preface

The TCP three-way handshake 🤝 establishes a connection and the four-way wave 👋 disconnects. I believe many people have heard of it and have seen the relevant content. This article is to record my understanding of the two operations.

Before we get into the formal content, let’s take a look at a few notation concepts:

  • Serial number SEQ: used to mark the sequence of data segments. TCP sets a serial number for all data bytes sent in the connection. The number of the first byte is randomly generated locally. After the bytes are numbered, each message segment is assigned a number; The serial number seQ is the data number of the first byte in the packet segment.

  • Ack number: indicates the sequence number of the first byte of the next packet segment that is expected to be received. Serial number indicates the number of the first byte of data carried in the message segment. The acknowledgment number refers to the number expected to receive the next byte; Therefore, the number of the last byte of the current packet segment +1 is the confirmation number.

  • ACK: The ACK number field is valid only when ACK=1. When ACK=0, the confirmation number is invalid

  • SYN: Synchronizes the sequence number when the connection is established. When SYN=1 and ACK=0, it indicates that this is a connection request packet segment. If the connection is agreed, SYN=1 and ACK=1 are set in the response packet segment. Therefore, SYN=1 indicates that this is a connection request, or a connection accept message. The SYN bit is set to 1 only when TCP establishes a production connection. After the handshake is complete, the SYN bit is set to 0.

  • Terminate FIN: Used to release a connection. FIN=1 indicates that the sender of the packet has finished sending data and wants to release the transport connection

Three-way handshake

Let’s start with the following scenario:

I was having dinner with my friends in a restaurant. When I was having a drink, my girlfriend called me. There were many people in the restaurant, but I couldn’t hear the voice clearly for some reasons.

Me: Can you hear me?

W: Yes, speak up. Can you hear me?

Me: I can hear you,

And so on, so that both sides can hear, so that the conversation can continue.

TCP is connection-oriented. Before either party sends data to the other, a connection must be established between the two parties. In THE TCP/IP protocol, TCP provides a reliable connection service that is initialized with a three-way handshake 🤝. The purpose of the three-way handshake 🤝 is to synchronize the serial numbers and confirmation numbers of the two sides of the connection and exchange TCP window size information. Thus, we can establish a connection between the client and the server:

  • First handshake 🤝 :The client sends a connection request packet to the serverSYN=1And generate the initial serial number randomlyseq=xAt this point, the client process entersSYN-SENTStatus, waiting for server confirmation.
  • Second handshake 🤝 :After receiving the request packet, the server sends an acknowledgement packet if it agrees to connect. The value in the confirmation packet should beACK=1.SYN=1, the confirmation number isack=x+1, and also initialize a random sequence number for yourselfseq=yAt this point, the server process entersSYN-RCVDStatus, asking if the client is ready.
  • Third handshake 🤝 :The client process also sends an acknowledgement to the server after receiving it. Acknowledgement of messageACK=1.ack=y+1, the connection is established and the client entersESTABLISHEDStatus, the server also enteredESTABLISHEDState.

The above is a general process of the three handshakes 🤝, then the question comes:

Why do you need three handshakes 🤝? Is it feasible to change the last handshake to two handshakes 🤝?

If the client want to shake hands to the server, it sends the first connection request packet, but due to poor network signal or the load on the server too much, this request is not immediately to the server, but the retention of the long hours in a network node, that stuck to the client connection release after a certain point in time to reach the service side, After receiving the invalid request packet, the server mistakenly thinks that the client has sent another connection request. In this case, the server sends an acknowledgement packet to the client, indicating that the client agrees to establish a connection.

If the three-way handshake is not used, the new connection is made as long as the server sends an acknowledgement. But now the client does not establish a connection request, the request is actually the request of failure, everything is in the phase of a service, so that the client is not ignore confirmed information from the server, also won’t send confirmation request to the server, but thought that a new server connection has been established, and has been waiting for the client from the data, in this case, Many resources on the server side are not wasted.

The three-way handshake is in order to prevent the occurrence of the above this kind of situation, such as just in case, the client won’t come to the server send confirmation request, the server will have not received the confirmation message, because you know the client does not want to establish a connection, then the server would not be to establish a connection, this is the role of the three-way handshake.

Four times to wave

Let’s go to the following situation again:

If one day I want to be free, I will break up with my girlfriend:

Me: I want freedom, freedom long live, break up

Woman: Okay, you’re breaking up

Then she would vent by calling me a slag, or trying to keep me, and after calming down:

W: That’s it, then

Me: Ok

So far, each rush things, mutually good, forget in the river’s lake.

When a TCP connection is established between a client and a server through a three-way handshake, the TCP connection must be disconnected to prevent waste of resources after the data transfer is completed. For TCP disconnection, there is a four-way handshake.

  • First wave 👋 :The client process sends a connection release FIN packet and stops sending data. Release the data header,FIN=1And its serial number isseq=x, the client entersFIN-WAIT-1(Terminate wait 1) status.
  • Second wave 👋 :The server process received a connection release. ProcedureFINAn acknowledgement packet is sentACKMessage,ACK=1.ack=x+1And bring your own serial numberseq=y, the server entersCLOSE-WAIT(Off wait) state. At this point, the server notifies the higher-level application process, and the client is released from the server. The client is in the semi-closed state, that is, the client has no data to send, but if the server sends data, the client still needs to accept it. It’s going to last for a while, which is the wholeCLOSE-WAITDuration of the state. After receiving the confirmation request from the server, the client entersFIN-WAIT-2(Terminate wait 2) State, waiting for the server to send the connection release message, before the server can still receive the last data sent from the server.
  • Third wave 👋 :When the server sends the final data to the client, it sends the connection release to the clientFINMessage,FIN=1.ack=x+1, the serial number isseq=z, the server entersLAST-ACK(Final confirmation) status, waiting for the client’s confirmation.
  • Fourth wave 👋 :The client receives a connection release from the serverFINAfter the packet is sent, an acknowledgement packet must be sent.ACK=1.ack=z+1And his serial number isseq=x+1At this point, the client entersTIME-WAIT(Time wait) status. After receiving the confirmation packet from the client, the server immediately cancels its own transmission control blockTCBAnd into theCLOSEDState, pay attention to what’s going on hereTCPThe connection has not been released and must go through2MSL(Maximum Packet segment life). If the client does not receive any data from the server, the server is shut down. In this case, the client cancels the corresponding transmission control blockTCBAfter enteringCLOSEDState. At this point,TCPThe connection is really broken. (End of the serverTCPConnect slightly earlier than the client)

Ok, so the question is:

Why do you need to wave 👋 four times to disconnect a connection, just like you do when establishing a connection?

TCP is a connection-oriented, reliable, byte stream – based transport-layer communication protocol. TCP is in full-duplex mode, which means that when the client wants to disconnect the connection, the client sends a FIN packet to the server to indicate that the client has no data to send, but the client can still receive data from the server.

After the server receives a FIN packet and returns an ACK packet, it indicates that the server knows that the client is about to be disconnected and no data needs to be sent. However, the server may still have data to be transmitted to the client.

After data transmission on the server is complete, the server sends a FIN packet to the client, indicating that the server has no data to transmit. The server agrees to close the connection. After receiving the FIN packet, the client immediately sends an ACK packet to the client to close the connection. After that, the client and server happily disconnect the TCP connection with each other.

You may wonder why THE SERVER sends ACK packets and FIN packets separately, but sends ACK packets and SYN packets together in the three-way handshake. In the three-way handshake, the server directly sends SYN+ACK packets after receiving a SYN request packet from the client. ACK packets are used for reply, and SYN packets are used for synchronization. However, when the server receives a FIN packet, it may not close the SOCKET immediately. Therefore, it can only reply an ACK packet to the client, telling the client that I received the FIN packet you sent. The server can send the FIN packet only after all data is sent. Therefore, ACK packets and FIN packets cannot be sent together. That’s why it takes four waves to disconnect.

validation

Using the Wireshark to capture packets, you can see the three-way handshake and four-way wave.

Tools: Wireshark

Download from www.pc6.com/mac/112232….

After the installation is complete, open Wireshark and start monitoring network packets.

Open two terminal Windows and create a connection:

In terminal window 1, enter NC-L 6060 and press Enter

In terminal window 2, enter NC 127.0.0.1 6060 and press Enter

After a connection is established between two terminals, you can view the three-way handshake in Wireshark:

Here’s a look at the four waves:

conclusion

The TCP three-way handshake and four-way wave, in my opinion, is to ensure the “security integrity” of the connection when establishing and disconnecting the connection. It also ensures the complete transmission of data. TCP three handshakes and four waves of the hand are here, if there is an error also please correct!

The above sitcoms are pure fiction. After all, real drivers don’t need women. (Funny save your Life)