The sequence number of TCP packets is as follows: Seq sequence number, which contains 32 bits. This parameter identifies the byte stream sent from the TCP source to the destination. The initiator marks this byte stream when sending data: Ack number, which is 32 bits. ACK = SEQ + 1 flag bit: six URG emergency Pointers Valid ACK Confirmation number valid PSH The receiver should send the packet to the application layer as soon as possible. SYN Initiates a connection. FIN releases a connection. Do not confuse the Ack number with the flag bit Ack. Confirm the Ack = Seq+1 of the initiator

TCP three-way handshake

The so-called three-way handshake is the establishment of a TCP connection. The connection must be actively opened by one party and passively opened by the other. The following is a diagram of the client initiating the connection:

The client that actively opens the connection before the handshake ends the CLOSED phase. The server that passively opens the connection also ends the CLOSED phase and enters the LISTEN phase. Then begin the “three handshakes” :

(1) The client sends a TCP packet to the server

  • The flag bit is SYN, indicating that a new connection is requested.
  • The serial number is Seq=X (X is generally 1);
  • The client then enters the SYN-sent phase.

(2) After receiving the TCP packet from the client, the server ends the LISTEN phase. A TCP packet is returned, in which:

  • The flag bits are SYN and ACK, indicating that “Confirm that the Seq number of the packet sent by the client is valid, the server can normally receive the data sent by the client, and agree to create a new connection” (that is, tell the client that the server has received your data).
  • The serial number is Seq=y;
  • If the Ack number is Ack= X +1, it indicates that it receives the serial number Seq from the client and adds 1 to the value as its Ack number. Then the server enters the SYN-RCVD phase

(3) After receiving the TCP packet from the server, the client confirms that the data transmission from the client to the server is normal. The SYN-sent phase is ended. And returns the last TCP packet. Among them:

  • The flag bit is ACK, which means “acknowledge receipt of the signal that the server agrees to connect” (that is, tell the server, I know you received the data I sent).
  • Seq= X +1 indicates that it receives the Ack number from the server and uses the Ack number as its serial number.
  • If the confirmation number is Ack= Y +1, the client receives the serial number Seq from the server and adds 1 to the value of its Ack number. Then the client enters the ESTABLISHED phase.
  • After the server receives the TCP packet confirming the receipt of server data from the client, the data transmission from the server to the client is normal. The SYN-sent phase is ended and the ESTABLISHED phase is displayed.

In TCP packets transmitted by the client and server, the Ack and Seq numbers of both sides are calculated based on the Ack and Seq values of each other. This ensures the consistency of TCP packet transmission. If TCP packets sent by one party are lost, the handshake cannot be continued, ensuring the smooth completion of the three-way handshake. After that, data is normally transmitted between the client and server. This is the “three-way handshake” process.

2. Popular understanding of “three handshakes”

The boy liked the girl, so he wrote a letter to the girl: I love you, please come with me. ; After writing the letter, the boy waited anxiously because he did not know if the letter would reach the girl smoothly. After the girl received the boy’s love letter, she was elated. It turned out that we were two lovers. So to the boy wrote a reply: I received your love letter, also understand your mind, in fact, I also like you! I want to date you! ; After writing the letter, the girl also waited anxiously, because she did not know whether the reply could be smoothly conveyed to the boy. (3) The boy was very happy after receiving the letter, because the girl had received the love letter, and he knew from the letter that the girl liked him and was willing to have a relationship with him. Then the boy wrote a letter to the girl: I have received your letter, thank you, and I love you! After the girl received the boy’s reply, she was also very happy, because the boy had received the love letter. This is the popular version of the “three handshakes”, during a total of three letters, also known as the “three handshakes”, in order to confirm the two directions of the data transmission channel is normal.

3. Why the third handshake?

An error is generated to prevent the server from opening some useless connections and increasing server overhead, and to prevent the invalid connection request message segment from suddenly being sent to the server.

Because network traffic is delayed (through network fiber and various intermediate proxy servers), during transmission, for example, a client initiates a SYN=1 request to create a connection (first handshake).

If the server creates the connection and returns a packet containing SYN, ACK, and Seq to the client, the packet is lost due to network transmission, and the client never receives the packet returned by the server.

The client may set a timeout period and then close the connection creation request. The request to create a connection is re-issued, and the server doesn’t know about it, if there’s no third handshake that tells the server that the client received the data that was transferred to the server,

The server does not know whether the client has received the message returned by the server.

This process can be understood as:

Instead of giving the server a request to create or close the connection port, the server port stays open until the client reissues the request due to timeout and the server reopens a port connection. The last port on the server that did not receive the request data will remain open, and over time, such a large number of ports will cause a serious waste of server-side overhead.

Another case is that the request information sent by the invalid client is transmitted to the server for some reason. The server thinks it is a valid request sent by the client, and an error occurs after receiving it.

Therefore, we need a “third handshake” to confirm the process, so that the client and the server can detect the failure of connection creation due to network problems in time, so that the server port can be closed without waiting forever.

The “third handshake” is the data sent by the client to the server. This data is to tell the server whether the client received the data sent by the server during the “second handshake”. If the message is received, the server establishes a TCP connection. Otherwise, the server establishes a TCP connection

TCP waved four times

1, the preface

We’re all familiar with the “three-way handshake” because it’s relatively simple. But we don’t often hear about the quadruple wave, and even if we do, we don’t necessarily know exactly how it works. Here is a detailed, intuitive, complete introduction to the “four wave” process.

The so-called quadruple wave is the release of the TCP connection (disconnection). The connection must be released actively on one side and passively on the other. The following is a diagram of the client initiating the release of the connection:

(1) The client wants to release the connection and sends a TCP packet to the server, in which:

The flag bit is FIN, indicating that the connection is requested to be released. Serial number: Seq=U; The client then enters the Fin-WaIT-1 phase, which is the half-closed phase. And stops sending data up from the client to the server, but the client can still receive data from the server. Note: This does not send the data that was transmitted during normal connection (not the acknowledgement packet), not all data, so the client can still send the ACK acknowledgement packet.

(2) After receiving the TCP packet from the client, the server confirms that the client wants to release the connection. Then the server ends the ESTABLISHED phase, enters the close-wait phase (half-closed state), and returns a TCP packet, in which:

The flag bit is ACK, indicating that the request to release the connection sent by the client has been received. Serial number: Seq=V; The Ack number is U+1, indicating that after receiving the packet from the client, the Seq value is added to 1 as the Ack number of this packet. The server then prepares to release the connection from the server side to the client side. After receiving the TCP packet from the server, the client confirms that the server receives the connection release request from the client. Then the client ends fin-WaIT-1 phase and enters Fin-WaIT-2 phase

The first “two waves” let the server know that the client wants to release the connection, and also let the client know that the server knows about its request to release the connection. You are now ready to close the connection from the client to the server side

(3) After sending the ACK packet, the server is ready to release the connection from the server to the client in the closed-wait phase, and sends a TCP packet to the client again, in which:

The flag bit is FIN, ACK, which means “ready to release the connection.” Note: An ACK is not an acknowledgement of receiving a server packet. Serial number: Seq=W; The confirmation number is Ack=U+1. The value of Seq plus 1 is the Ack number of the received packet. Then the server ends the close-wait phase and enters the last-ACK phase. And stops sending data from the server to the client, but the server can still receive data from the client.

(4) The client receives a TCP packet from the server, confirming that the server is ready to release the connection, terminates the FIN-WaIT-2 phase, enters the time-WAIT phase, and sends the following packet to the server:

The flag bit is ACK, indicating that a signal has been received that the server is ready to release the connection. Serial number: Seq=U+1; Indicates that the Ack number of the received server packet is used as the sequence number of this packet. The confirmation number is Ack=W+1. The value of Seq is used as the confirmation number of the packet. The client then begins to WAIT for 2MSL in the time-wait phase

  • Why must A WAIT 2MSL in time-wait state? First, to ensure that the last ACK packet sent by A can reach B. This ACK packet segment may be lost. As a result, USER B in the last-ACK state cannot receive the confirmation of the sent FIN+ACK packet segment. User B retransmits the FIN+ACK packet segment due to timeout, and user A receives the FIN+ACK packet segment within 2MSL. If USER A does not WAIT for A period of TIME in the time-wait state but immediately releases the connection after sending the ACK packet, user A cannot receive the FIN+ACK packet retransmitted by user B and does not send the acknowledgement packet again. In this way, B cannot enter the CLOSED state according to normal steps.

    Second, after sending the ACK message segment, A can make all the message segments generated during the duration of the connection disappear from the network after 2MSL time. This prevents the old connection request segment from appearing in the next new connection.

3. Popular understanding of “four waves”

“First wave” : after a long time, the boy found that the girl had become a person he hated, so he decided to break up, and then wrote a letter to tell the girl. “Second wave” : after the girl received the letter, knew that the boy wanted to break up with himself, burning with anger, in the heart of the dark scold: what are you, at the beginning you are not like this! So immediately to the boy wrote a reply: break up on break up, give me some time, I will put your things in order, all back to you! After receiving the girl’s first letter, the boy realized that the girl knew he was going to break up with her. Then she waited for the girl to put her things away. “Third wave” : after a few days, the girl sorted out the things the boy had sent, so she wrote to the boy again: I sorted out your things, take them away quickly, from now on you and I will be severed from friendship! “Fourth wave” : after the boy received the girl’s second letter, he knew that the girl had packed up her things and could formally break up, so he wrote to the girl again and told her: I know, I’m going to get it back! Both sides have their own arguments here. Since the girl sent the second letter, the limit of one day can not receive the boy’s reply, will send a letter to urge the boy to get things! The boy thought that the girl had received his second letter if he did not receive the girl’s letter again within two days. If he receives a letter from the girl again within two days, he thinks that the girl did not receive his second letter, so he needs to write another letter and wait another two days. .

If both parties can receive regular letters, it only takes at least four letters to break up completely! This is called “Four waves”.

Why “shake hands” three times, but “wave hands” four times?

The three-way handshake is required for establishing a TCP connection because the TCP packet sent from the server to the client uses SYN and ACK as flag bits during the second handshake. SYN: Indicates that the server agrees to establish a connection. An ACK message informs the client that the server has received its request packet.

That is, SYN connection establishment packets and ACK acknowledgement packets are transmitted in the same handshake. Therefore, the three-way handshake is neither more nor less, ensuring that the two parties can communicate with each other.

The “four wave” is required for TCP connection release because the FIN release packet and ACK acknowledge packet are transmitted through the second and third handshake respectively. Why are connections made together and released separately?

When establishing a connection, the passive server completes the CLOSED phase and enters the Handshake phase without any preparation. It can directly return SYN and ACK packets to start establishing a connection. When releasing a connection, the passive server receives a request from the active client to release the connection but cannot release the connection immediately because necessary data needs to be processed. Therefore, the server sends an ACK message to confirm receipt of the packet and then returns a FIN packet to release the connection after the close-wait phase is complete.

So “three handshakes”, “four waves”.