TCP three-way handshake (establishing a connection)


Three-way Handshake Sets up a TCP connection with Three packets sent by the client and server.

The purpose of the three-way handshake is to connect to the specified port of the server, establish a TCP connection, synchronize the serial number and confirmation number of the connection parties, and exchange TCP window size information.

The first handshake

Client:

  • Send SYN (SYN=1), SEq =x packets

  • The SYN_SENT state is displayed

The second handshake

Server:

  • Send ACK= x + 1, SEq =y, SYN=1, ACK=1

  • The SYN_RECV state is displayed

The third handshake

Client:

  • SYN=0, ACK=1, seq=x+1, ack=y+1

After the packet is sent to the client, the client and server enter the ESTABLISHED state and complete the three-way handshake.

After completing the three-way handshake, the client and server begin transferring data.

TCP four waves (disconnection)


The first

Client:

  • Send the packet FIN=1, seq=u (equal to the sequence number of the last byte of the previously sent data plus 1)

  • Enter FIN-WaIT-1 (terminate WAIT 1) (TCP specifies that a FIN packet segment consumes a sequence number even if it does not carry data)

The 2nd

Server:

  • The connection release packet was received. Procedure

  • Send an acknowledgement packet, ACK=1, ACK= u+1, with its own serial number, seq= V

  • Enter the close-wait state

TCP notifies the application process that the direction from the client to the server is released. This state is semi-closed, that is, the client has no data to send, but the server sends data, the client still needs to receive. This state also lasts for a period of time, i.e. the duration of the close-wait state.

Client:

  • A confirmation request was received from the server

  • The server enters the FIN-WaIT-2 state and waits for the server to send a connection release packet (the last data sent by the server must be received before doing so).

The third time

After sending the last data, the server sends a connection-release message to the client, and since it is in the half-closed state, the server probably sent some more data. Assume that the serial number is seq=w

Server:

  • FIN=1, ACK=1, ACK= U +1, seq=w (new SEq)

  • The last-ACK state is displayed. Procedure

4 times

Client:

After receiving the connection release packet from the server, the client must send an acknowledgement.

  • ACK=1, ack=w+1, seq=u + 1

  • The client entered the time-wait state. Procedure

  • The system enters the CLOSED state after 2 Maximum Segment Lifetime (MSL)

Server:

  • After receiving an acknowledgement from the client, the state is immediately CLOSED

The server enters the CLOSED state before the client.

Why three handshakes

After receiving a SYN request packet from the Client, the Server sends SYN and ACK packets. ACK packets respond, and SYN packets synchronize.

The three-way handshake prepares the data to be sent, while also allowing both parties to negotiate the initial serial number, which is sent and confirmed during the handshake.

The first two handshakes are synchronized and prepared, and the third handshake enters the state.

Why not two handshakes?

If a connection request runs slowly in the network and times out, the client will resend the request, but the client that runs slowly finally gets the request, and then the server will receive both requests, and then respond to both requests, creating two connections and wasting resources. If a third authentication is added, the client can discard a server confirmation request after receiving a subsequent confirmation request.

Why four waves

TCP is bidirectional, so it needs to be closed in two directions. The closing in each direction requires request and confirmation, so a total of four times.

  • Client: Server, I’m going to stop transmission (fin-WaIT-1)

  • Server: Ok, I got it (but MAYBE I have some data left to send to you on demand) (close-wait)

  • Client: The server already knows I’m going to disconnect (fin-WaIT-2)

  • Server: Client guy, my data has been transmitted, AND I will not send you any more data (last-ack).

  • Client: OK, I will enter time-wait, then I will enter CLOSED after 2 MSL

  • Server: Then I am disconnected, bye bye (CLOSED)

What if the connection has been established, but the client fails

TCP has a keepalive timer, and when the client fails, the server cannot waste resources by waiting forever.

The server resets this timer every time it receives a client request, usually for 2 hours. If no data is received from the client within 2 hours, the server sends a probe segment, which is then sent every 75 seconds. If there is no response after 10 probe packets are sent, the server assumes that the client is faulty and closes the connection.

SYN Flood attack

The attacker sends TCP SYN, the first packet in the three-way handshake. When the server replies with an ACK, the attacker does not reconfirm the packet. The connection is in the suspended state, which is called the half-connected state. It also sends repeated ACKS to the attacker, which results in wasted server resources. An attacker sends a very large number of these TCP connections to the server. As a large number of semi-connected states are created on the server, the resource consumption of the server increases and eventually the server fails.

The server is in the SYN_RECV state after sending an ACK. The server changes to the ESTABLISHED state only after receiving the ACK from the client.

Acronym correlation

  • Serial number SEQ: 4 bytes, used to mark the sequence of data segments. TCP sets a serial number for all data fields sent in the connection. The number of the first byte is randomly generated locally. Once the bytes are numbered, each packet segment is assigned a serial number. The serial number seq is the data number of the first byte in the packet segment. When a data packet is sent, the data packet is broken up into multiple packets. The serial number numbers each packet so that the receiver can splicing the packet again. The initial sequence number is randomly generated so that the disassembly of different data is guaranteed not to be connected incorrectly.

  • Ack number: indicates the sequence number of the first byte of the next packet expected to be received. Serial number indicates the number of the first byte of data carried in the message segment. The confirmation number refers to the number expected to receive the next byte; That is, the number of the last byte of the current packet segment +1 is the confirmation number.

  • ACK confirmation: It has 1 bit, indicating that the message has been received. No matter three handshakes or four breakups, ACK = 1 is added to the reply to indicate that the message has been received. In addition, ACK = 1 is added to indicate that the data has been received successfully when the connection is established and the data is sent. The confirmed field is valid only if ACK=1. When ACK=0, the confirmation number is invalid.

  • Synchronization SYN (Synchronize Sequence Numbers) Indicates the synchronization Sequence number. In a three-way handshake, the first two requests are used to create a connection. Used to synchronize serial numbers when establishing connections. When SYN=1, ACK=0, this is a connection request packet segment. If the connection is agreed, set SYN=1 and ACK=1 in the response packet segment. SYN=1 indicates that this is a connection request or a connection accept message. The SYN bit is set to 1 only when TCP establishes a connection. After the handshake is complete, the SYN bit is set to 0.

  • Terminate FIN: Request to close the connection. FIN sends two out of four breakups. This is because TCP connections are bidirectional, so FIN can only close one direction at a time. FIN=1 Indicates that the sender of the packet has finished sending data and wants to release the connection.

SYN, ACK, and FIN represent the flag bit. The value is 0 or 1. Lowercase seq and ACK indicate the serial number.

SYN, ACK, and FIN are stored in the TCP flag bit.

field meaning
ACK Check whether the check number is valid. Generally, set it to 1
SYN Request to establish a connection and initialize the serial number in its serial number field. Establish a connection and set it to 1
FIN Wish to disconnect
URG Whether the emergency pointer is valid. A value of 1 indicates that one needs to be processed first
PSH Prompts the receiving application to immediately read the data from the TCP buffer
RST The other party asked to re-establish the connection, reset


Recommended reading

What is TCP/IP?

What is TCP/IP?

Simulation implementation of bidirectional binding in VUejS


Water stop lx

A want to share some knowledge of the public number, attention to send technical information