Interviewer: Tell me about TCP’s three-way handshake and four-way wave

A listed company encountered, interview frequency question. The article tries to use the most concise language to facilitate understanding and memorization.

One, three handshake (link building)

A represents the active linker and B represents the passive linker

1.1 simple point

1. A->B Are you alive?
2. B->A I’m alive, are you?
3. A->B I’m alive, too

1.2 complex

1. A->B Syn(i)
2. B – > A Ack (I + 1), the Syn (k)
3. A->B Ack(k)

1.3 Illustrated Http book interception

1.4 Why three handshakes?

One of the reasons TCP is reliable is that it is linkoriented, meaning that you can’t communicate until a link is established. The purpose of the TCP three-way handshake is to ensure that the client and server can send and receive packets at the same time.

Here’s how to verify send and receive capabilities.

• First handshake: A->B Are you alive?

For B: This handshake confirms that A has the ability to send.

• Second handshake: B->A I’m alive, are you?

For A: This handshake confirms that B has the ability to receive and send. (Received B’s “I am alive” confirmation packet, indicating that B has received A’s data, and B has sent your data)

• Third handshake: A->B I’m alive, too

For B: This handshake confirms A’s reception capability.

1.5 Extension – What is a SYN flood attack?

A SYN flood attack is a DOS attack. It is caused by the attacker sending a large number of SYN requests to the target system. It takes advantage of the TCP defect to send a large number of semi-connection requests, consuming CPU and memory resources.

Two, four wave (disconnection)

A represents the active closing party, and B represents the passive closing party

1.1 simple point

1. A->B I’ve covered everything

2. B->A I’ve heard it all, but wait for me, I’m not finished

3. B->A Well, I’m done

4. A->B Ok, then our correspondence is over

1.2 complex

1. A->B Fin
2. B->A Ack
3. B->A Fin
4. A->B Ack

1.2 Why are the second and third times not sent together?

When the passive party receives a FIN packet from the active party, it only indicates that the active party has no data to send to the passive party. But not necessarily the passive side of all the data are complete to send to the active side, so the passive side will not immediately close the SOCKET, it may also need to send some data to the active side, again send FIN message to the active party, told voluntarily agree to close the connection, so the ACK packet and FIN packet in most cases are sent separately.

1.3 Why does TCP wave four times

TCP is a full-duplex connection. The connection must be closed at both ends. If one party is ready to close the write, it can still read the data sent by the other party. FIN Sends an end packet to the FIN. After receiving the end packet, the FIN replies with an ACK packet. When a FIN packet is sent, the peer replies with an ACK. Both ends are closed, and the TCP connection is closed