Three-way handshake

  • TCP provides connection-oriented communication transport. Connection-oriented refers to the preparation work between the two ends before data communication begins.
  • The three-way handshake means that the client and server send three packets to confirm the establishment of a TCP connection. In socket programming, this process is triggered by the client executing connect.

Here’s a flow chart of the three-way handshake (photo courtesy of the web) :

SYN: Synchronize Sequence Numbers

  • For the first handshake, the client sets the SYN bit to 1, randomly generates a SEq =J packet, and sends the packet to the server. The client enters the SYN_SENT state and waits for the server to confirm.
  • On the second handshake, the server receives the packet sent by the client and knows that the client is requesting to establish a connection by identifying bit SYN=1. The server sets both SYN and ACK to 1, ACK =J+1, and randomly generates a seQ =K packet and sends it to the client to confirm the connection request. The server enters the SYN_RCVD (half-open connection) state.
  • For the third handshake, the client receives the packet sent by the server and checks whether ACK is 1 and SEQ is J+1. If yes, the client sets ACK to 1 and ACK =K+1 and sends the packet to the server. The server checks whether ACK is K+1. The server and client enter the ESTABLISHED state and complete the three-way handshake. Then the client and server can start data transmission normally.

Four times to wave

Full Duplex is a term for communication transmission. Communication allows data to be transmitted simultaneously in two directions and is equivalent in capability to the combination of two simplex communication modes. Full-duplex refers to the two-way signal transmission (A→B and B→A) that can be carried out simultaneously (instantaneously). When A→B →A, B→A is instantaneous.

  • To terminate a TCP connection, the client and server need to send a total of four packets to confirm the disconnection. In socket programming, this process is triggered by either the client or the server executing a close.

  • A TCP connection is full-duplex. Therefore, each direction must be closed separately. After completing the data transmission task, one party sends a FIN to terminate the connection in this direction. However, data can still be sent on this TCP connection until a FIN is also sent in that direction. The party that closes first performs an active shutdown, while the other party performs a passive shutdown.

Here’s a flow chart of four waves (photo courtesy of the Internet) :

  • The interrupt end can be either a client or a server.
  • On the first wave, the client sends a FIN=M to close the data transfer from the client to the server and the client enters the FIN_WAIT_1 state. This means “I have no more data to send to you from the client”, but if you have data to send from the server, there is no need to close the connection and continue to send data.
  • For the second wave, after receiving the FIN, the server sends ack=M+1 to tell the client that I have received your request but I am not ready yet. Please continue to wait for my message. In this case, the client enters the FIN_WAIT_2 state and waits for the FIN packet from the server.
  • After the third wave, the server sends a FIN=N packet to the client to tell the client that the data has been sent and that the client is ready to close the connection. The server enters the LAST_ACK state.
  • For the fourth handshake, after receiving the FIN=N packet, the client knows that the connection can be closed. However, the client still does not trust the network because the server does not know that the connection is closed. Therefore, the server sends ack=N+1 and enters the TIME_WAIT state. When the server receives an ACK, it knows it is ready to disconnect. If the client waits for 2MSL and still does not receive a reply, then the server is shut down normally, then the client can also close the connection. Four handshakes were completed.

MSL is the Maximum Segment Lifetime, which indicates the Maximum length of time that a packet exists on the network before being discarded.

The above is the case where one party takes the initiative to close and the other party is passive to close. In practice, active closure will be initiated at the same time.

The diagram below:

Why three handshakes instead of two or four?

  • Three handshakes is the minimum number of guaranteed connections.
  • In the case of two connections, flood attacks cannot be effectively prevented and the number of connections cannot be controlled because there is no half-connection queue. Assume that the current network status is poor, A sends A SYN request to B for connection, and the connection times out due to network congestion. User A resends the SYN. After receiving the SYN, USER B establishes A connection and transmits data. Then, the SYN that was blocked reaches USER B again, and User B thinks that User A wants to establish A connection.

Flood attack, an attack that sends a large number of bogus requests to the target system in a short period of time.

Why four waves?

  • TCP is a full-duplex protocol. When either the sender or the receiver closes the connection and enters the half-duplex state, data can still be sent to the other party.