TCP Handshake and state diagram

Why do I need a "three-time handshake"?

In order to solve the problem of "repeated packet delay in the network", that is, in order to prevent the failed connection request packet suddenly transmitted to the server, resulting in an error.
Example: "Invalid connection request message segment" is generated in a situation where the first connection request message segment of the client is not lost, but it is stuck in a network node for a long time, so that it is delayed until a certain time after the connection is released and arrives at the server. Originally this is a message segment that has already expired. However, after the server receives this failed connection request message segment, it is mistaken for a new connection request from the client. The client is then sent a confirmation message segment, agreeing to establish a connection. Assuming that the "three-time handshake" is not used, the new connection is established as soon as the server issues a confirmation. Because the client is now not making a connection request, the server acknowledgement is ignored and data is not sent to the server. But the server thought the new transport connection had been established and waited for the client to send the data. In this way, many of the server's resources are wasted. The use of "three-time handshake" method can prevent the above phenomenon. For example, in that case, the client does not issue confirmation to the server's confirmation. The server knows that the client does not require a connection because it cannot receive a confirmation. ”。 The main purpose is to prevent the server side from waiting and wasting resources.

Why do I need to "wave four times"?
There might be questions about why the ACK was sent with SYN when the TCP connection handshake, but the ACK was not sent with Fin. The reason is that because TCP is in full duplex mode , when you receive fin it means that no data is sent again, but you can continue to send the data.

The state transition diagram of TCP is essentially a transformation relationship between the different states of a state machine and the conditions required to trigger those States, there are altogether 11 states:

To establish a connection:

1.CLOSED: The starting point, which enters this state when the time-out or connection is closed.

The 2.listen:server side waits for the connection to come over the state, the server side to call socket, bind, LISTEN function, can enter this state. This is called the application passive open (waiting for the client to connect).

3.syn_sent: The client initiates the connection and sends the SYN to the server side. If the server side cannot connect, go directly to the closed state.

4.SYN_RCVD: Corresponds to 3, the server side accepts the client's SYN request, and the server driven by listen status into the SYN_RCVD state. At the same time the server side to respond to an ACK, while sending a SYN to the client; in another case, the client receives a SYN request from the server while initiating the SYN, and the client is syn_sent to the SYN_RCVD state.

5.ESTABLISHED: The server side and the client have completed 3 handshake entry States, indicating that data can already be transferred.

When the connection is closed: Closing requires 4 interactions between the two sides, and also includes handling some aftermath work (time_wait status).

Note that either the active shutdown or the passive closed party is not referring specifically to the server side or the client, which is relative to who initiated the shutdown request:

6.fin_wait_1: The active closed party, which enters this state by state 5. The specific action when sending fin to each other.

7.fin_wait_2: The active closed side, receives the other side's FIN ACK, enters this state. This can no longer receive data from each other. But the ability to send data to each other.

8.close_wait: After receiving fin, the passive closed side enters this state. The specific action receives fin while sending an ACK.

9.last_ack: The passive closed party initiates a shutdown request, which is entered into this state by State 8. The specific action when the fin is sent to the other side, while receiving an ACK to enter the closed state.

10.CLOSING: When both sides initiate a close request, this state is entered by Fin_wait_1. The specific action is to receive a FIN request while responding to an ACK.

11.time_wait: The most tangled state has come. As can be seen from the state diagram, there are 3 states that can be transformed into it, and we hit analyze:

A. Enter this state by fin_wait_2: In the case where the two parties do not simultaneously initiate fin, the active shut-off party receives a status of the passive closed side's fin after it completes its own initiated shutdown request.

B. Entered by the closing state: Both sides initiated the closure, both made the request to initiate fin, and received the fin and made an ACK in the case of the closing state entered.

C. Entered by the Fin_wait_1 state: At the same time received to fin (each other initiates), the ACK (itself initiates the fin response), differs from B in that the ACK of the fin response itself originated before the other's fin request arrives, and B is the fin arrives first. The probability of this is minimal.

Closed 4 Connections The most difficult to understand state is time_wait, there are 2 reasons for time_wait:

1. The termination of TCP full-duplex connections is implemented reliably.

2. Allow old repeating sections to fade out of the network.

Special cases:

1. Simultaneously open

It is possible for two applications to perform active open at the same time, although the likelihood of occurrence is low. Each end sends a SYN and passes it to each other, and each end uses the port known to the end as the local port. For example:

An application in host a uses 7777 as the local port and connects to Host B 8888 Port to open it actively.

Host B An application uses 8888 as the local port and connects to host a 7777 port to do the active open.

TCP protocol When this happens, only one connection is opened.

The process of establishing this connection requires 4 data exchange, while a typical connection establishment requires only 3 exchanges (i.e. 3 handshake)

However, most of the Berkeley versions of TCP/IP implementations do not support simultaneous opening.

Both SYN_RCVD and Syn_send are intermediate states that are converted to established, with the goal being to convert both ends to the established state.

2. Also close

If the application sends fin at the same time, it enters the fin_wait_1 state first after it is sent. After receiving the peer fin, the reply to an ACK will enter the closing state. After receiving an ACK to the end, enter the TIME_WAIT state. This condition is called simultaneous shutdown.

Simultaneous shutdown also requires 4 message exchanges, which are the same as typical shutdowns.

TCP Message Format :

The information for each field is described below:

• Source port and Destination port: 16 bits each, representing the source port number and destination port number, used to distinguish between different processes in the host, and the IP address is used to distinguish between different hosts, The source port number and destination port number match the source IP address and destination IP address in the IP header to uniquely determine a TCP connection;
• Sequence number: Used to identify the data stream sent from the TCP originator to the TCP receiver, which represents the ordinal of the first data byte in the data flow in this segment, and is mainly used to solve the problem of the chaotic sequence of the network report;
• Acknowledgment number:32 bit confirms that the serial number contains the next sequence number expected to be received at the end of the send acknowledgement, so the confirmation sequence number should be the last data byte sequence number plus 1. However, the confirmation Sequence Number field is valid only if the ACK flag in the flag bit (described below) is 1 o'clock. Mainly used to solve the problem of not losing packets;
• Offset: To the number of first, this value is required because the length of the optional field is variable. This field accounts for 4bit (up to 15 32bit of words, that is, the first ministerial of 4*15=60 bytes), so TCP has a maximum of 60 byte headers. However, there is no optional field and the normal length is 20 bytes;
• The
• TCP FLAGS:TCP header has 6 flag bits, multiple of which can be set to 1 at the same time, primarily for manipulating TCP's state machine, followed by URG , ACK , PSH , RST , SYN , FIN . The meaning of each flag bit is as follows:
  • URG: This flag indicates that the TCP packet's emergency pointer field (which is coming soon) is valid to ensure that the TCP connection is not interrupted and that the middle-tier device is to be processed as soon as possible;
  • ACK: This flag indicates that the answer domain is valid. That is to say, the TCP answer number will be included in the TCP packet, there are two values: 0 and 1, 1 is the time to indicate that the answer domain is valid, and vice versa is 0;
  • PSH: This flag bit represents a push operation. The so-called push operation means that the packet is delivered to the application immediately after it reaches the receiving end, rather than queued in the buffer;
  • RST: This flag indicates a connection reset request. Used to reset the connection that generated the error, and is also used to deny errors and illegal packets;
  • SYN: Indicates the synchronization sequence number used to establish the connection. The SYN flag bit is used with the ACK flag bit, when the connection request is syn =1, ACK = 0; When the connection is responding, the syn =1, ACK = 1; the packet for this flag is often used for port scanning. The scanner sends a SYN packet, and if the host responds with a packet back, it indicates that the host has this port, but since this scan is only the first handshake of the TCP three handshake, the success of this scan indicates that the machine being scanned is not safe. , a secure host will force a tightly connected three-time handshake for TCP;
  • fin: Indicates that the sender has reached the end of the data, that is, the data transfer is complete, no data can be transmitted, send the FIN The connection is disconnected after the flag bit of the TCP packet. The packet of this flag is also often used for port scanning.
• Windows: Window size, which is known as a sliding window, for flow control; This is a complex issue that will not be summarized in this blog post;

TCP Handshake and state diagram