Illustrated Network: The principle behind the TCP three-way handshake, why not two-way handshake?

TCP is one of the main protocols of the Internet protocol suite. It is located between the application layer and the network layer and is used to provide reliable connection services. It is a connection-oriented communication protocol that helps to exchange messages between different devices over the network.

When talking about TCP, we must mention the TCP three-way handshake. This is the core of the TCP connection core. So what is the process of the TCP three-way handshake and what excellent design features does it have?

Today, Rui Ge will explain it to you in a graphic way. Let’s get started.

What is TCP?

• English full name: Transmission Control Protocol
• Chinese name: Transmission Control Protocol

TCP is a connection-oriented protocol that ensures that data is delivered intact to its destination. TCP first establishes a session with the TCP port on each host by using the TCP three-way handshake. Then it transmits data in the form of packets. Each packet has a sequence number. When a packet is received at the destination, TCP generates an acknowledgment to the sending host. If a packet in the sequence is not received, TCP on the sending host retransmits the packet after a certain time interval.

TCP three-way handshake

TCP will have three handshake processes during the establishment and closing of the connection between two devices, that is, it takes three steps to establish and close the connection. Let's take a detailed look at these three processes.

Three-way handshake in life

Let's first use an example from life to illustrate the three-way handshake process:

Three-way handshake in life

Xiao Ming wants to call Xiao Mei, but he is not sure if the other party is Xiao Mei, so he will go through the following process:

• Xiao Ming: Hello, is this Xiao Mei? [First handshake]
• Xiaomei: Yes, I am Xiaomei. [Second handshake]
• Xiao Ming: OK, I know you are Xiao Mei. [Third handshake]

After three handshakes, Xiao Ming can clearly confirm that the other party is Xiao Mei, which is very reliable!

If there is only one handshake, then after Xiao Ming asks "Hello, are you Xiao Mei?", Xiao Ming is not sure whether the other party has received this greeting, let alone whether the other party is Xiao Mei.

If there are only two handshakes, then after Xiao Ming receives Xiao Mei's reply "Yes, I am Xiao Mei.", Xiao Mei does not know whether Xiao Ming has received her reply, so she is not sure whether to communicate with the person who asked her on the phone next.

So the three-way handshake is just right.

Three-way handshake from a professional perspective

Let's take a look at the professional three-way handshake.

Professional terms involved in the three-way handshake

Server: A server is a physical computer dedicated to running services to meet the needs of other computers.

Client-Server

• Client: A client is a computer hardware device or software that accesses the services provided by a server.
• SYN: Synchronize Sequence Number, this is the first data packet from the client to the server, which can be described as a request to establish a connection. If SYN is 1, it means that the device wants to establish a secure connection, otherwise not.

SYN packet capture

ACK: Acknowledgement, which can be said to be a response to SYN. ​​If ACK is 1, the device has received the SYN message and confirmed it, otherwise not.

ACK packet capture

Three-way handshake steps

Three-way handshake steps

Step 1: The client sets the SYN flag to 1 and sends a message to the server.

Step 2: The server acknowledges the client request by setting the ACK flag to 1.

Step 3: After the client receives the synchronization (SYN) from the server, it sends an acknowledgment (ACK) to the server.

After getting (ACK) from the client, the connection between the client and the server is established and now data can be transferred between the client and the server.

More detailed process

A more detailed process of the three-way handshake

Step 1: The TCP client sends a TCP SYN packet to the server to start the connection. The packet contains a random sequence number n, which indicates the beginning of the sequence number of the data that the client should transmit.

Step 2: The server receives the data packet and responds with its sequence number (m). Its response also includes an acknowledgment number, which is the client's sequence number plus 1, here n+1.

Step 3: The client responds to the server by sending a confirmation number, which is the server's serial number plus 1, here m+1.

TCP three-way handshake packet capture analysis

No matter how many theories there are, they are all in vain without practice, so the best way to verify our theory is to capture the packet and look at the TCP three-way handshake process.

TCP three-way handshake packet capture analysis

As shown in the figure, the host 172.16.16.128:2826 and the host 212.58.226.142:80 establish a three-way handshake process:

• Step 1: Host 172.16.16.128:2826 sends [SYN] Seq=0 to host 212.58.226.142:80
• Step 2: Host 212.58.226.142:80 sends [SYN,ACK] Seq=0, Ack=1 to host 172.16.16.128:2826
• Step 3: Host 172.16.16.128:2826 sends [ACK] Seq=1, Ack=1 to host 212.58.226.142:80

This is the detailed three-way handshake message. I think at this moment, everyone can open their own wireshark packet capture tool to experience the magic of TCP three-way handshake.

TCP Window

When you look at the Wireshark packet capture screenshot in the above picture, you must have noticed the word Win=8192, which is the TCP window.

The client sends a bunch of data to the server, and the server verifies all packet-level checksums and sends an ACK packet indicating that everything was received correctly.

If not everything was received, some or all of the data will need to be retransmitted. Each device maintains a buffer of all the data in case it needs to be sent again. Receiving an ACK packet means the device can flush the old data out of the buffer.

TCP Window

The TCP window is the maximum number of bytes that can be sent before receiving an ACK.

If the network is unreliable, it is better to set the TCP window smaller so that if problems occur, very large data will not have to be retransmitted.

TCP also has an excellent design, which is the sliding window. That is, the device can dynamically change the window size, reducing the window in congestion and enlarging the window in normal times.

Other parameters

The packet capture screenshot contains not only the TCP window, but also other parameters:

• MSS (Maximum Segment Size), maximum segment size.
• WS (Windows Scaling) is used to control the maximum TCP receive window size.

Why TCP cannot establish a connection through a second handshake

We need to know that for Server and Client to establish a connection, the following four conditions must be met:

• The server needs to confirm that it can receive data packets from the client
• The client needs to confirm that the client can receive data packets from the server
• The client needs to confirm that the server can receive data packets from the client
• The server needs to confirm that the client can receive data packets from the server

The four conditions seem to be very complicated, but in fact, they are:

• Xiao Ming asked: "Hello, is this Xiao Mei?" After sending successfully, Xiao Ming confirmed that he could receive the message from Xiao Mei, verifying the first condition [the server needs to confirm that the server can receive the data packet from the client]
• Xiaomei replies: "Yes, I am Xiaomei": After the message is sent successfully, Xiaomei confirms that she can receive information from Xiaoming, and can also confirm that Xiaoming can receive information from her, verifying the second and third conditions [the client needs to confirm that the client can receive data packets from the server] [the client needs to confirm that the server can receive data packets from the client]
• Xiao Ming replied: "OK, I know you are Xiao Mei": After the message is sent successfully, Xiao Ming confirms that Xiao Mei can receive the message from him, verifying four conditions [the server needs to confirm that the client can receive the data packet from the server]

TCP is a two-way communication protocol, which means that either end should be able to send data reliably, so the three-way handshake is just right.