🔊 This article is available at ⭐Cs-wiki (Gitee recommended project, 0.8K Star)Welcome to star ~ 😊

The foreword 0.

Three handshakes and four waves over the computer network TCP is a common interview question, but what would an interviewer be more likely to hear in a real job interview? What is the level of detail?

The simpler the common problems, the more can not be underestimated, great oaks from little acorns, the deeper the simple problems, can more open the distance with the competitors. Grasp all the knowledge points in this article, about TCP three handshakes and four waves is basically OK 😊

1. The TCP and UDP

Before explaining the TCP three-way and four-way handshakes, let’s take a look at the two heavyweight transport-layer protocols, TCP and UDP.

💦 User Datagram Protocol (UDP) :

  • UDP does not need to establish a connection before transmitting data, and the remote host does not need to give any acknowledgement after receiving the UDP packet.
  • While UDP does not provide reliable delivery, there are some situations where UDP is the most efficient way to work (typically for instant messaging), such as QQ voice, QQ video, live streaming, and so on

💦 Transmission Control Protocol (TCP) :

  • TCP provides connection-oriented services. A connection must be established before data transfer and released after data transfer.
  • TCP does not provide broadcast or multicast services. Because TCP to provide a reliable, connection-oriented transport service (TCP and reliable in TCP before passing data, there will be three times handshake to establish a connection, and in data transmission, are confirmed, window, retransmission, flow control and congestion control mechanism, the data after the transfer, will also disconnected waved four times to save system resources). This not only makes the header of the protocol data unit much larger, but also consumes a lot of processor resources.
  • TCP is used for file transfer, mail sending and receiving, and remote login.

2. Format of the TCP segment header

You don’t have to remember the exact format of the TCP segment, but some of the control bits are related to the three handshakes and four waves that we’re going to talk about.

The meaning of each field in the fixed part of the header is as follows:

  • 1 – Source port and Destination port: Two bytes each are written to the source port and destination port respectively. The IP address + port number can determine a process address

  • 2 – Sequense Number (SN) : Each byte in the byte stream transmitted in a TCP connection is sequentially numbered. This field represents the serial number of the first byte of the data sent by this article. The initial sequence is called Init Sequense Number, ISN. (This is an important field to make an impression on, which will be explained in more detail later.)

    For example, a segment whose sequence number is 101 contains 100 bytes of data. This indicates that the first byte of the data in this article is numbered 101 and the last byte is numbered 200. Obviously, the data sequence of the next segment should start at 201, that is, the sequence number field of the next segment should have a value of 201.

  • 3 – Acknowledgement NUMBER ACK: indicates the number of the first data byte expected to receive the next packet segment from the peer. If the confirmation number is N, it indicates that all data up to the number n-1 have been received correctly.

  • 4 – Data offset (header length) : This indicates how far the data start of the TCP segment is from the start of the TCP segment. This field actually indicates the header length of the TCP segment.

  • 5 – Reserved: 6 digits should be set to 0 and reserved for future use.

⭐ If you look at the figure above, there are 6 control bits (important) to the right of the reserved bits. This is what TCP uses to describe the nature of the paragraph:

  • Critical bit URG: When URG is 1, it indicates that the packet segment contains critical data of high priority and should be sent as soon as possible without queuing in the cache. This control bit should be used with the emergency pointer (the emergency pointer indicates the number of bytes of emergency data in this article).

    For example, we need to cancel the run of a program that has been sent for a long time, so the user issues an interrupt command from the keyboard. If emergency data is not used, then the instruction is stored at the end of the cache of the receiving TCP, and the two characters are delivered to the recipient’s application process only after all the data has been processed, thus preventing immediate interruption.

  • Confirmable ACK: The confirmable ACK field is valid only if ACK = 1, and invalid if ACK = 0. TCP specifies that all segments sent after a connection is established must have an ACK of 1.

  • Push PSH: When two application processes are communicating interactively, sometimes an application process on one end expects to receive a response immediately after typing a command. In this case, TCP can use push operations. At this point, the sender TCP sets PSH to 1 and immediately creates a segment to send. After receiving the packet segment with PSH = 1, the TCP receiver delivers the packet to the receiving application process as soon as possible. You don’t have to wait until the entire cache is full.

  • Reset RST: When RST = 1, it indicates that a serious error has occurred in the TCP connection (such as due to a host crash or other reason) and that the connection must be released before the transport connection is re-established.

  • SYN: SYN = 1 indicates that this is a connection request or a connection receive packet.

    When SYN = 1 and ACK = 0, this indicates a connection request segment. If the peer agrees to set up a connection, it should set SYN = 1 and ACK = 1 in the response segment.

  • Terminate FIN: Used to release a connection. When FIN = 1, it indicates that the sent data of this segment has been sent and the transport connection needs to be released.

3. The TCP three-way handshake establishes the connection

(1) Detailed explanation of the three-way handshake process

It takes three steps to establish a handshake/connection. Of course, a three-message handshake is also called a three-message handshake.

The three-way handshake is used to check whether the receiving and sending capabilities of the two parties are normal, and specify the Init Sequense Number (ISN) to prepare for reliable transmission.

The three-way handshake process is as follows:

Review the meanings of the characters in the figure below:

  • SYN: Connection request/receive segment
  • seq: The sequence number of the first byte sent
  • ACK: Confirms the segment
  • ack: Confirmation number. The sequence number of the first byte of the next data you want to receive

The client is in the Closed state and the server is in the Listen state:

CLOSED: There is no connection status

LISTEN: listens for connection requests from remote TCP ports

1) First handshake: The client sends a SYN packet (SYN = 1) to the server and specifies the client initialization sequence number (ISN(x), that is, seq = x in the figure, which indicates the sequence number of the first byte of the data sent in this article. The client is in the SYN_Send state.

Syn-sent: Waits for a matching connection request after sending the connection request

2) Second handshake: After receiving the SYN packet from the client, the server sends a SYN packet as a response (SYN = 1) and specifies its own initialization sequence number, that is, seq = y in the figure. In addition, the ISN + 1 of the client is used as the ACK number, indicating that the SERVER has received the SYN packet from the client. The sequence number of the first byte of the next data to be received is X + 1. In this case, the server is in the SYN_REVD state.

Syn-received: Waits for acknowledgement of a connection request after receiving and sending a connection request

3) The third handshake: After receiving a SYN packet from the server, the client sends an ACK packet. In the same way, the ISN + 1 of the server is used as the ACK value to indicate that the CLIENT has received the SYN packet from the server. The sequence number of the first byte of the next packet to be received is Y + 1. Seq = x +1 (seq = x, so the second segment is +1). At this point, the client is in the Establised state.

After receiving an ACK message, the server is also in the Establised state. At this point, a TCP connection has been established between the two parties.

ESTABLISHED: Represents an open connection and data can be transmitted to the user

② Why three handshakes

The purpose of the three-way handshake is to establish a reliable communication channel. Speaking of communication, it is simply the sending and receiving of data. The main purpose of the three-way handshake is to confirm that the sending and receiving of each other is normal.

Only after three handshakes can we confirm that the sending and receiving functions of the two hair are normal, which is indispensable:

  • First handshake (when the client sends a SYN packet to the server and the server receives the packet) : The client cannot confirm anything. The server confirms that the peer sending is normal and the server receiving is normal

  • Second handshake (the server responds to the SYN packet to the client, and the client receives the packet) :

    The client confirms that its own sending and receiving are normal, and the peer party’s sending and receiving are normal.

    The server confirms that the peer sending is normal and the server receiving is normal

  • Third handshake (when the client sends an ACK packet to the server) :

    The client confirms that its own sending and receiving are normal, and the peer party’s sending and receiving are normal.

    The server confirms that its own sending and receiving are normal, and the other party’s sending and receiving are normal

③ Is the ISN (Initial Sequence Number) fixed

An important function of the three-way handshake is that the client and server exchange Initial Sequence numbers (isNs) so that the server knows how to assemble data based on Sequence numbers before receiving data.

When one end sends its SYN to establish a connection, it selects an initial serial number for the connection. The ISN changes over time, so each connection will have a different ISN. If the ISN is fixed, it is easy for an attacker to guess the subsequent confirmation number, so the ISN is dynamically generated.

④ Can data be carried during the three-way handshake

On the third handshake, you can carry data. However, the first and second handshakes must not carry data

If a handshake can carry data for the first time, if someone want to malicious attacks server, that he shook hands with every time for the first time in the SYN packet into a large amount of data, and then repeat hair crazy SYN packet words (because the server receives, the attacker simply didn’t have to send ability is normal, it is to attack you, This can cost the server a lot of time and memory to receive these messages.

⭐ Simple memory is that a connection request/receive (SYN = 1) cannot carry data

The third time, the client is in the ESTABLISHED state. For the client, he has established the connection and knows that the server can receive and send data, so of course he can send/carry data.

⑤ Half connection queue

After the server receives the SYN from the client for the first time, it is in the SYN_RCVD state before the connection is fully established. The server puts the requests in this state in a queue, which we call a half-connection queue.

Of course, there is also a full connection queue, where all connections established after the three-way handshake are placed. If the queue is full, packet loss may occur.

⑥ SYN flood attacks

In a SYN attack, the Client forges a large number of non-existent IP addresses in a short period of time and sends SYN packets to the Server. The Server replies with an acknowledgement packet and waits for the acknowledgement from the Client. Since the source IP address does not exist, the Server resends the packet until it times out. These forged SYN packets occupy the half-connection queue for a long time, causing normal SYN requests to be discarded because the queue is full, causing network congestion or even system breakdown.

⑦ What will the client server do if the third handshake is lost

After the server sends the SYN-ACK packet, if the server does not receive the acknowledgement packet from the client, the third handshake is lost. Then the server will retransmit the first time. If the customer confirmation packet is not received after a period of time, the server will retransmit the second time. If the number of retransmissions exceeds the maximum number of retransmissions, the system deletes the connection information from the half-connection queue.

Note that the wait time for each retransmission is not necessarily the same. It is usually exponential, such as 1s, 2s, 4s, 8s…

4. TCP waves four times to release the connection

① Detailed explanation of the process of four waves

It takes three handshakes to set up a TCP connection, and four waves to terminate a TCP connection (also called four handshakes). This is due to the half-close feature of TCP, which provides the ability for one end of a connection to receive data from the other end after terminating its transmission.

Releasing a TCP connection requires sending Four packets (Four steps). That’s why it’s called a four-way handshake. Both client and server can initiate a handshake.

To review what the symbols in the figure above mean:

  • FIN: Connection termination bit
  • seq: The sequence number of the first byte sent
  • ACK: Confirms the segment
  • ack: Confirmation number. The sequence number of the first byte of the next data you want to receive

Both sides start in the ESTABLISHED state, assuming that the client initiates a close request first. The process of four waves is as follows:

1) First wave: The client sends a FIN packet (request connection termination: FIN = 1) with a serial number seq = U specified in the packet. Stop sending data and close the TCP connection. In this case, the client is in the FIN_WAIT1 state, waiting for confirmation from the server.

Fin-wait-1 – Waiting for a remote TCP connection break request, or for acknowledgement of a previous connection break request;

2) Second wave: After receiving the FIN packet, the server will send an ACK packet and take the serial number of the client +1 as the serial number of the ACK packet, indicating that the packet has been received from the client. At this time, the server is in CLOSE_WAIT state.

Close-wait – Waits for the connection interruption request from the local user.

In this case, TCP is in the semi-closed state, and the connection between the client and the server is released. After receiving the acknowledgement from the server, the client enters the FIN_WAIT2 state and waits for the connection release segment sent by the server.

Fin-wait-2 – Waits for connection interruption requests from remote TCP;

3) Third wave: If the server also wants to disconnect (there is no data to send to the client), send a FIN packet and specify a serial number as the first wave. The server is in the LAST_ACK state and waiting for confirmation from the client.

Last-ack – Waits for acknowledgement of the original connection break request sent to the remote TCP;

4) Fourth wave: After receiving the FIN packet, the client sends an ACK packet as a response (ACK = w+1) and uses the sequence value +1 of the server as the sequence number value of its ACK packet (seq= U +1). The client is in TIME_WAIT state.

Time-wait – To WAIT enough TIME to ensure that the remote TCP receives an acknowledgement of the connection interruption request;

🚨 Attention!! In this case, the TCP connection between the server and the client is not released. It enters the CLOSED state only after the timer is set to 2MSL (the return time of a packet). This is to ensure that the server receives its OWN ACK packets. If the server does not receive an ACK packet from the client within a specified period of time, the server resends a FIN packet to the client. After receiving the FIN packet again, the client knows that the previous ACK packet is lost and sends another ACK packet to the server. After receiving ACK packets, the server closes the connection and is in the CLOSED state.

② Why four waves

Because of TCP’s half-close feature, TCP provides the ability for one end of a connection to receive data from the other end after it has finished sending.

Either party can send a notice to release the connection after the data transmission ends, and enter the semi-closed state after the other party confirms. If the other party has no data to send, it sends a connection release notification. After the other party confirms that the TCP connection is completely closed.

Colloquially, it takes two handshakes to release a TCP connection from one end to the other, and a total of four handshakes to fully release the connection.

For example, A is on the phone with B. At the end of the conversation, A says, “I don’t have anything else to say.” B replies, “I know.” The connection is released. But B might have something to say, so B might say something, and finally B says, “I’m done,” and A says, “Yes,” and B releases the connection to A, ending the conversation.

Instant updates can follow my public account oh ~ 👇