Before you understand TCP, first understand a few commands: Linux view tcp status command: 1), netstat -nat View the number of TCP status 2), lsof -i:port can detect the status of opening the socket 3), sar -n SOCK View the number of connections created by tcp 4), tcpdump - iany tcp port 9000 captures the tcp port 9000 Common commands for network testing; 1) ping: Check whether the network connection is normal or not, mainly testing delay, jitter, and packet loss rate. However, many servers generally turn off the response to ping in order to prevent attacks. So ping is generally used as a test connectivity. After the ping command, it will receive the feedback information sent by the other party, which records the IP address and TTL of the other party. TTL is the maximum number of segments allowed in this field before the IP packet is discarded by the router. The TTL is an 8-bit field of the IPv4 header. For example, if the IP packet is sent in the server, the TTL set is 64. After you use the ping command, you can get the feedback information from the server. The TTL is 56, indicating that the router has been forwarded by 8 routers. After each route, the TTL is reduced. 1. 2) traceroute:raceroute Tracks the routing tool that the packet passes through to the network host. Traceroute hostname 3) pathping: is a route tracking tool that combines the functions of the ping and tracert commands with other information not provided by the two tools, combining the functions of the two. Pathping 4) mtr: combined with ping nslookup tracert to determine the relevant characteristics of the network 5) nslookup: used to resolve domain names, generally used to detect whether the DNS settings of this machine are configured correctly. LISTENING: Listens for connection requests from remote TCP ports. First, the server needs to open a socket for monitoring, and the status is LISTEN. There is a certain service to be in the LISTENING state. The TCP state change is the state change of a certain port. To provide a service, a port is opened. For example, the default service provided by the www service is port 80, and the default port for providing ftp service is 21 When the provided service is not connected, it is in the LISTENING state. The FTP service is first in the LISTENING state after it is started. While listening to the LISTENING state, the port is open, waiting for a connection, but has not yet been connected. Just like the door of your house is already open, but no one has come in yet. The main thing to look at the LISTENING state is to see which ports are opened by the machine. Which ports are open for these ports. Turning off unnecessary ports is a very important aspect to ensure security. The service ports correspond to one service (application). Stop the service and stop the port. For example, to shut down port 21, just stop the FTP service in the IIS service. Please refer to other articles for this knowledge. If you are unfortunately in the Trojan of the service port, the Trojan also opens a port in the LISTENING state. SYN-SENT: Client SYN_SENT status: Waiting for a matching connection request after sending the connection request: The client invokes connect via the application to perform acTIve open. Then the client tcp sends a SYN to request to establish a connection. The status is then set to SYN_SENT. /*The socket is acTIvely attempTIng to establish a connecTIon. Waiting for a matching connection request after sending a connection request*/ When requesting a connection, the client first sends a synchronization signal to the machine to be accessed. At this time, the state is SYN_SENT. If the connection is successful, it becomes ESTABLISHED. Under normal circumstances, the SYN_SENT state is very short. For example, to access the website http://, if it is a normal connection, using TCPView to observe the connection established by IEXPLORE.EXE (IE) will find that it changes from SYN_SENT to ESTABLISHED very quickly, indicating that the connection is successful. The SYN_SENT state may not be visible. If you find that there are many SYN_SENTs, there are usually several situations. First, the website you want to visit does not exist or the line is not good. Second, the machine that scans a network segment with scanning software will also have a lot of SYN_SENT. There may be a virus, for example, a "shock wave", when the virus will scan other machines, there will be a lot of SYN_SENT. SYN-RECEIVED: Server side state SYN_RCVD Waiting for the other party to confirm the connection request after receiving and sending a connection request When the server receives the synchronization signal sent by the client, the flag bits ACK and SYN are set to 1 and the server is in the SYN_RCVD state. If the connection is successful, it becomes ESTABLISHED. Under normal circumstances, the SYN_RCVD state is very short. If you find a lot of SYN_RCVD status, your machine may be attacked by SYN Flood's DoS (Denial of Service Attack). The attack principle of SYN Flood is: When the three-way handshake is performed, the attack software sends a SYN connection request (the first step of the handshake) to the attacked server, but the address is forged. For example, the attack software randomly forges the addresses 51.133.163.104, 65.158.99.152, and so on. When the server receives the connection request, it sends the flag bits ACK and SYN to the client (the second step of the handshake), but the IP addresses of these clients are forged, and the server cannot find the client at all, that is, the handshake The third step cannot be completed. In this case, the server will generally retry (send SYN+ACK to the client again) and wait for a period of time to discard the unfinished connection. The length of this time is called SYN Timeout. Generally speaking, this time is minute. Order of magnitude (approximately 30 seconds - 2 minutes); a user exception causes a thread of the server to wait for 1 minute is not a big problem, but if a malicious attacker simulates this situation in large numbers, the server will Maintaining a very large semi-join list consumes a lot of resources -- tens of thousands of semi-joins, even a simple save and traversal will consume a lot of CPU time and memory, not to mention this The IP in the list performs a retry of SYN+ACK. At this point, from the perspective of the normal customer, the server loses its response. In this case, we call it: the server is attacked by SYN Flood (SYN flood attack). ESTABLISHED: Represents an open connection. The ESTABLISHED state indicates that two machines are transmitting data. The most important thing to observe in this state is to see which program is in the ESTABLISHED state. The server has a lot of ESTABLISHED status: netstat -nat |grep 9502 or can be detected using lsof -i:9502. When the client does not actively close, it disconnects: the FIN sent by the client is lost or not sent. At this time, if the FIN packet is sent when the client disconnects, the server will be in the CLOSE_WAIT state; At this time, if the FIN packet is not sent when the client disconnects, the ESTABLISHED state is still displayed at the server; As a result, the client reconnects to the server. The newly connected client (that is, just disconnected and reconnected) is definitely ESTABLISHED on the server side; if the client repeats this situation, the server will have a large number of fake ESTABLISHED connections and CLOSE_WAIT. connection. The end result is that the new other client can't connect, but using netstat, you can still see that a connection has been established and display ESTABLISHED, but you can't enter the program code at all times. FIN-WAIT-1: Waiting for a remote TCP connection interrupt request, or confirmation of a previous connection interrupt request The active close application calls close, so its TCP sends a FIN request to actively close the connection, and then enters the FIN_WAIT1 state. /* The socket is closed, and the connection is shutting down. Waiting for a remote TCP connection interrupt request, or confirmation of a previous connection interrupt request*/ If the server appears to be shut down and then restarted, use netstat -nat to view, you will see a lot of FIN-WAIT-1 status. It is because the server currently has many client connections, and after receiving the server directly, it cannot receive the ACK of the client. FIN-WAIT-2: Waiting for a connection interrupt request from a remote TCP After the active shutdown terminal receives the ACK, it enters FIN-WAIT-2. /* Connection is closed, and the socket is waiting for a shutdown from the remote end. Waiting for a connection interrupt request from remote TCP*/ This is the famous half-closed state, which is the state after the client and server shake hands twice when the connection is closed. In this state, the application also has the ability to accept data, but has been unable to send data, but there is also a possibility that the client has been in the FIN_WAIT_2 state, and the server has been in the WAIT_CLOSE state until the application layer decides to close this. status. CLOSE-WAIT: Waiting for a connection interrupt request from a local user After the passive close TCP is connected to the FIN, it sends an ACK in response to the FIN request (its reception is also passed to the upper application as a file terminator) and enters CLOSE_WAIT. /* The remote end has shut down, waiting For the socket to close. Waiting for a connection interrupt request from a local user*/ CLOSING: Waiting for remote TCP to confirm the connection interruption Less common. /* Both sockets are shut down but we still don't have all our data sent. Waiting for remote TCP to confirm the connection interruption */ LAST-ACK: Wait for confirmation of the original connection interrupt request sent to the remote TCP After a period of passive shutdown, the application that receives the end-of-file will call CLOSE to close the connection. This causes its TCP to also send a FIN, waiting for the other party's ACK. It enters LAST-ACK. /* The remote end has shut down, and the socket is closed. Waiting for acknowledgement. Waiting for the confirmation of the connection interruption request originally sent to the remote TCP*/ When using the concurrent stress test, the stress test client is suddenly disconnected and the server sees a lot of LAST-ACK. TIME-WAIT: Wait for enough time to ensure that remote TCP receives a confirmation of the connection interrupt request After receiving the FIN at the active close, TCP sends an ACK packet and enters the TIME-WAIT state. /* The socket is waiting after close to handle packets still in the network. Waiting for enough time to ensure that the remote TCP receives a confirmation of the connection interruption request*/ TIME_WAIT wait state, this state is also called 2MSL state. It means that after TIME_WAIT2 sends the last ACK datagram, it needs to enter TIME_WAIT state. This state is prepared to prevent the datagram of the last handshake from being transmitted to the other party. This is not a four-way handshake, this is the insurance status of the fourth handshake). This state largely guarantees that both sides can end normally, but the problem is also coming. Due to the 2MSL state of the socket (the socket is the meaning of the IP and port pair, socket), the application can not use the same socket again in 2MSL time, it is better for the client program, but for the service program, such as httpd, it Always use the same port for service, and within 2MSL, there will be an error starting httpd (the socket is used). In order to avoid this error, the server gives a concept of calm time, which means that in the 2MSL time, although the server can be restarted, the server still has to wait for the 2MSL time to proceed to the next connection. CLOSED: There is no connection status After receiving the ACK packet, the passive shutdown terminal enters the closed state. The connection ends. /* The socket is not being used. No connection status*/
Thermal Overload Relays are protective devices used for overload protection of electric motors or other electrical equipment and electrical circuits,It consists of heating elements, bimetals,contacts and a set of transmission and adjustment mechanisms.
Our Thermal Overload Relays had been divided into five series(as follow),with good quality and most competitive price,had exported into global market for many years:
LR1-D New Thermal Relay
The working principle of the thermal relay is that the current flowing into the heating element generates heat, and the bimetal having different expansion coefficients is deformed. When the deformation reaches a certain distance, the link is pushed to break the control circuit, thereby making the contactor Loss of power, the main circuit is disconnected, to achieve overload protection of the motor.
Thermal Overload Relay,Telemecanique Overload Relay,Thermal Digital Overload Relay,Telemecanique Model Thermal Relay Ningbo Bond Industrial Electric Co., Ltd. , https://www.bondelectro.com
LR2-D Thermal Relay
LR-D New Thermal Relay
LR9-F Thermal Relay
Intermediate Relay
As an overload protection component of the motor, the thermal relay has been widely used in production due to its small size, simple structure and low cost.
Tcp connection broken chain analysis
TCP common commands