TCP three-way handshake, four-way handshake

Source: Internet
Author: User

TCP three-way handshake, four-way handshake

What is TCP?

TCP is a connection-oriented, reliable, and byte stream-based transport layer communication Protocol.

Transport Layer? A Brief Introduction to the knowledge of computer networks. Computers/computers communicate with servers over networks. In order to standardize the format of communication data, a layered approach is generally adopted, common layers are OSI Layer 7 and TCP/IP layer 5 network architecture, as shown in the OSI Layer 7 architecture diagram.

The Blue Circle cake in the middle represents the route. A and B are the two computers that need to communicate. They are finally sent from the raw DATA through the encapsulation of A layer-by-layer protocol (as follows) through the physical layer.

The receiver receives a layer-by-layer solution encapsulation to transfer valid data to the application layer.

TCP is connection-oriented. Before sending data to the other party, a connection must be established between the two parties. In TCP/IP, TCP provides reliable connection services, and the connections are initialized through three handshakes. The purpose of the three-way handshake is to synchronize the serial number and confirmation number of both parties and exchange the TCP window size information.

TCP Header

To understand the three-way handshake, first understand the TCP packet header structure.

Flag field (U, A, P, R, S, F): 6 bits. The meaning of each bit is as follows:

URG: urgent. When URG = 1, it indicates that the emergency pointer field is valid, indicating that the packet is an emergency packet. It tells the system that there is Urgent data in this packet segment and should be transmitted as soon as possible (equivalent to high-priority data), and the Urgent Pointer field in will also be enabled.

ACK: Acknowledge ). The validation number field is valid only when ACK = 1, which indicates that this packet is a validation packet. When ACK = 0, the confirmation number is invalid.

PSH: (Push function) if the value is 1, the other party is required to immediately transfer other corresponding packets in the buffer, instead of waiting until the buffer is full.

RST: Reset bit (Reset). When RST is set to 1, it indicates that a serious error occurs in the TCP connection (for example, due to host crash or other reasons). The connection must be released, then re-establish the transportation connection.

SYN: Synchronous (Synchronous). If Synchronous is set to 1, this indicates a connection request or connection to receive packets. packets with SYN signs usually indicate "active" to connect to the other party.

FIN: Terminate the BIT (Final) to release a connection. When FIN = 1, it indicates that the data of the sending end of the message segment has been sent and the transport connection needs to be released.

For details about each part, refer to the TCP Header structure.

Three-way handshake

After learning about the TCP Header structure, let's look at the so-called three-way handshake.

1. First handshake: establish a connection. The client sends the connection request message segment, and sets the SYN position to 1 and the Sequence Number to x. Then, the client enters the SYN_SEND status and waits for confirmation from the server;

2. Second handshake: the server receives the SYN packet segment. When the server receives the SYN packet from the client, it needs to confirm the SYN packet segment and set Acknowledgment Number to x + 1 (Sequence Number + 1). At the same time, you need to send the SYN request information by yourself. Set the SYN position to 1 and the Sequence Number to y. The server puts all the above information in one packet segment (that is, SYN + ACK packet segment, send it to the client, and the server enters the SYN_RECV status;

3. Third handshake: the client receives the server's SYN + ACK packet segment. Then, set Acknowledgment Number to y + 1 and send the ACK packet segment to the server. After the packet segment is sent, both the client and the server enter the ESTABLISHED status to complete the TCP three-way handshake.

After three handshakes are completed, the client and the server can start to transmit data. The above is the general introduction of TCP three-way handshake.

Four Waves

After a TCP connection is established between the client and the server through three handshakes, the TCP connection must be disconnected after data transmission is completed. For TCP disconnection, there is a mysterious "four waves" here ".

1. wave for the first time: HOST 1 (client or server), set Sequence Number and Acknowledgment Number, and send a FIN packet segment to host 2, HOST 1 enters the FIN_WAIT_1 status. This indicates that host 1 has no data to send to host 2;

2. second wave: Host 2 receives the FIN packet segment sent by HOST 1, returns an ACK packet segment to host 1, Acknowledgment Number is set to Sequence Number plus 1, and host 1 enters FIN_WAIT_2; host 2 tells HOST 1 that I have no data to send. You can close the connection;

3. Third Wave: Host 2 sends the FIN packet segment to host 1, requests to close the connection, and host 2 enters the CLOSE_WAIT status;

4. the fourth wave: HOST 1 receives the FIN packet segment sent by host 2, sends the ACK packet segment to host 2, and then HOST 1 enters the TIME_WAIT status; host 2 closes the connection after receiving the ACK packet segment of Host 1. At this time, HOST 1 still does not receive a reply after waiting for 2MSL, it indicates that the Server has been properly shut down, HOST 1 can also close the connection.

So far, the four waves of TCP were so pleasant. When you see this, you have a lot of questions in your mind, many do not understand, feel very messy; nothing, we will continue to summarize.


Why do I need to shake hands three times?

Since TCP's three-way handshake is summarized, why do we have to do it three times? I think it can be done twice. So why does TCP have to perform three connections? Xie xiiren's "Computer Network" says this:

Errors are generated to prevent the invalid Connection Request Message segment from being suddenly transmitted to the server.

Here is an example:

"Invalid Connection Request Message segment" is generated in the case that the first connection request message segment sent by the client is not lost,

However, a network node is stuck for a long time, so that it will arrive at the server at a certain time after the connection is released. This is

Long-expired message segments. However, after the server receives the invalid Connection Request Message segment, it is mistaken for a new

. Therefore, the client sends a confirmation message segment and agrees to establish a connection. If "three-way handshake" is not used

Confirm the connection. The client does not send a connection request, so it does not accept the confirmation from the server,

Nor will data be sent to the server. However, the server thinks that the new transport connection has been established and waits for the client to send data. In this way,

Server resources are wasted. The "three-way handshake" method can prevent the above phenomenon. For example,

The client will not send confirmation to the server. Because the server cannot receive the confirmation, it will know that the client does not require a connection ."

This makes it clear that it prevents the server from wasting resources while waiting.

Why do I wave four times?

Why are those four waves? TCP is a connection-oriented, reliable, and byte stream-based transport layer communication protocol. TCP is in full duplex mode, which means that when HOST 1 sends a FIN packet segment, it only indicates that host 1 has no data to send and Host 1 tells host 2, all of its data has been sent. However, HOST 1 can still accept data from host 2 at this time. When host 2 returns an ACK packet segment, it indicates that host 1 has no data to send, but host 2 can still send data to host 1. When host 2 also sends the FIN packet segment, at this time, it indicates that host 2 has no data to be sent, and then it will tell HOST 1 that I have no data to send, and then they will happily interrupt the TCP connection. If you want to correctly understand the principles of four waves, you need to understand the status changes during the four waves.

FIN_WAIT_1: The FIN_WAIT_1 and FIN_WAIT_2 statuses indicate the FIN_WAIT_1 and FIN_WAIT_2 wait message. The difference between the two States is that the FIN_WAIT_1 state is actually when the SOCKET is in the ESTABLISHED State, it wants to actively close the connection and send a FIN packet to the other party, the SOCKET enters the FIN_WAIT_1 state. When the other Party responds to the ACK message, it enters the FIN_WAIT_2 state. Of course, under normal circumstances, the other party should immediately respond to the ACK message, regardless of the situation, therefore, the FIN_WAIT_1 status is generally difficult to see, while the FIN_WAIT_2 status is often seen using netstat. (Active party)

FIN_WAIT_2: The above has explained in detail this status. In fact, the SOCKET in the FIN_WAIT_2 status indicates a semi-connection, that is, one party requires a close connection, but also tells the other party that, I still have some data to send to you (ACK information), and close the connection later. (Active party)

CLOSE_WAIT: the meaning of this state is actually waiting to be closed. How can this problem be solved? When the other party closes a SOCKET and sends a FIN packet to itself, your system will undoubtedly respond to an ACK packet to the other party, and then enters the CLOSE_WAIT status. Next, what you really need to consider in practice is to check if you still have data to send to the other party. If not, you can close the SOCKET and send the FIN packet to the other party, that is, close the connection. So what you need to do in CLOSE_WAIT is to wait for you to close the connection. (Passive)

LAST_ACK: this status is easy to understand. It passively closes a side and waits for the other side's ACK message after sending the FIN message. After receiving the ACK message, you can enter the CLOSED available status. (Passive)

TIME_WAIT: indicates that the FIN packet of the other party is received, and the ACK packet is sent concurrently, so that 2MSL can return to the CLOSED available status. If FINWAIT1 receives a message with both the FIN mark and ACK mark, it can directly enter the TIME_WAIT state without passing through the FIN_WAIT_2 state. (Active party)

CLOSED: indicates that the connection is interrupted.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.