TCP three handshakes and four waves

TCP three handshakes and four waves

TCP status (SYN, FIN, ACK, PSH, RST, URG)

In the TCP layer, there is a FLAGS field, which has the following FLAGS: SYN, FIN, ACK, PSH, RST, URG.

The first five fields are useful for our daily analysis.

"SYN" indicates that the connection is established, "FIN" indicates that the connection is closed, "ACK" indicates that the connection is responded, "PSH" indicates that DATA has been transmitted, and "RST" indicates that the connection has been reset.Copy the code

An ACK may be used together with a SYN, a FIN, etc. For example, SYN and AN ACK may both be 1, indicating the response after the connection is established.

If there is a single SYN, it simply means establishing a connection.

Several TCP handshakes are represented by such an ACK.

However, SYN and FIN are not 1 at the same time, because the former indicates the establishment of a connection and the latter indicates the disconnection.

RST is usually set to 1 after FIN, indicating connection reset.

Generally, when there is a FIN or RST packet, we think the client is disconnected from the server; When SYN and SYN+ACK packets are present, we assume that the client has established a connection to the server.

When PSH is 1, it usually only occurs in packets whose DATA content is not 0. In other words, when PSH is 1, it means that real TCP packet content is passed.

TCP establishes and closes connections in a request-response mode.

Concept supplement -TCP three-way handshake:

Transmission Control Protocol (TCP)

TCP is a host-to-host transmission control protocol that provides reliable connection services. A three-way handshake is used to establish a connection.

Bit codes are TCP flag bits. There are six flags:

SYN(Synchronous Setup online)

ACK (acknowledgement confirmation)

PSH transfer (push)

FIN (finish)

RST reset (reset)

URG (urgent urgent)

Sequence number(lower case SEq)

Acknowledge number = Acknowledge number = Acknowledge number

Establishing a TCP Connection (three-way handshake)

The TCP three-way handshake is shown as follows:

1. The TCP server process first creates a transmission control block, TCB, and is ready to accept connection requests from the client process. Then the server enters the LISTEN state.
2. The TCP client process also creates the transmission control block TCB first, and then sends connection request packets to the server. This is the same part in the packet headerSYN=1At the same time, select an initial sequence number seq=x. At this time, the TCP client process enters syn-sent state. TCP specifies that SYN packet segments (SYN=1) cannot carry data, but a sequence number is consumed.
3. After receiving the request packet, the TCP server sends an acknowledgement packet if it agrees to the connection. Yes in the confirmation packetACK=1.SYN=1, ack=x+1, and seq=y. At this time, the TCP server process enters syn-RCVD (synchronous received) state. This packet also does not carry data, but it also consumes a serial number.
4. When the TCP client process receives the acknowledgement, it also gives the acknowledgement to the server. Acknowledging the messageACK=1, ack=y+1, seq=x+1, the TCP connection is ESTABLISHED, and the client enters the ESTABLISHED state. According to TCP, AN ACK packet segment can carry data, but no sequence number is consumed if it does not carry data.
5. When the server receives the acknowledgement from the client, it also enters the ESTABLISHED state, from which the communication can begin.

Why does the TCP client send a final acknowledgement?

In short, the main purpose is to prevent the connection request packet that has failed to be sent to the server suddenly, resulting in error.

If you are using two handshake connection is established, suppose there is such a scenario, the client sends the first request connection and not lost, just because in the network node in the retention time is too long, as a result of the TCP client has not received the confirmation message, thought the server did not receive, at this time to send this message to the server, After that, the client and server complete the connection through two handshakes, transfer data, and then close the connection. At this point, the previous delayed request connection, the network is normal and reaches the server. This packet should be invalid. However, the two-time handshake mechanism will make the client and the server establish a connection again, which will lead to unnecessary errors and waste of resources.

If the three-way handshake is used, even if the invalid packet is sent, the server receives the invalid packet and replies with an acknowledgement packet, but the client does not send acknowledgement again. Because the server does not receive an acknowledgement, it knows that the client did not request a connection.

After the data transmission is complete, both parties can release the connection. The client and server are both ESTABLISHED at first, then the client shuts down actively and the server shuts down passively. TCP four waves as shown in figure:

1. The client process sends a connection release packet and stops sending data. The header of the data packet is released, FIN=1, and its serial number is SEq = U (equal to the serial number of the last byte of the data that has been transmitted plus 1). At this time, the client enters the FIN-wait-1 state. According to TCP, a FIN packet segment consumes a serial number even if it does not carry data.
2. After receiving the connection release packet, the server sends an acknowledgement packet with ACK=1, ACK= U +1 and its serial number seq= V. Then the server enters the close-wait state. The TCP server notifies the high-level application process, and the client is released to the server. At this time, the client is in the semi-closed state, that is, the client has no data to send. However, if the server sends data, the client still accepts it. This state will continue for a period of time, that is, the entire duration of the closewait state.
3. When the client receives the acknowledgement request from the server, the client enters the FIN-wait-2 state, waiting for the server to send the connection release packet (before receiving the last data from the server).
4. 01 After the server sends the LAST data, it sends the connection release packet to the client, FIN=1, ACK = U +1. Since the server is in the semi-closed state, it is likely to send some more data, assuming the serial number at this time is SEq =w. At this time, the server enters the last-ACK state, waiting for the client to confirm.
5. After receiving the connection release packet from the server, the client must acknowledge with ACK=1, ACK= w+1, and its serial number is SEq = U +1. At this TIME, the client enters the time-wait state. Notice That the TCP connection is not released, and the client enters the CLOSED state only after 2∗∗MSL (maximum packet segment lifetime) expires and the corresponding TCB is revoked.
6. The server enters the CLOSED state as soon as it receives the acknowledgement from the client. Again, canceling the TCB terminates the TCP connection. As you can see, the server ends the TCP connection a little earlier than the client.

Why does the client end up waiting for 2MSL?

Maximum Segment Lifetime (MSL) : TCP allows different implementations to set different MSL values.

First, ensure that the client sends the final ACK packet to reach the server, because the ACK packet may be lost, standing in the server’s perspective, I have already sent the FIN + ACK message request disconnect, the client also did not give me response, should be I send the request of the disconnect message it did not receive, then the server will send a again, The client will receive the retransmitted packet within the 2MSL period, then send a response packet and restart the 2MSL timer.

Second, to prevent “invalid connection request segments” such as those mentioned in the “three-way handshake” from appearing in this connection. After the client sends the last acknowledgement packet, all the packet segments generated during the duration of the connection can disappear from the network in the 2MSL time. In this way, the request packet of the old connection does not appear in the new connection.

Why is it that it takes three handshakes to establish a connection and four waves to close it?

During connection establishment, the server is in LISTEN state. After receiving a SYN packet, the server sends an ACK packet and a SYN packet to the client.

And close connection, the server receives the other side of the FIN message, just said to each other can no longer send data but also receives the data, and the oneself also is not necessarily all data are sent to each other, so their can immediately shut down, also can send some data to each other, then send the FIN message now agreed to close the connection to the other side, therefore, Your OWN ACK and FIN are usually sent separately, resulting in one more time.

What if the connection is established, but the client suddenly fails?

TCP also has a keepalive timer, so obviously, if a client fails, the server can’t wait and waste resources. The server resets the timer every time it receives a request from the client. The time is usually set to two hours. If no data is received from the client within two hours, the server sends a probe segment and then sends it every 75 seconds. If there is no response after 10 consecutive probes, the server considers the client to be faulty and closes the connection.