len: 4, seq: 8221822-8221825, ack: 0,
win: 8192, src: 1037  dst:  139 (NBT Session)  NTW3 -->  BDC3 IP

 

TCP: ....S., len: 4, seq: 8221822-8221825, ack: 0, win: 8192, src: 1037
dst:  139 (NBT Session)

 

   TCP:

Source
Port

= 0x040D
   TCP:

Destination
Port

= NETBIOS Session Service
   TCP: Sequence Number = 8221822 (0x7D747E)
   TCP: Acknowledgement Number = 0 (0x0)
   TCP: Data Offset = 24 (0x18)
   TCP: Reserved = 0 (0x0000)
   TCP: Flags = 0x02 : ....S.

 

      TCP: ..0..... = No urgent data
      TCP: ...0.... = Acknowledgement field not significant
      TCP: ....0... = No Push function
      TCP: .....0.. = No Reset
      TCP: ......1. = Synchronize sequence numbers
      TCP: .......0 = No Fin

 

   TCP: Window = 8192 (0x2000)
   TCP: Checksum = 0xF213
   TCP: Urgent Pointer = 0 (0x0)
   TCP: Options

 

         TCP: Option Kind (Maximum Segment Size) = 2 (0x2)
         TCP: Option Length = 4 (0x4)
         TCP: Option Value = 1460 (0x5B4)

 

   TCP: Frame Padding

 

00000:  02 60 8C 9E 18 8B 02 60 8C 3B 85 C1 08 00 45 00   .`.....`.;....E.
00010:  00 2C 0D 01 40 00 80 06 E1 4B 83 6B 02 D6 83 6B   .,..@....K.k...k
00020:  02 D3 04 0D 00 8B 00 7D 74 7E 00 00 00 00 60 02   .......}t~....`.
00030:  20 00 F2 13 00 00 02 04 05 B4 20 20                .........
                      

Frame 2:

In the second frame, the server, BDC3, sends an ACK and a SYN on this segment (TCP .A..S.). In this segment the server is acknowledging the request of the client for synchronization. At the same time, the server is also sending its request to the client for synchronization of its sequence numbers. There is one major difference in this segment. The server transmits an acknowledgement number (8221823) to the client. The acknowledgement is just proof to the client that the ACK is specific to the SYN the client initiated. The process of acknowledging the client's request allows the server to increment the client's sequence number by one and uses it as its acknowledgement number.

2   2.0786 BDC3 --> NTW3  TCP .A..S., len: 4, seq: 1109645-1109648, ack:
8221823, win: 8760, src: 139 (NBT Session)  dst: 1037 BDC3 --> NTW3  IP

 

TCP: .A..S., len:    4, seq:   1109645-1109648, ack:   8221823, win: 8760,
src:  139 (NBT Session)  dst: 1037

 

   TCP:

Source
Port

= NETBIOS Session Service
   TCP:

Destination
Port

= 0x040D
   TCP: Sequence Number = 1109645 (0x10EE8D)
   TCP: Acknowledgement Number = 8221823 (0x7D747F)
   TCP: Data Offset = 24 (0x18)
   TCP: Reserved = 0 (0x0000)
   TCP: Flags = 0x12 : .A..S.

 

      TCP: ..0..... = No urgent data
      TCP: ...1.... = Acknowledgement field significant
      TCP: ....0... = No Push function
      TCP: .....0.. = No Reset
      TCP: ......1. = Synchronize sequence numbers
      TCP: .......0 = No Fin

 

   TCP: Window = 8760 (0x2238)
   TCP: Checksum = 0x012D
   TCP: Urgent Pointer = 0 (0x0)
   TCP: Options

 

         TCP: Option Kind (Maximum Segment Size) = 2 (0x2)
         TCP: Option Length = 4 (0x4)
         TCP: Option Value = 1460 (0x5B4)

 

   TCP: Frame Padding

 

00000:  02 60 8C 3B 85 C1 02 60 8C 9E 18 8B 08 00 45 00   .`.;...`......E.
00010:  00 2C 5B 00 40 00 80 06 93 4C 83 6B 02 D3 83 6B   .,[.@....L.k...k
00020:  02 D6 00 8B 04 0D 00 10 EE 8D 00 7D 74 7F 60 12   ...........}t`.
00030:  22 38 01 2D 00 00 02 04 05 B4 20 20               "8.-......
                      

Frame 3:

In the third frame, the client sends an ACK on this segment (TCP .A....). In this segment, the client is acknowledging the request from the server for synchronization. The client uses the same algorithm the server implemented in providing an acknowledgement number. The client's acknowledgment of the server's request for synchronization completes the process of establishing a reliable connection, thus the three-way handshake.

3   2.787 NTW3 --> BDC3  TCP .A...., len: 0, seq: 8221823-8221823, ack:
1109646, win: 8760, src: 1037  dst:  139 (NBT Session)  NTW3 --> BDC3  IP

 

TCP: .A...., len:    0, seq:   8221823-8221823, ack:   1109646, win: 8760,
src: 1037  dst:  139 (NBT Session)

 

   TCP:

Source
Port

= 0x040D
   TCP:

Destination
Port

= NETBIOS Session Service
   TCP: Sequence Number = 8221823 (0x7D747F)
   TCP: Acknowledgement Number = 1109646 (0x10EE8E)
   TCP: Data Offset = 20 (0x14)
   TCP: Reserved = 0 (0x0000)
   TCP: Flags = 0x10 : .A....

 

      TCP: ..0..... = No urgent data
      TCP: ...1.... = Acknowledgement field significant
      TCP: ....0... = No Push function
      TCP: .....0.. = No Reset
      TCP: ......0. = No Synchronize
      TCP: .......0 = No Fin

 

   TCP: Window = 8760 (0x2238)
   TCP: Checksum = 0x18EA
   TCP: Urgent Pointer = 0 (0x0)
   TCP: Frame Padding

 

00000:  02 60 8C 9E 18 8B 02 60 8C 3B 85 C1 08 00 45 00   .`.....`.;....E.
00010:  00 28 0E 01 40 00 80 06 E0 4F 83 6B 02 D6 83 6B   .(..@....O.k...k
00020:  02 D3 04 0D 00 8B 00 7D 74 7F 00 10 EE 8E 50 10   .......}t....P.
00030:  22 38 18 EA 00 00 20 20 20 20 20 20               "8....
                      

Terminating a Connection

 

Although the three-way handshake only requires three packets to be transmitted over our networked media, the termination of this reliable connection will necessitate the transmission of four packets. Because a TCP connection is full duplex (that is, data can be flowing in each direction independent of the other), each direction must be terminated independently.

Frame 4:

In this session of frames, you see the client sending a FIN that is accompanied by an ACK (TCP .A...F). This segment has two basic functions. First, when the FIN parameter is set, it will inform the server that it has no more data to send. Second, the ACK is essential in identifying the specific connection they have established.

4   16.0279 NTW3 --> BDC3 TCP .A...F, len: 0, seq: 8221823-8221823,
ack:3462835714, win: 8760, src: 2337  dst: 139 (NBT Session)  NTW3 --> BDC3
IP

 

TCP: .A...F, len:   0, seq: 8221823-8221823, ack:  1109646, win: 8760, src:
1037  dst:  139 (NBT Session)

 

   TCP:

Source
Port

= 0x040D
   TCP:

Destination
Port

= NETBIOS Session Service
   TCP: Sequence Number = 8221823 (0x7D747F)
   TCP: Acknowledgement Number = 1109646 (0x10EE8E)
   TCP: Data Offset = 20 (0x14)
   TCP: Reserved = 0 (0x0000)
   TCP: Flags = 0x11 : .A...F

 

      TCP: ..0..... = No urgent data
      TCP: ...1.... = Acknowledgement field significant
      TCP: ....0... = No Push function
      TCP: .....0.. = No Reset
      TCP: ......0. = No Synchronize
      TCP: .......1 = No more data from sender

 

   TCP: Window = 8760 (0x2238)
   TCP: Checksum = 0x236C
   TCP: Urgent Pointer = 0 (0x0)

 

00000:  00 20 AF 47 93 58 00 A0 C9 22 F5 39 08 00 45 00   . .G.X...".9..E.
00010:  00 28 9B F5 40 00 80 06 21 4A C0 5E DE 7B C0 5E   .(..@...!J.^.{.^
00020:  DE 57 09 21 05 48 0B 20 96 AC CE 66 AE 02 50 11   .W.!.H. ...f..P.
00030:  22 38 23 6C 00 00                                 "8#l..
                      

Frame 5:

In this frame, you do not see anything special except for the server acknowledging the FIN that was transmitted from the client.

5    16.0281 BDC3 --> NTW3 TCP .A...., len:    0, seq: 1109646-1109646,
ack: 8221824, win:28672, src: 139  dst: 2337 (NBT Session) BDC3 -->  NTW3
IP

 

TCP: .A...., len:    0, seq: 1109646-1109646, ack: 8221824, win:28672, src:
139  dst: 2337 (NBT Session)

 

   TCP:

Source
Port

= 0x040D
   TCP:

Destination
Port

= NETBIOS Session Service
   TCP: Sequence Number = 1109646 (0x10EE8E)
   TCP: Acknowledgement Number = 8221824 (0x7D7480)
   TCP: Data Offset = 20 (0x14)
   TCP: Reserved = 0 (0x0000)
   TCP: Flags = 0x10 : .A....

 

      TCP: ..0..... = No urgent data
      TCP: ...1.... = Acknowledgement field significant
      TCP: ....0... = No Push function
      TCP: .....0.. = No Reset
      TCP: ......0. = No Synchronize
      TCP: .......0 = No Fin

 

   TCP: Window = 28672 (0x7000)
   TCP: Checksum = 0xD5A3
   TCP: Urgent Pointer = 0 (0x0)
   TCP: Frame Padding

 

00000:  00 A0 C9 22 F5 39 08 00 02 03 BA 84 08 00 45 00   ...".9........E.
00010:  00 28 D2 82 00 00 3F 06 6B BD C0 5E DE 57 C0 5E   .(....?.k..^.W.^
00020:  DE 7B 05 48 09 21 CE 66 AE 02 0B 20 96 AD 50 10   .{.H.!.f... ..P.
00030:  70 00 D5 A3 00 00 90 00 01 00 86 00               p...........
                      

Frame 6:

After receiving the FIN from the client computer, the server will ACK. Even though TCP has established connections between the two computers, the connections are still independent of one another. Therefore, the server must also transmit a FIN (TCP .A...F) to the client.

6   17.0085 BDC3 --> NTW3 TCP .A...F, len: 0, seq: 1109646-1109646, ack:
8221824, win:28672, src: 139 dst: 2337 (NBT Session) BDC3 -->  NTW3   IP

 

TCP: .A...F, len:  0, seq: 1109646-1109646, ack: 8221824, win:28672, src:
139  dst: 2337 (NBT Session)

 

   TCP:

Source
Port

= 0x0548
   TCP:

Destination
Port

= 0x0921
   TCP: Sequence Number = 1109646 (0x10EE8E)
   TCP: Acknowledgement Number = 8221824 (0x7D7480)
   TCP: Data Offset = 20 (0x14)
   TCP: Reserved = 0 (0x0000)
   TCP: Flags = 0x11 : .A...F

 

      TCP: ..0..... = No urgent data
      TCP: ...1.... = Acknowledgement field significant
      TCP: ....0... = No Push function
      TCP: .....0.. = No Reset
      TCP: ......0. = No Synchronize
      TCP: .......1 = No more data from sender

 

   TCP: Window = 28672 (0x7000)
   TCP: Checksum = 0xD5A2
   TCP: Urgent Pointer = 0 (0x0)
   TCP: Frame Padding

 

相簿設定
標籤設定
相簿狀態