Transport Layer: TCP and UDP

TCP Fundamentals: Connection Management & State Machine

0:00

0% complete

LearnStep 1 of 3

TCP Mechanics: Under the Hood

Learning Objectives

•Dissect the TCP header to understand the role of flags, sequence numbers, and windowing in reliable transport.
•Analyze the TCP Finite State Machine (FSM), specifically the transitions during connection establishment (3-way handshake) and termination.
•Interpret packet captures to identify specific TCP states and anomalies like retransmissions or reset connections.
•Diagnose common connection issues such as 'TIME_WAIT' accumulation and port exhaustion in high-concurrency environments.

Lesson Outline

LearnStep 1/3

TCP Mechanics: Under the Hood

Transmission Control Protocol (TCP) is the bedrock of reliable network communication. For senior engineers, understanding TCP goes beyond "it guarantees delivery." It requires a grasp of how state is maintained, how connections are uniquely identified, and how the protocol handles the inherent unreliability of the IP layer.

The TCP Header and Multiplexing

A TCP segment consists of a header and a data section. The header contains critical control information:

Source & Destination Ports: (16 bits each) Identify the specific process or service endpoints. Combined with Source IP and Destination IP, these form the 4-tuple that uniquely identifies a TCP connection.
Sequence Number (SEQ): (32 bits) If the SYN flag is set, this is the initial sequence number (ISN). Otherwise, it marks the index of the first data byte in this segment.
Acknowledgment Number (ACK): (32 bits) If the ACK flag is set, this is the value of the next sequence number the sender is expecting to receive.
Flags (Control Bits):
- SYN: Synchronize sequence numbers (initiate connection).
- ACK: Acknowledgment field is significant.
- FIN: No more data from sender.
- RST: Reset the connection.
- PSH: Push function (buffer flush).
- URG: Urgent pointer field is significant.
Window Size: The number of data octets the sender is willing to accept (Flow Control).

The 3-Way Handshake (Connection Establishment)

Before data transfer, TCP establishes a logical connection. This synchronizes the sequence numbers.

bash

Why random ISN? Initial Sequence Numbers are randomized to prevent sequence number prediction attacks (TCP spoofing) and distinguish between segments from different connection incarnations.

The 4-Way Termination (Connection Teardown)

TCP is full-duplex, meaning each direction must be shut down independently.

Active Close: Client sends FIN. Enters FIN_WAIT_1.
Passive Close: Server receives FIN, sends ACK. Enters CLOSE_WAIT. Client enters FIN_WAIT_2.
Passive Close: Server application closes socket, sending FIN. Enters LAST_ACK.
Active Close: Client receives FIN, sends ACK. Enters TIME_WAIT. Server receives ACK, enters CLOSED.

The TIME_WAIT State

This is a frequent source of confusion. The endpoint that initiates the close stays in TIME_WAIT for 2*MSL (Maximum Segment Lifetime), typically 60 seconds. This ensures:

The final ACK reaches the peer (if lost, the peer will retransmit FIN).
Old duplicate segments from the connection expire in the network, preventing them from contaminating a new connection on the same 4-tuple.

Use ss to inspect socket statistics:

bash