TCP Life cycle — How TCP really works
TCP Header Structure
It’s very important to know the structure of a TCP segment & what information it carries. The TCP header schema is shown below.
Source Port Address — A 16-bit field that holds the port address of the application that is sending the data segment. Client.
Destination Port Address — A 16-bit field that holds the port address of the application in the host that is receiving the data segment.
Control flags — These are 6 1-bit control bits that control connection establishment, connection termination, connection abortion, flow control, mode of transfer etc. Their function is:
URG: Urgent pointer is valid
ACK: Acknowledgement number is valid (used in case of cumulative acknowledgement)
PSH: Request for push
RST: Reset the connection
SYN: Synchronize sequence numbers
FIN: Terminate the connection
Window size — This field tells the window size of the sending TCP in bytes.
TCP Connection Establishment
TCP uses a three-way handshake to establish a connection. Before a client can connect to a server, the server must first bind to and listen on a port to make it available for connections: this is known as a passive open. A client may initiate an active open once the passive open has been established. The three-way (or three-step) handshake is used to establish a connection:
1. SYN: The client initiates the active open by sending a SYN to the server. The client assigns a random value A to the segment’s sequence number.
2. In response, the server replies with a SYN-ACK. The acknowledgement number is one greater than the received sequence number (A + 1), and the sequence number for the packet is another random number, B.
3. Finally, the client sends an acknowledgement back to the server. The sequence number is set to the received acknowledgement value, A + 1, and the acknowledgement number is one greater than the received sequence number, B + 1.
Both the client and the server have received an acknowledgement of the connection at this point. Steps 1 and 2 set up the connection parameter (sequence number) for one direction and acknowledge it. Steps 2 and 3 establish the connection parameter (sequence number) for the opposite direction and acknowledge it.
TCP Connection Termination
The FIN flag in the TCP header is commonly used to terminate a TCP connection. This mechanism enables each host to independently release its side of the connection.
1. Step 1 (FIN From server) — Assume the server application decides to terminate the connection. (It should be noted that the client has the option of terminating the connection.) This causes the server to send a TCP segment to the client with the FIN bit set to 1 and enter the FIN WAIT 1 state. While in the FIN WAIT 1 state, the server waits for a TCP segment with an acknowledgement from the client (ACK).
2. Step 2 (ACK From client) — After receiving the FIN bit segment from the Sender (server), the client immediately sends an acknowledgement (ACK) segment to the Sender (server).
3. Step 3 (Server waiting) — While in the FIN WAIT 1 state, the server waits for a TCP segment with an acknowledgement from the client. When this segment is received, the server enters the FIN WAIT 2 state. The server waits for another segment from the server with the FIN bit set to 1 while in the FIN WAIT 2 state.
4. Step 4 (FIN from Client) — When the client sends the ACK segment, it also sends the FIN bit segment to the Sender (server) (because of some closing process in the client).
5. Step 5 (ACK from server) — When the server receives the FIN bit segment from the client, the server acknowledges the client’s segment and enters the TIME_WAIT state. The TIME_WAIT state lets the server resend the final acknowledgement in case the ACK is lost. The time spent by the server in the TIME_WAIT state depends on their implementation, but their typical values are 30 seconds, 1 minute, and 2 minutes. After the wait, the connection formally closes and all resources on the server-side (including port numbers and buffer data) are released.
Demo with Wireshark
Select the Loopback interface after opening Wireshark. Then, proceed to the Node JS file, which contains Client and Server files.
Server.js
The server is running on port 42181 on localhost, according to the server.js file. When a client connects, it says “hello client” before disconnecting.
client.js
The client is connected to port 42181 when we run it. It will disconnect when the disconnection signal reaches it.
We must first filter traffic on port 42181 before running the client.js and server.js files. To begin, enter tcp.port==42181 into the search bar and press the enter key.
After we filter this traffic — port 42181, We can see the traffic stop
After that, we need to run the program. First, run the server.js and then the client.js files.
After starting the server, we can see how the client and the server are connected to each other Wireshark.
We can see, that initially it send the SYN packet. It sends SYN to the server. The SEQ is 0. And then if we go to flag, we can see SYN is set to 1.In the return traffic, it is ACK and it sends the SYN as well.
In the image below, we can see how the server terminated the connection, and the FIN flag is also set to true (1).
The client then acknowledges this. The client then sends the client’s Fin flag to the server as well.
For your References : https://www.youtube.com/watch?v=UpUd5zEUUgI&t=1206s
