Three-time handshake for TCP

Source: Internet
Author: User

TCP three handshake and four waves: the TCP creation process and the link dismantling process are created automatically by the TCP/IP protocol stack relative to the socket developer . Therefore, the developer does not need to control the process. But it is quite helpful to understand the underlying operating mechanism of TCP.

TCP Three-time handshake

The so-called three-time handshake (three-way handshake) means that when a TCP connection is established, the client and server are required to send a total of 3 packets.

The purpose of the three-time handshake is to connect the server to the specified port, establish a TCP connection, and synchronize the serial number and confirmation number of both parties and Exchange TCP window size information. In socket programming, the client executes connect (). Will trigger a three-time handshake.

TCP Message Format:

Handshake for the first time:

The client sends a TCP SYN flag of 1 that indicates the port of the server to which the client intends to connect, and the initial ordinal x, which is saved in the header Number field of the packet Sequence.

Second handshake:
The server sends back a confirmation packet (ACK) reply. That is, the SYN flag bit and the ACK flag bit are both 1, and the confirmation ordinal (acknowledgement number) is set to the customer's ordinal (SEQ) plus 1 for. X+1.

Handshake for the third time.
The client sends the confirmation packet again (ACK) to the SYN flag bit for the 0,ACK flag bit of 1. and sends the server an ACK to the ordinal field +1, which is placed in the OK field to send to the other party. and write customer segment sequence +1 in data segment

During a three-time handshake , the TCP connection before the server sends Syn-ack is called a half-connection (Half-open Connect) before the ACK is received by the client. The server is now in Syn_ recv status. When an ACK is received, the server goes into the established state.

SYN attack is to attack the client in a short period of time to forge a large number of non-existent IP addresses, to the server constantly send SYN packets, the server replies to confirm the packet, and wait for the customer's confirmation, because the source address is not present, the server needs to continue to resend until time-out, These bogus SYN packets will take a long time to occupy the disconnected queue, the normal SYN request is discarded, the target system is running slowly, the serious person causes the network jam and even the system is paralyzed.

Three-time handshake for TCP

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.