TCP three times handshake four times wave explain

TCP three handshakes and four waves

Why do you have to shake hands three times?

For the first handshake, the client is not sure of anything, but sends a message. The server is sure that the other party sent the message, accepts the message, and sends the second handshake request.

For the second handshake, the client confirms that the sender sends and receives the packet correctly, and the server confirms that the receiver sends and receives the packet correctly.

The third handshake, the client all confirm no problem, the server confirm the other party to send and accept normal, send and accept normal.

Why three handshakes instead of two? Two shake hands can create some half connection condition, such as the client to the server sends a request, but the request because the network reason did not arrive, triggered the timeout retransmission mechanism, the client to send the request and the server connection is established, and then disconnected, after a long time for the first time send a connection request to the server, The server agrees and replies with an ACK, but the client has been disconnected and only the server maintains the invalid link, resulting in a waste of resources.

The three-way handshake process

The client sends a SYN request with its own sequence number. The server replies with a SYNACK packet (client sequence number +1) and its own sequence number. The client replies with an ACK (server sequence number +1) and its own data. The third handshake transfers data. If it works the first time, the client can send massive amounts of data to attack the server.

SYN attacks are launched by frantically sending TCP requests but not responding to the third handshake. After receiving the request, the server will cache the client’s information. If the request is not acknowledged, resources will be wasted. Instead, a hash function takes the client’s information as input to get a cookie, which is sent to the client. The client carries the cookie with the third handshake, and the server directly verifies it.

The flow of four waves

The client sends a FIN message segment, the server response ACK, confirm closing said, at this time the client to the server to send data link is closed, but the server may need to send the data to the client, so the server can also send data, sending after sending FIN message section, after the client receives an ACK to the server, At this point, the client starts timing and waits for the maximum lifetime of the two packet segments. If no FIN request from the server is received within this period, the client can close the connection. This is done to prevent the sent ACKS from being lost, so that the timeout reissued FIN sent by the server can arrive again and start the timer again.