Three-time handshake for TCP

TCP three handshake and four waves: the TCP creation process and the link dismantling process are created automatically by the TCP/IP protocol stack relative to the socket developer . Therefore, the developer does not need to control the process. But it is quite helpful to understand the underlying operating mechanism of TCP.

TCP Three-time handshake

The so-called three-time handshake (three-way handshake) means that when a TCP connection is established, the client and server are required to send a total of 3 packets.

The purpose of the three-time handshake is to connect the server to the specified port, establish a TCP connection, and synchronize the serial number and confirmation number of both parties and Exchange TCP window size information. In socket programming, the client executes connect (). Will trigger a three-time handshake.

TCP Message Format:

Handshake for the first time:

The client sends a TCP SYN flag of 1 that indicates the port of the server to which the client intends to connect, and the initial ordinal x, which is saved in the header Number field of the packet Sequence.

Second handshake:
The server sends back a confirmation packet (ACK) reply. That is, the SYN flag bit and the ACK flag bit are both 1, and the confirmation ordinal (acknowledgement number) is set to the customer's ordinal (SEQ) plus 1 for. X+1.

Handshake for the third time.
The client sends the confirmation packet again (ACK) to the SYN flag bit for the 0,ACK flag bit of 1. and sends the server an ACK to the ordinal field +1, which is placed in the OK field to send to the other party. and write customer segment sequence +1 in data segment

During a three-time handshake , the TCP connection before the server sends Syn-ack is called a half-connection (Half-open Connect) before the ACK is received by the client. The server is now in Syn_ recv status. When an ACK is received, the server goes into the established state.

SYN attack is to attack the client in a short period of time to forge a large number of non-existent IP addresses, to the server constantly send SYN packets, the server replies to confirm the packet, and wait for the customer's confirmation, because the source address is not present, the server needs to continue to resend until time-out, These bogus SYN packets will take a long time to occupy the disconnected queue, the normal SYN request is discarded, the target system is running slowly, the serious person causes the network jam and even the system is paralyzed.

Three-time handshake for TCP