TCP three-way handshake, four-way handshake

I. Details about TCP three-way handshake

In TCP/IP, TCP provides reliable connection services and uses three-way handshakes to establish a connection.

1. When a connection is established, the client sends a SYN packet to the server and enters the syn_send status. In this status, the client waits for the confirmation packet from the server.

2. After the server receives the SYN packet from the client, it first confirms to the client that it has received the SYN packet from the client, and also sends its own Syn packet, that is, to send the ACK package + SYN package to the sender, and then enter the SYN--RECEIVE status

3. The client receives the ACK packet + Syn packet from the server and sends the ACK packet confirmation to the server. Then, the three handshakes are completed and the connection is established.

SYN: SYN is the handshake signal used when the TCP/IP establishes a connection. When a normal TCP network connection is established between the client and the server, the client first sends a SYN message, the server uses a SYN-ACK response to receive the message, and the client then responds with an ACK message. In this way, a reliable TCP connection can be established between the client and the server, and data can be transmitted between the client and the server. The first packet of a TCP connection, a very small data packet. SYN
Attacks include a large number of such packages, which appear to come from websites that do not actually exist, so they cannot be effectively processed. Each machine's spoofing package takes several seconds to try to give up providing a normal response.

Ack: The validation mark in the TCP packet header to confirm the received TCP packets.

In TCP/IP, if the receiver successfully receives data, an ACK data is returned. Generally, the ACK signal has its own fixed format and length, and the receiver replies to the sender. The format depends on the network protocol used. When the sender receives the ACK signal, it can send the next data. If the sender does not receive the signal, the sender may resend the current data packet or stop sending data. The specific situation depends on the network protocol used. The ack signal is usually an ASCII character, and the ACK signal is different in different protocols.

The following describes several important concepts:

Unconnected queue: In the three-way handshake protocol, the server maintains an unconnected queue, which is the SYN Packet of each client.
(SYN = J) open an entry that indicates that the server has received the SYN Packet and sent a confirmation to the customer, waiting for the customer to confirm the package. The connection identified by these entries is in the syn_recv state on the server. When the server receives the customer's confirmation packet, it deletes the entry and the server enters the established state.
Backlog Parameters: Maximum number of unconnected queues.
Number of SYN-ACK retransmissions
The server sends the SYN-ACK package. If the customer's confirmation package is not received, the server re-transmits the package for the first time, if the number of retransmission times exceeds the maximum number of retransmission times specified by the system, the system deletes the connection information from the semi-connection queue. Note that the waiting time for each retransmission is not necessarily the same.
Semi-join survival time: Indicates the maximum time for a semi-connection queue to survive, that is, the maximum time for the service to receive a SYN Packet and confirm that the packet is invalid, the maximum waiting time of all retransmission request packets. The semi-join survival time is also called timeout time and syn_recv survival time.

2. Four Waves

Because the TCP connection is full-duplex, each direction must be closed separately. This principle is that when one party completes its data sending task, it can send a fin to terminate the connection in this direction. Receiving a fin only means that there is no data flow between the two parties. a tcp connection can still send data after receiving a fin. First, the party that closes the service will take the initiative to close the service, and the other party will passively close the service.

(1) Client A sends a fin to disable data transmission from client a to server B (packet segment 4 ).

(2) When server B receives the fin, it sends back an ACK and confirms that the serial number is 1 (packet segment 5 ). Like SYN, a fin occupies a sequence number.

(3) server B Closes the connection with client a and sends a fin to Client A (packet segment 6 ).

(4) Client A sends back the ACK message for confirmation, and sets the confirmation sequence number to receive the serial number plus 1 (packet segment 7)

TCP uses four waves to close the connection

 

Why is the three-way handshake while the four-way handshake when the connection is closed?

This is because the socket in the listen status of the server can respond to ack and SYN after receiving the SYN Packet connection request) it is sent in a message. However, when the connection is closed, when the other party receives the fin Message notification, it only indicates that the other party has no data to send to you; but not all your data may have been sent to the other party, therefore, you may not close the socket immediately, that is, you may need to send some data to the other party, and then send the fin message to the other party to indicate that you agree to close the connection now, therefore, the ACK messages and fin messages are sent separately in most cases.