Understand TCP's three-way handshake and four waved hands in one article

table of Contents

1. Three handshake

2. Wave four times

3. Analysis of 11 state nouns

---

TCP's three-way handshake and four waved hands are essentially the connection and disconnection of TCP communication.

Three-way handshake: In order to track and negotiate the amount of data sent each time, to ensure the synchronization of the sending and receiving of the data segment, according to the amount of data received, it is confirmed when the data is sent and when the contact is cancelled after the reception is completed, and a virtual connection is established.

Four waves of hands: Terminate the TCP connection, which means that when a TCP connection is disconnected, the client and server need to send a total of 4 packets to confirm the disconnection.

TCP three-way handshake, four waved hands timing diagram

1. Three handshake

The TCP protocol is located in the transport layer, and its role is to provide reliable byte stream services. In order to accurately deliver data to the destination, the TCP protocol adopts a three-way handshake strategy.

Three-way handshake​​​​​​​Principle:

The first handshake: the client sends a data packet with the SYN (synchronize) flag to the server;

The second handshake: After the server receives successfully, it sends back a data packet with the SYN/ACK flag to confirm the delivery, indicating that I have received it;

The third handshake: The client sends back a data packet with an ACK flag, indicating that I know, and the handshake is over.

Among them: the SYN flag is set to 1, indicating that the TCP connection is established; the ACK flag indicates the verification field.

The three-way handshake can be understood through the following interesting illustrations:

Detailed description of the three-way handshake process:

1. The client sends a request message for establishing a TCP connection. The message contains the seq sequence number, which is randomly generated by the sender, and the SYN field in the message is set to 1, indicating that a TCP connection needs to be established. (SYN=1, seq=x, x is a randomly generated value);

2. The server replies to the TCP connection request message sent by the client, which contains the seq sequence number, which is randomly generated by the reply end, and sets SYN to 1, and will generate an ACK field. The value of the ACK field is sent on the client On the basis of the serial number seq, add 1 to reply, so that when the client receives the information, it knows that its TCP establishment request has been verified. (SYN=1, ACK=x+1, seq=y, y is a randomly generated value) Here ack plus 1 can be understood as confirming who to establish a connection with;

3. After the client receives the TCP establishment verification request sent by the server, it will add 1 to its own sequence number, and reply to the ACK verification request again, adding 1 to the seq sent by the server to reply. (SYN=1, ACK=y+1, seq=x+1).

2. Wave four times

Since the TCP connection is full-duplex, each direction must be closed separately. The principle is that when one party completes its data sending task, it can send a FIN to terminate the connection in this direction. Receiving a FIN only means that there is no data flow in this direction. A TCP connection can still send data after receiving a FIN. The first party to shut down will perform active shut down, and the other party will perform passive shut down.

Four waves of hands​​​​​​​Principle:

The first wave: The client sends a FIN to close the data transmission from the client to the server, and the client enters the FIN_WAIT_1 state;

Second wave: After receiving the FIN, the server sends an ACK to the client, confirming that the serial number is the received serial number + 1 (same as SYN, one FIN occupies a serial number), and the server enters the CLOSE_WAIT state;

The third wave: The server sends a FIN to close the data transmission from the server to the client, and the server enters the LAST_ACK state;

4th wave: After the client receives the FIN, the client t enters the TIME_WAIT state, and then sends an ACK to the server, confirming that the serial number is the received serial number +1, the server enters the CLOSED state, and completes four waves.

Among them: the number of FIN flags is set to 1, indicating that the TCP connection is disconnected.

You can understand the four waves of hands through the following fun illustrations​​​​​​​:

Four waved hands​​​​​​​Detailed description of the process:

1. The client sends a TCP connection request message, which contains the seq sequence number, which is randomly generated by the sender, and also sets the FIN field in the message to 1, indicating that the TCP connection needs to be disconnected . (FIN=1, seq=x, x is randomly generated by the client);

2. The server will reply to the TCP disconnect request message sent by the client, which contains the seq sequence number, which is randomly generated by the replying side, and will generate an ACK field. The ACK field value is the seq sequence number sent from the client. Add 1 to the reply, so that when the client receives the message, it knows that its TCP disconnect request has been verified. (FIN=1, ACK=x+1, seq=y, y is randomly generated by the server);

3. After the server has responded to the client's TCP disconnect request, it will not immediately disconnect the TCP connection. The server will first ensure that all the data transmitted to A has been transmitted before the disconnection. Once it is confirmed that the data transmission is complete , The FIN field of the reply message will be set to 1, and a random seq sequence number will be generated. (FIN=1, ACK=x+1, seq=z, z is randomly generated by the server);

4. After the client receives the TCP disconnect request from the server, it will reply to the disconnect request from the server, including the randomly generated seq field and ACK field. The ACK field will add 1 to the seq of the TCP disconnect request from the server, thereby Complete the verification response requested by the server. (FIN=1, ACK=z+1, seq=h, and h is randomly generated by the client) So
far, the 4 waves of TCP disconnection are completed.

3. Analysis of 11 state nouns​​​​​​​

LISTEN：等待从任何远端TCP 和端口的连接请求。

SYN_SENT：发送完一个连接请求后等待一个匹配的连接请求。

SYN_RECEIVED：发送连接请求并且接收到匹配的连接请求以后等待连接请求确认。

ESTABLISHED：表示一个打开的连接，接收到的数据可以被投递给用户。连接的数据传输阶段的正常状态。

FIN_WAIT_1：等待远端TCP 的连接终止请求，或者等待之前发送的连接终止请求的确认。

FIN_WAIT_2：等待远端TCP 的连接终止请求。

CLOSE_WAIT：等待本地用户的连接终止请求。

CLOSING：等待远端TCP 的连接终止请求确认。

LAST_ACK：等待先前发送给远端TCP 的连接终止请求的确认（包括它字节的连接终止请求的确认）

TIME_WAIT：等待足够的时间过去以确保远端TCP 接收到它的连接终止请求的确认。
TIME_WAIT 两个存在的理由：
          1.可靠的实现tcp全双工连接的终止；
          2.允许老的重复分节在网络中消逝。

CLOSED：不在连接状态（这是为方便描述假想的状态，实际不存在）

---

Reference link: TCP three-way handshake and four waved hands and 11 states