Attention! Is TCP not HTTP 3 times handshake and 4 times wave (#... #)

The introduction

In development, you hear about the three handshakes and four waves of HTTP from time to time, and in interviews you are asked about the three handshakes and four waves of HTTP. Many developers have the misconception that the three handshakes and four waves of HTTP are all HTTP, which is actually not true. Correctly, the three-way wave and four-way handshake are done in TCP.

Three-way handshake in TCP

First, the Client sends a connection request packet. After receiving the connection, the Server replies with an ACK packet and allocates resources for the connection. After receiving an ACK packet, the Client sends an ACK packet to the Server segment and allocates resources. In this way, a TCP connection is established.

Seq Sequence Number is the Sequence Number of the first byte in the sent packet. It is 32 bits.
Ack Acknowledgment Number This Acknowledgment Acknowledgment Number is a 32-bit sequence Number.
ACK indicates that the Acknowledgment Number field is meaningful
PSH indicates the Push function, and RST indicates the reset TCP connection
SYN indicates the SYN packet (used when establishing a TCP connection).
FIN indicates no more data to send (used when closing a TCP connection)
Source Port is a 16-bit Source Port.
Destination Port is a 16-bit Destination Port.
Data Offset is a 4-bit Data Offset. The value of this field is the length of the TCP header (including options) divided by 4. [1]
Flag bit: 6 bits, URG indicates that the Urgent Pointer field is meaningful: Through the following picture, we analyze the TCP three-way handshake in detail

(1) At first, the TCP processes at both ends are in the CLOSED state. A (Client) actively opens the connection, while B (Server) passively opens the connection. (A and B are in the CLOSED state — B Is in the listening state LISTEN — A is in the syn-sent state — B Is in the received state SYN-rcvd — A is in the ESTABLISHED state)

First handshake: At first, both ends are in the CLOSED state. A (Client) sets the SYN flag bit to 1, randomly generates A value seq= X, and sends the packet to B (Server). A (Client) enters the SYN-sent state and waits for confirmation from B (Server).
Second handshake: If Server B agrees to establish A connection after receiving the connection request packet segment, it sends an acknowledgement to Client A. In the acknowledgement packet segment (SYN=1, ACK=1, ACK= X +1, initial sequence number SEq = Y), B (Server) The TCP Server process enters the SYN-RCVD state.
Third handshake: After receiving an acknowledgement from Server B, the TCP client sends an ACK packet (ACK=1, ACK number = Y +1, seq= X +1) to Server B (the initial value is SEq = X, and the second packet segment needs to be +1). The ACK packet segment can carry data. If it does not carry data, the SEQUENCE number is not consumed. The TCP connection is ESTABLISHED, and A enters ESTABLISHED.
After B receives A’s confirmation, it also enters the ESTABLISHED state.

(2) Summarize the three-way handshake process:

The Client sets the SYN flag bit to 1, randomly generates a value seq= X, and sends the packet to the Server. The Client enters the SYN-sent state and waits for confirmation from the Server.
Second handshake: After receiving the packet, the Server realizes that the Client requests to establish a connection by using flag bit SYN=1. The Server sets flag bit SYN and ACK to 1, ACK =x+1, randomly generates a value seq= Y, and sends the packet to the Client to confirm the connection request. When the Server enters the SYN-RCVD state, the operating system allocates TCP cache and variables for the TCP connection.
Third handshake: After receiving the acknowledgement, the Client checks whether the ACK is X +1 and ACK is 1. If the ack bit is correct, the Client sets ack bit to 1 and ACK = Y +1. At this time, the operating system allocates TCP cache and variables for the TCP connection and sends the packet to the Server. Check whether the ACK value is 1. If the ACK value is correct, the connection is ESTABLISHED successfully. The Client and Server enter the ESTABLISHED state and complete the three-way handshake.

SYN=ACK=1, ACK= X +1; SYN=ACK= X +1; The initial sequence number is seq=y), and enters the SYN-RCVD state. After receiving the acknowledgement from B, A sends an acknowledgement to B (ACK=1, ACK= y+1, seq=x+1). A enters the ESTABLISHED state.

TCB Transmission Control Block stores important information in each connection, such as TCP connection table, Pointers to the send and receive cache, Pointers to the retransmission queue, and current send and receive serial numbers.

(3) Why does A send A confirmation? Can I have a second handshake?

** An error occurs in case an invalid connection request segment is suddenly sent to B. ** If USER A sends A connection request but receives no confirmation because the connection request packet is lost, user A retransmits the connection request. Confirmation was received and a connection was established. Data transfer is completed, the release of the connection, A request message segment issued two connection, one of the first loss of the second arrived in B, but lost the first message segment just in some of the network node stranded for A long time, has been delayed to connection release after A certain time to reach the B, mistaken for A and B at this time A new connection requests, As long as B sends A confirmation message, A new connection is established. In this case, A ignores B’s confirmation and does not send data. Therefore, B waits for A to send data, wasting resources.

(4) Is the Server vulnerable to SYN attacks?

Resources on the Server are allocated during the second handshake, while resources on the Client are allocated during the third handshake. Therefore, the Server is vulnerable to SYN flood attacks. In this attack, the Client forges a large number of non-existent IP addresses in a short period of time and sends SYN packets to the Server. Because the source IP address does not exist, the Server repeatedly resends SYN packets until they time out. These forged SYN packets occupy unconnected queues for a long time. As a result, normal SYN requests are discarded because the queues are full, causing network congestion or even system breakdown.
Defense against SYN attacks: Reduce the waiting time of the host so that the host releases half-connected requests as soon as possible. If the host receives repeated SYN requests from a certain IP address within a short period of time, subsequent SYN requests are discarded.

Four waves in TCP

2. Wave four times

(1) The elaboration of the four waves

Assume that the Client sends a REQUEST to interrupt the connection, that is, a FIN packet. After the Server receives a FIN packet, it says, “I have no data to send to you from the Client.” If you have incomplete data to send, you can continue to send data without closing the Socket. So you send an ACK, “Tell the Client I received your request, but I’m not ready yet, please continue to wait for my message.” In this case, the Client enters the FIN_WAIT state and waits for the FIN packet from the Server. When the Server confirms that data has been sent, it sends a FIN packet to the Client to tell the Client that the data has been sent and that it is ready to close the connection. After receiving the FIN packet, the Client knows that it can close the connection. However, the Client still does not trust the network and is in TIME_WAIT state for fear that the Server will not close the connection. If the Server does not receive the ACK, it can retransmit the packet. When the Server receives an ACK, it knows it is ready to disconnect. If the Client waits for 2MSL and still does not receive a reply, then the Server is shut down normally. Well, the Client can close the connection. Ok, the TCP connection is closed! Through the following picture, let’s analyze the TCP three-way handshake in detail

After data transmission, both parties release the connection. Both A and B are in the ESTABLISHED state. ESTABLISHED — A enters the WAIT state FIN-waIT-1 — B Closes the WAIT state close-wait — A enters the WAIT state fin-wait-2 — B Last-ack — A Time-wait — B, A CLOSED)

The application process of A sends A connection release packet segment (FIN=1, serial number seq= U) to its TCP, stops sending data, initiatively closes the TCP connection, enters the FIN-WaIT-1 state, and waits for B’s confirmation.
After receiving the connection release packet, USER B sends an acknowledgement packet (ACK=1, ACK id = U +1, seq= V). User B enters close-wait state. In this case, TCP is in half-closed state and the connection between A and B is released.
After receiving the confirmation from USER B, user A enters the FIN-WaIT-2 state and waits for the connection release packet sent by user B.
If USER B does not send data to USER A, user B sends A connection release packet (FIN=1, ACK=1, seq= W, ACK= U +1). User B enters the last-ACK state and waits for user A’s confirmation.
After receiving the connection release packet from USER B, user A sends an acknowledgement packet (ACK=1, SEQ = U +1, ACK= W +1). User A enters the time-wait state. At this time, TCP is not released, and A can enter the CLOSED state only after waiting for 2MSL of time set by the timer.

(2) Summarize the four waving process:

Initially, A and B are in ESTABLISHED state — A sends the connection release packet and is in Fin-WaIT-1 state — B sends the confirmation packet and is in close-wait state — A enters fin-WaIT-2 state after receiving the confirmation. WAIT for the connection release packet segment of B — B has no data to send to A, B sends the connection release packet segment and enters the last-ACK state — A sends the confirmation packet segment and enters the time-wait state — B enters the CLOSED state after receiving the confirmation packet segment — A after the waiting timer is 2MSL, Enter the CLOSED state.

(3) Why must A WAIT 2MSL in time-wait state? Maximum Segment Lifetime, MSL=2

Cause: 1) ** ensures that the last ACK packet segment sent by A can reach B. ** the ACK segment may be lost, so that user B in the last-ack state cannot receive the FIN+ACK segment. User B retransmits the FIN+ACK segment due to timeout, and user A can receive the FIN+ACK segment within 2MSL. Then user A retransmits the FIN+ACK segment. Restart the 2MSL timer. At last, both A and B enter the CLOSED state. If A does not WAIT for A period of TIME in the time-wait state but immediately releases the connection after sending the ACK packet, the FIN+ACK packet retransmitted by B cannot be received, so it will not send the confirmation packet again. B cannot enter the CLOSED state.
Cause: 2) Prevent invalid connection request packet segment from appearing in this connection. After sending the last ACK message segment, A can make all the message segments generated during the duration of the connection disappear from the network after 2MSL, so that the old connection request message segment will not appear in the next new connection.

(4) Why is there a three-way handshake when connecting, but a four-way handshake when closing?

After receiving a SYN request packet from the Client, the Server sends a SYN+ACK packet. ACK packets are used for reply, and SYN packets are used for synchronization. However, when the Server receives a FIN packet, the SOCKET may not be closed immediately. Therefore, the Server can only reply with an ACK packet to tell the Client, “I received the FIN packet you sent.” I can send FIN packets only after all packets on the Server are sent. Therefore, THE FIN packets cannot be sent together. Therefore, a four-step handshake is required.

(5) Why does the state of TIME_WAIT take 2MSL to return to the CLOSE state?

Although logically, all four packets are sent and we can directly enter the CLOSE state, we must pretend that the network is unreliable and the last ACK may be lost. Therefore, the TIME_WAIT state is used to resend ACK packets that may be lost.

(6) optimization, we can optimize the server by modifying the system parameters

Tcp_tw_reuse: whether to reuse TCP links in TIME_WAIT state (set to true)
Tcp_max_tw_buckets: indicates the maximum number of sockets in TIME_WAIT state.
Tcp_fin_timeout: FIN_WAIT_2 time (turn down)

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Attention! Is TCP not HTTP 3 times handshake and 4 times wave (#… #)

The introduction

Three-way handshake in TCP

Four waves in TCP

Attention! Is TCP not HTTP 3 times handshake and 4 times wave (#… #)

The introduction

Three-way handshake in TCP

Four waves in TCP

Related Posts

Move the universe! React can also “use” computed properties

02(HTML Elements)

Configure the front-end route history mode with nginx