TCP three-way handshake and four-way wave

TCP (Transmission Control Protocol) is a connection-oriented, reliable, byte-stream-based transport layer communication protocol. The main goal of TCP is to provide a reliable, ordered, and error-checked data transmission method to ensure reliable data transmission in the network.

Key Features:

1. Connection-oriented: Before data can be transmitted, a TCP connection must be established. A connection is a reliable service with fixed connection endpoints.
2. Reliable transmission: TCP provides a confirmation and retransmission mechanism for data transmission to ensure the order and integrity of data. If data is lost or damaged during transmission, TCP will resend the data to ensure that the receiving end can receive the data correctly.
3. Flow control: TCP provides a mechanism for controlling the speed at which the sender sends data to prevent the receiver from losing data due to not having enough time to receive the data.
4. Congestion control: When the network is congested, TCP will reduce the speed of sending data to reduce network congestion. TCP uses a series of algorithms to detect and prevent network congestion.
5. Byte stream: TCP sends data in the application as a byte stream, without the concept of message boundaries. This means that the sender can send data continuously, while the receiver must receive the byte stream in sequence and reassemble it into meaningful data.

TCP is widely used in Internet Protocol (IP) networks and is an important part of Internet Protocol (IP). Many applications and protocols use TCP as their transport layer protocol, such as HTTP, FTP, SMTP, and many other protocols.

Before sending data, the communicating parties must establish a connection between each other. The so-called "connection" is actually a piece of information about the other party saved by the client and the server, such as IP address, port number, etc. TCP can be regarded as a byte stream, which will handle packet loss, duplication and error problems at the IP layer or below. In the process of establishing a connection, the two parties need to exchange some connection parameters. These parameters can be placed in the TCP header. A TCP connection consists of a 4-tuple, which are two IP addresses and two port numbers. A TCP connection is usually divided into three stages: connection, data transmission, and exit (close). A link is established through a three-way handshake, and a connection is closed through four waves. When a connection is established or terminated, the exchanged segments contain only the TCP header, but no data.

TCP message header structure

picture

1. Source port and destination port: used to identify the processes sending and receiving data.
2. Sequence number: seq sequence number, occupies 32 bits, used to identify the byte stream sent from the TCP source to the destination. The initiator marks this when sending data so that the receiving end can reorder and assemble the data.
3. Confirmation number: ack sequence number, occupies 32 bits. The confirmation sequence number field is valid only when the ACK flag is 1. ack=seq+1 is used to confirm the received data and tell the sender the next byte number expected to be received.
4. Header Length: Indicates the size of the TCP header in 32-bit words.
5. Flags: URG, ACK, PSH, RST, SYN, and FIN are used to indicate the status and operation of TCP. The specific meanings of the flags are as follows:

• ACK: Confirm that the sequence number is valid.
• FIN: Release a connection.
• PSH: The receiver should hand over this message to the application layer as soon as possible.
• RST: Reset the connection. SYN: Initiate a new connection.
• URG: The urgent pointer is valid.

6. Window size: used for flow control, indicating the maximum amount of data that the receiver can receive.
7. Checksum: Used to detect errors in data transmission.
8. Urgent pointer: used to identify the byte number of urgent data.
9. TCP options: optional information of variable length, such as maximum segment size, timestamp, etc.

Three-way handshake

The TCP three-way handshake process is the process of establishing a TCP connection, the purpose of which is to initialize the initial value of the sequence number of both communicating parties.

picture

• First handshake: The client sends a SYN packet (SYN=1) to the server and enters the SYN_SEND state, waiting for the server to confirm.
  The client wants to initiate a connection request to the server. First, the client randomly generates an initial sequence number ISN (for example, 100). The message segment sent by the client to the server contains the SYN flag (that is, SYN=1) and the sequence number seq=100.
• Second handshake: When the server receives the SYN packet, it must confirm the client's SYN (ACK=1, ack=x+1), and at the same time send a SYN packet (SYN=1, seq=y) to the client, that is, a SYN+ACK packet. At this time, the server enters the SYN_RECV state.
  After receiving the message from the client, the server finds SYN=1 and knows that this is a connection request, so it saves the client's starting sequence number 100 and randomly generates a server starting sequence number (for example, 300). Then it replies to the client with a message containing SYN and ACK flags (that is, SYN=1, ACK=1), sequence number seq=300, and confirmation number ack=101 (sequence number sent by the client + 1).
• The third handshake: The client receives the SYN+ACK packet from the server and sends a confirmation packet ACK (ACK=1, ack=y+1) to the server. After this packet is sent, the client and server enter the ESTABLISHED state, completing the three-way handshake.
  After receiving the reply from the server, the client finds ACK=1 and ack=101, so it knows that the server has received the message with sequence number 100; at the same time, it finds SYN=1, knowing that the server agrees to this connection, so it saves the server's sequence number 300. Then the client replies to the server with another message, which contains the ACK flag (ACK=1), ack=301 (server sequence number + 1), and seq=101 (the message sent during the first handshake occupies a sequence number, so this time seq starts from 101. It should be noted that ACK messages that do not carry data do not occupy sequence numbers, so seq is still 101 when the data is officially sent for the first time). When the server receives the message and finds ACK=1 and ack=301, it knows that the client has received the message with sequence number 300, and the client and server have established a connection through TCP.

Four waves

The four-wave process is the process used to normally close a TCP connection.

picture

For example, the client initializes the serial number ISA = 100, and the server initializes the serial number ISA = 300. After the TCP connection is successful, the client sends a total of 1000 bytes of data, and the server replies a total of 2000 bytes of data before the client sends a FIN message.

• First wave: The client sends a FIN packet to indicate that it wants to close the TCP connection. The client enters the FIN_WAIT_1 state and waits for confirmation from the server.
  When the client's data is transmitted, the client sends a connection release message to the server (of course, it can also send a connection release message and stop sending data when the data is not sent). The connection release message contains the FIN flag (FIN=1) and the sequence number seq=1101 (100+1+1000, where 1 is a sequence number occupied when the connection is established). It should be noted that after the client sends the FIN segment, it can no longer send data, but can still receive data normally; in addition, the FIN segment occupies a sequence number even if it does not carry data.
• Second wave: After receiving the FIN packet, the server sends an ACK packet to the client to confirm the client's request, and the server enters the CLOSE_WAIT state.
  After receiving the FIN message from the client, the server sends a confirmation message to the client. The confirmation message contains the ACK flag (ACK=1), confirmation number ack=1102 (client FIN message sequence number 1101+1), and sequence number seq=2300 (300+2000). At this time, the server is in a closed waiting state, instead of sending a FIN message to the client immediately. This state will continue for a while because the server may have data that has not been sent.
• The third wave: The server sends a FIN packet to the client, indicating that it wants to close the connection. The server enters the LAST_ACK state and waits for the client's confirmation.
  After the server sends the last data (for example, 50 bytes), it sends a connection release message to the client. The message contains the FIN and ACK flags (FIN=1, ACK=1), the confirmation number is the same as the second wave ack=1102, and the sequence number seq=2350 (2300+50).
• Fourth wave: After receiving the FIN packet from the server, the client sends an ACK packet to the server to confirm the server's request. The client enters the TIME_WAIT state and waits long enough to ensure that the server has received its confirmation. Then the client enters the CLOSED state and closes the connection. After receiving the ACK packet, the server enters the CLOSED state and closes the connection.
  After receiving the FIN message from the server, the client sends a confirmation message to the server. The confirmation message contains the ACK flag (ACK=1), confirmation number ack=2351, and sequence number seq=1102. Note that the client does not release the TCP connection immediately after sending the confirmation message, but releases the TCP connection after 2MSL (twice the longest message segment life). Once the server receives the confirmation message from the client, it will immediately release the TCP connection, so the server ends the TCP connection earlier than the client.