TCP is a connection oriented protocol

0.1       What is Three-way handshake? Why do you need four steps for connection termination? What do you understand by the term “half open” and “half closed”?

Connection

TCP is a connection-oriented protocol. It establishes a virtual path between the source and destination. All the segments belonging to a message are then sent over this virtual path. Using a single virtual pathway for the entire message facilitates the acknowledgment process as well as retransmission of damaged or lost frames. In TCP, connection-oriented transmission requires two procedures:

1. Connection Establishment and 2. Connection Termination.

Connection Establishment

TCP transmits data in full-duplex mode. When two TCPs in two machines are connected, they are able to send segments to each other simultaneously. This implies that each party must initialize communication and get approval from the other party before any data transfer.

Four steps are needed to establish the connection, as discussed before.

However, the second and third steps can be combined to create a three-step connection, called a three-way handshake.

The steps of the process are as follows:

1. The client sends the first segment, a SYN segment. The segment includes the source and destination port numbers. The destination port number clearly defines the server to which the client wants to be connected. The segment also contains the client initialization sequence number (ISN) used for numbering the bytes of data sent from the client to the server.

2. The server sends the second segment; a SYN and an ACK segment. This segment has a dual purpose. First, it acknowledges the receipt of the first segment, using the ACK flag and acknowledgment number field. Note that the acknowledgment number is the client initialization sequence number plus 1 because no user data have been sent in segment 1. The server must also define the client window size. Second, the segment is used as the initialization segment for the server. It contains the initialization sequence number used to number the bytes sent from the server to the client.

3. The client sends the third segment. This is just an ACK segment. It acknowledges the receipt of the second segment, using the ACK flag and acknowledgment number field. Note that the acknowledgment number is the server initialization sequence number plus 1 because no user data have been sent in segment 2. The client must also define the server window size. Data can be sent with the third packet.

Connection Termination

 Any of the two parties involved in exchanging data (client or server) can close the connection. When connection in one direction is terminated, the other party can continue sending data in the other direction. Therefore, four steps are needed to close the connections in both directions

1.    The client TCP sends the first segment, a FIN segment.

2.    The server TCP sends the second segment, an ACK segment, to confirm the receipt of the FIN segment from the client. Note that the acknowledgment number is 1 plus the sequence number received in the FIN segment because no user data have been sent in segment 1.

3.    The server TCP can continue sending data in the server-client direction. When it does not have any more data to send, it sends the third segment. This segment is a FIN segment.

4.    The client TCP sends the fourth segment, an ACK segment, to confirm the receipt of the FIN segment from the TCP server. Note that the acknowledgment number is 1 plus the sequence number received in the FIN segment from the server.

Connection Resetting

TCP may request the resetting of a connection. Resetting here means that the current connection is destroyed. This happens in one of three cases:

1.    The TCP on one side has requested a connection to a nonexistent port. The TCP on the other side may send a segment with its RST⁽¹⁾ bit set to annul the request.

2.    One TCP may want to abort the connection due to an abnormal situation. It can send an RST⁽¹⁾  segment to close the connection.

3.    The TCP on one side may discover that the TCP on the other side has been idle for a long time. It may send an RST⁽¹⁾  segment to destroy the connection

(Note: 1. What is RST? RST is one of the flags in the control field of a TCP segment indicating that the connection must be reset.)

When is TCP open, TCP half opened?

 A three-step process is shown in Figure above. After the server receives the initial SYN packet, the connection is in a half-opened state. The server replies with its’ own sequence number, and awaits an acknowledgment, the third and final packet of a TCP open.

Attackers have gamed this half-open state. SYN attacks flood the server with the first packet only, hoping to swamp the host with half-open connections that will never be completed. In addition, the first part of this three-step process can be used to detect active TCP services without alerting the application programs, which usually aren't informed of incoming connections until the three-packet handshake is complete.

The sequence numbers have another function. Because the initial sequence number for new connections changes constantly, it is possible for TCP to detect stale packets from previous incarnations of the same circuit (i.e., from previous uses of the same 4-tuple).

There is also a modest security benefit: A connection cannot be fully established until both sides have acknowledged the other's initial sequence number.