Skip to main content

What is the TCP connection establishment and termination?

TCP is used for reliable data transfer. TCP is at transport layer(layer 4). IP layer does NOT provide reliable data transfer i.e. there is no retransmission if an IP datagram is lost in network. So TCP uses feedback(Acknowledgments) to make sure all the data is reached at the endpoint and its correct.
To achieve this kind of reliable transfer, first both the endpoint needs to establish a connection and also get the acknowledgment of the same. For this TCP uses flags bits in the TCP header.
  • When a machine(1) wants to initiate TCP connection it sends a TCP packet with SYN flag on(SYN = ‘I want to talk to you’).
  • Other machine(2) responds with SYN and ACK flags on.(SYN = ‘I want to talk to you too’, ACK = ‘I got your first message’).
  • machine 1 replies back with ACK flag on. (ACK = ‘Okay got your message, let’s talk.’)
At this point TCP connection is established. Note that TCP is full duplex i.e. both machine can send and receive data on the same connection at the same time. After the connection is established every TCP segment has ACK flag on saying that previous message was delivered. The sequence number and Acknowledge number are used for making sure that all data is received in order and if something goes wrong a segment is re-transmitted. I will not go into details of sequence number and acknowledgment number.
Termination :
  • Even the termination of the connection is acknowledged(Because we want reliable data transfer). For termination the end point that wants to close the connection will send a segment with FIN flag on.(FIN = ‘Alright I am done sending data’)
  • The other end point will reply with a segment with ACK flag on.(ACK = ‘Got it’)
  • TCP supports half closed connection i.e. the other end point can still send data and get ACK from the first end point which sent the FIN segment first. Once the other end point is also done sending data it will send a segment with FIN flag on and receive a ACK for the FIN sent.(FIN = ‘i am done too’, Receive ACK = ‘Got it, now we both are done’). At this point connection is closed.
  • Note that if second end point does not have anything to send after reception of FIN segment then it can combine ACK and the FIN in the same segment thus replying with a segment FIN ACK flags on and then receiving an ACK. (FIN ACK = ‘I got your FIN and I am done too’, Receive ACK = “Got it, we both are done’). At this point connection is closed.
TCP Connection Establish and Terminate
Connection establishment
To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to and listen at a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs:
SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment’s sequence number to a random value A.
SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number (A + 1), and the sequence number that the server chooses for the packet is another random number, B.
ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A + 1, and the acknowledgement number is set to one more than the received sequence number i.e. B + 1.
At this point, both the client and server have received an acknowledgment of the connection. The steps 1, 2 establish the connection parameter (sequence number) for one direction and it is acknowledged. The steps 2, 3 establish the connection parameter (sequence number) for the other direction and it is acknowledged. With these, a full-duplex communication is established.
Connection termination
The connection termination phase uses a four-way handshake, with each side of the connection terminating independently. When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. Therefore, a typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint. After both FIN/ACK exchanges are concluded, the side which sent the first FIN before receiving one waits for a timeout before finally closing the connection, during which time the local port is unavailable for new connections; this prevents confusion due to delayed packets being delivered during subsequent connections.
A connection can be “half-open”, in which case one side has terminated its end, but the other has not. The side that has terminated can no longer send any data into the connection, but the other side can. The terminating side should continue reading the data until the other side terminates as well.
It is also possible to terminate the connection by a 3-way handshake, when host A sends a FIN and host B replies with a FIN & ACK (merely combines 2 steps into one) and host A replies with an ACK. This is perhaps the most common method.
It is possible for both hosts to send FINs simultaneously then both just have to ACK. This could possibly be considered a 2-way handshake since the FIN/ACK sequence is done in parallel for both directions.
Some host TCP stacks may implement a half-duplex close sequence, as Linux or HP-UX do. If such a host actively closes a connection but still has not read all the incoming data the stack already received from the link, this host sends a RST instead of a FIN (Section 4.2.2.13 in RFC 1122). This allows a TCP application to be sure the remote application has read all the data the former sent—waiting the FIN from the remote side, when it actively closes the connection. However, the remote TCP stack cannot distinguish between a Connection Aborting RST and this Data Loss RST. Both cause the remote stack to throw away all the data it received, but that the application still didn’t read.
Labels:

Comments

Post a Comment

https://gengwg.blogspot.com/

Popular posts from this blog

CKA Simulator Kubernetes 1.22

  https://killer.sh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment. You could set these: alias k = kubectl                         # will already be pre-configured export do = "--dry-run=client -o yaml"     # k get pod x $do export now = "--force --grace-period 0"   # k delete pod x $now Vim To make vim use 2 spaces for a tab edit ~/.vimrc to contain: set tabstop=2 set expandtab set shiftwidth=2 More setup suggestions are in the tips section .     Question 1 | Contexts Task weight: 1%   You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl . Finally write a second command doing the same thing into ...
Post a Comment
Read more

OWASP Top 10 Threats and Mitigations Exam - Single Select

Last updated 4 Aug 11 Course Title: OWASP Top 10 Threats and Mitigation Exam Questions - Single Select 1) Which of the following consequences is most likely to occur due to an injection attack? Spoofing Cross-site request forgery Denial of service   Correct Insecure direct object references 2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? Injection   Correct Insecure direct object references Failure to restrict URL access Insufficient transport layer protection 3) Which of the following scenarios is most likely to cause an injection attack? Unvalidated input is embedded in an instruction stream.   Correct Unvalidated input can be distinguished from valid instructions. A Web application does not validate a client’s access to a resource. A Web action performs an operation on behalf of the user without checkin...
2 comments
Read more