TCP three-way handshake and four waved hands to understand

• Before understanding the three-way handshake and four waved hands, first know what is contained in the TCP message.

Introduction

• The process of TCP disconnection/connection establishment: three handshake, four waves

1. TCP message format

• The source port number and destination port number in the TCP header are the same as the source IP and destination IP in the IP datagram to uniquely determine a TCP connection.

• TCP must establish a connection between each other before sending data. The connection here means: Both parties need to save each other's information (for example: IP, Port...)

• The meaning of the main segment of the message

序号：表示发送的数据字节流，确保TCP传输有序，对每个字节编号

确认序号：发送方期待接收的下一序列号，接收成功后的数据字节序列号加 1。只有ACK=1时才有效。

ACK：确认序号的标志，ACK=1表示确认号有效，ACK=0表示报文不含确认序号信息

SYN：连接请求序号标志，用于建立连接，SYN=1表示请求连接

FIN：结束标志，用于释放连接，为1表示关闭本方数据流

Two or three handshake

2.1 Three-way handshake process

• When establishing a TCP connection, the client and server need to send a total of 3 packets.

第一次：客户端发送初始序号x和syn=1请求标志

第二次：服务器发送请求标志syn，发送确认标志ACK，发送自己的序号seq=y，发送客户端的确认序号ack=x+1

第三次：客户端发送ACK确认号，发送自己的序号seq=x+1，发送对方的确认号ack=y+1

2.2 Analysis of the three-way handshake process:

• The first time: The client sends a request to the server. The server knows that the client sends it, and it receives it normally.
  SYN=1, seq=x
• Second time: The server sends to the client, the client knows that it is sending and receiving normally, and the server is receiving and sending normally.
  ACK=1, ack=x+1, SYN=1, seq=y
• The third time: the client sends to the server, the server knows that the client is sending, the reception is normal, and it is received by itself, and the sending is also normal.
  seq=x+1, ACK=1, ack=y+1

Conclusion: From the analysis process, it can be seen that the two handshake fails to allow both parties to transfer data normally.

Wave three or four times

3.1 The process of four waves

Client requests to disconnect

• Wave for the first time: The client sends a release FIN=1, its own serial number seq=u, and enters the FIN-WAIT-1 state
• The second wave: After receiving the client, the server sends an ACK=1 confirmation sign and the client's confirmation number ack=u+1, its own serial number seq=v, and enters the CLOSE-WAIT state
• Wave for the third time: The client enters the FIN-WAIT-2 state after receiving the server's confirmation result. At this time, the server sends the release FIN=1 signal, the confirmation flag ACK=1, the confirmation sequence number ack=u+1, the own sequence number seq=w, and the server enters LAST-ACK (the final confirmation state)
• Fourth wave: After receiving the reply, the client sends an acknowledgement ACK=1, ack=w+1, and its own seq=u+1, and the client enters TIME-WAIT (time waiting). After the client has passed the two longest message segment lifetimes, the client CLOSE; the server immediately enters the CLOSE state after receiving the confirmation.

3.2 Analysis of the Four Waves Process

第一次：客户端请求断开FIN,seq=u

第二次：服务器确认客户端的断开请求ACK,ack=u+1,seq=v

第三次：服务器请求断开FIN,seq=w,ACK,ack=u+1

第四次：客户端确认服务器的断开ACK,ack=w+1,seq=u+1

Four, other issues

4.1 Why are three handshake and four wave hands?

• In the three-way handshake, the server sends ACK and SYN together to the client at the same time
• When waved four times, when receiving a FIN message from the other party (client), it only means that the other party no longer sends data but can still receive data. Whether the own party (server) closes the sending data channel now requires the upper application to decide . Therefore, one's own ACK and FIN are generally sent separately.

4.2 Why is the three-way handshake three times?

• It can also be understood as why does the TCP client send an acknowledgment at the end?

1) 主要防止已经失效的连接请求报文突然又传送到了服务器，从而产生错误。
2) 如果采用的是三次握手，就算是那一次失效的报文传送过来了，服务端接受到了那条失效报文并且回复了确认报文，但是客户端不会再次发出
确认。由于服务器收不到确认，就知道客户端并没有请求连接。

4.3 Why is it four waves of four times?

• Because there is a half-closed state during the wave

	在半关闭状态下，客户端没有请求/数据需要向服务端传输（即客户端不再发送数据给服务端，但能接收数据），但是服务端需要持续
的连接客户端，下载数据。所以，在客户端申请了断开连接的请求后，会等待服务端确认并且提出断开请求后，才会断联。

• Therefore, before the server finishes downloading the data, it will not send a disconnect request, which is why it takes four waves to wave.

4.4 Why does the client wait for 2MSL at the end?

• The client needs to ensure that the last ACK message sent to the server, if the server does not receive it, can request the client to resend, so that the client has time to send again, restart the 2MSL timing.

4.5 What should I do if a connection has been established, but the client suddenly fails?

• TCP also has a keep-alive timer. Obviously, if the client fails, the server cannot wait forever, and resources are wasted.
• The server resets this timer every time it receives a request from the client. The time is usually set to 2 hours. If it has not received any data from the client for two hours, the server will send a probe segment, and then every 75 Sent every minute. If there is still no response after sending 10 probe packets, the server considers the client to be faulty and then closes the connection.