TCP or Transmission Control Protocol is a standard transport layer protocol that the internet uses to transmit data. Request For Comments (RFC) 793 defines the TCP as a reliable and connection-oriented protocol. Since it is connection-oriented, a path or connection needs to be established before transmitting any data. TCP uses a three-way handshake mechanism for establishing a connection between two devices. In this guide, we will see how the three-way handshake mechanism works. Let us first see the problems with the two-way handshake model.
Problems with the Two Way Handshake Model
The two-way handshake model failed due to an old duplicate packet problem. Suppose that an old duplicate packet arrives at the server machine. This old packet has arrived from a previously closed connection and contains a sequence number ‘z’. At some time during the new connection, the server is accepting a packet with a sequence number ‘z’. When it receives this old packet with the same sequence number ‘z’, it unknowingly accepts this old packet and discards the actual packet from the new connection.
In the above case, if a connection is not going on between client and server, the arrival of an old duplicate connection request packet still causes problems. If the server receives such a packet, it will respond back with an SYN+ACK packet. This packet will be dropped by the client because it did not intend to connect. But the server will enter the deadlock state, waiting for the client to send the data.
Another problem is that if a host C sends a connection request to the server by impersonating the client, the server will respond back with an ACK to the client. The client will discard this ‘ACK’ packet and tell the server to terminate the connection. During this interval of events, host C can launch a spoofing attack by sending lots of packets.
The Three-Way HandShake Model in TCP/IP
The three-way handshake model is very important. If we do not use it and directly start sending data, the receiving application may start receiving duplicate packets. The attacker may get a chance to launch attacks (like DDoS) in between a connection. The three-way handshake procedure is started by one machine, and the other side responds to it. The following convention is used to explain this procedure:
“If a site receives a packet with sequence number ‘x’, it will respond with ACK number ‘x+1’.”
Let us summarize the steps performed in the three-way handshake between a client machine and a server machine:
Step 1. In the first handshake, the client sends an SYN connection request packet with a random initial sequence number (‘x’) to the server.
Step 2. In the second handshake, the server responds with an SYN packet that has a random sequence number (‘y’) and an ACK packet with a sequence number (‘x+1’) to acknowledge the initial sequence number (‘x’) sent by the client.
Step 3. In the third handshake, the client will send an ACK packet with a sequence number (‘y+1’) to the server for acknowledging the SYN (‘y’) packet sent by the server.
Step 4. Both ends are synchronized now and can start transmitting data independently. [1]
The TCP three-way handshake procedure is still valid if both sides simultaneously start the initialization process. In such a situation, each machine, after sending an “SYN” packet, will receive an “SYN” segment with no acknowledgment. If an old duplicate ”SYN” packet arrives at the receiver, it may appear to the receiver that a connection initiation process is going on at the same time. We can use the “reset” packets to remove this ambiguity.
TCP Connection Termination
Either of the two sides can terminate a TCP connection. For this, any side can transmit a TCP segment with the FIN bit set. This will mean that the sending side does not have any more data to send. The receiving side will acknowledge this FIN packet by sending an acknowledgment packet. This will close the connection from one side (the sender’s side). Now the receiver will use the same steps to terminate the connection on his behalf. This will completely close the connection.
Problems with The Three-Way Handshake Model
In case an ACK from client to server is lost or blocked in the third handshake stage, the client will be unaware of this situation. The client will assume that the connection is established and will start sending data. The server is still waiting for the ACK, which was already lost, so it will discard the data received from the client. [2]
Conclusion
In this guide, we have learned about TCP connection procedures using a three-way handshake. We have also seen the problem of duplicate packets associated with the two-way handshake procedure and how it was solved with a three-way handshake model. Many researchers have contributed various research papers for improving the three-way handshake model and overcoming the problems associated with it.
References
- Hsu, F., Hwang, Y., Tsai, C., Cai, W., Lee, C., & Chang, K. (2016). TRAP: A three-way handshake server for TCP connection establishment. Applied Sciences, 6(11), 358. https://doi.org/10.3390/app6110358
- Qin-Min Ma, Shou-Yin Liu, Xiao-jun Wen. (2016). TCP Three-Way Handshake Protocol based on Quantum Entanglement. Journal of Computers, 27 (3), 33-40, doi:10.3966/199115592016102703004