【My Study Note】TCP Control Flags and the Three-way Handshake
TCP Control Flags and the Three-way Handshake
As a protocol, TCP establishes connections used to send long chains of segments of data. You can contrast this with the protocols that are lower in the networking model.
These include IP and Ethernet, which just send individual packets of data.
The way TCP establishes a connection, is through the use of different TCP control flags, used in a very specific order. Before we cover how connections are established and closed, let’s first define the six TCP control flags.
We’ll look at them in the order that they appear in a TCP header. (This isn’t necessarily in the same order of how frequently they’re set, or how important they are.)
1st: URG (Urgent)
A value of one here indicates that the segment is considered urgent and that the urgent pointer field has more data about this. However, this feature of TCP has never really had wide spreaded adoption and isn’t normally seen.
2nd: ACK(Acknowledge)
A value of one in this field means that the acknowledgment number field should be examined.
3rd: PSH (Push)
This means that the transmitting device wants the receiving device to push currently-buffered data to the application on the receiving end as soon as possible.
A buffer is a computing technique, where a certain amount of data is held somewhere, before being sent somewhere else. This has lots of practical applications.
In terms of TCP, it’s used to send large chunks of data more efficiently. By keeping some amount of data in a buffer, TCP can deliver more meaningful chunks of data to the program waiting for it.
But in some cases, you might be sending a very small amount of information, that you need the listening program to respond to immediately. This is what the push flag does.
4th: RST (Reset)
This means, that one of the sides in a TCP connection hasn’t been able to properly recover from a series of missing or malformed segments.
It’s a way for one of the partners in a TCP connection to basically say, “Wait, I can’t put together what you mean, let’s start over from scratch.”
5th: SYN (Synchronize)
It’s used when first establishing a TCP connection and making sure the receiving end knows to examine the sequence number field.
6th: FIN(Finish)
When this flag is set to one, it means the transmitting computer doesn’t have any more data to send and the connection can be closed.
How TCP connection is established
Computer A will be our transmitting computer and computer B will be our receiving computer.
To start the process off, computer A sends a TCP segment to computer B with this SYN flag set. This is computer A’s way of saying, “Let’s establish a connection and look at my sequence number field, so we know where this conversation starts.”
Computer B then responds with a TCP segment, where both the SYN and ACK flags are set. This is computer B’s way of saying, “Sure, let’s establish a connection and I acknowledge your sequence number.”
Then computer A responds again with just the ACK flag set, which is just saying, “I acknowledge your acknowledgement. Let’s start sending data.”
Three-way Handshake
This exchange involving segments that have SYN, SYN/ACK, and ACK sets, happens every single time a TCP connection is established anywhere. And is so famous that it has a nickname. The three-way handshake.
A handshake is a way for two devices to ensure that they’re speaking the same protocol and will be able to understand each other. Once the three-way handshake is complete, the TCP connection is established.
Now, computer A is free to send whatever data it wants to computer B and vice versa. Since both sides have now sent SYN/ACK pairs to each other, a TCP connection in this state is operating in full duplex.
Each segment sent in either direction should be responded to by TCP segment with the ACK field set. This way, the other side always knows what has been received. Once one of the devices involved with the TCP connection is ready to close the connection, something known as a four-way handshake happens.
The computer ready to close the connection, sends a FIN flag, which the other computer acknowledges with an ACK flag. Then, if this computer is also ready to close the connection, which will almost always be the case. It will send a FIN flag. This is again responded to by an ACK flag.
Hypothetically, a TCP connection can stay open in simplex mode with only one side closing the connection. But this doesn’t happen often.