TCP Control Flags: Establishing and Closing Connections

Introduction

As a protocol, TCP establishes connections used to send long chains of segments of data. You can contrast this with the protocols that are lower in the networking model. These include IP and Ethernet, which just send individual packets of data. As an IT Support Specialist, you need to understand exactly how that works, so you can troubleshoot issues where network traffic may not be behaving in the expected manner.

TCP Control Flags

The way TCP establishes a connection is through the use of different TCP control flags used in a very specific order. Before we cover how connections are established and closed, let's first define the six TCP control flags. We'll look at them in the order that they appear in a TCP header. Heads up, this isn't necessarily in the same order of how frequently they're sent or how important they are.

URG (Urgent): A value of 1 in this field indicates that the segment is considered urgent, and the urgent pointer field has more data about this. However, the URG flag has never really had widespread adoption and isn't normally seen.
ACK (Acknowledged): A value of 1 in this field means that the acknowledgement number field should be examined. It indicates that the receiver has successfully received and acknowledged the previous segments.
PSH (Push): This flag signifies that the transmitting device wants the receiving device to push currently-buffered data to the application on the receiving end as soon as possible. It is used to send large chunks of data more efficiently.
RST (Reset): The RST flag is used when one of the sides in a TCP connection hasn't been able to properly recover from a series of missing or malformed segments. It allows one of the partners in a TCP connection to request a fresh start.
SYN (Synchronize): The SYN flag is used when initially establishing a TCP connection. It ensures that the receiving end knows to examine the sequence number field and synchronize with the transmitting device.
FIN (Finish): When the FIN flag is set to 1, it indicates that the transmitting computer doesn't have any more data to send, and the connection can be closed.

Establishing a TCP Connection: Three-Way Handshake

For a good example of how TCP control flags are used, let's check out how a TCP connection is established. We'll use Computer A as the transmitting computer and Computer B as the receiving computer.

Computer A sends a TCP segment to Computer B with the SYN flag set. This indicates that Computer A wants to establish a connection and provides its sequence number.
Computer B responds with a TCP segment where both the SYN and ACK flags are set. This acknowledges Computer A's sequence number and indicates that Computer B is ready to establish a connection.
Computer A then responds with a TCP segment containing only the ACK flag. This acknowledges Computer B's acknowledgment and signifies that both computers are ready to start sending data.

This exchange, involving segments with SYN, SYN/ACK, and ACK flags, happens every time a TCP connection is established. It is commonly referred to as the "three-way handshake," which ensures that both devices are speaking the same protocol and can understand each other. Once the three-way handshake is complete, the TCP connection is established, and both Computer A and Computer B can freely send data to each other.

Full Duplex Communication and Four-Way Handshake

Since both sides have now sent SYN/ACK pairs to each other, a TCP connection in this state is operating in full duplex mode. Full duplex communication means that data can be transmitted in both directions simultaneously.

When one of the devices involved in the TCP connection is ready to close the connection, a four-way handshake occurs:

The computer ready to close the connection sends a FIN flag.
The other computer acknowledges the FIN flag by sending an ACK flag.
If the acknowledging computer is also ready to close the connection, it will send a FIN flag.
The first computer responds with an ACK flag.

This four-way handshake ensures that both computers agree to close the connection in an orderly manner. Hypothetically, a TCP connection can stay open in simplex mode, with only one side closing the connection, but this scenario is not common.

Remember, understanding TCP control flags and the handshake process is crucial for troubleshooting network issues and ensuring reliable and efficient communication between devices.

🎉

PreviousDissecting a TCP Segment NextUnderstanding TCP Socket States

Last updated 7 months ago

Was this helpful?

Introduction

TCP Control Flags

URG (Urgent): A value of 1 in this field indicates that the segment is considered urgent, and the urgent pointer field has more data about this. However, the URG flag has never really had widespread adoption and isn't normally seen.

ACK (Acknowledged): A value of 1 in this field means that the acknowledgement number field should be examined. It indicates that the receiver has successfully received and acknowledged the previous segments.

PSH (Push): This flag signifies that the transmitting device wants the receiving device to push currently-buffered data to the application on the receiving end as soon as possible. It is used to send large chunks of data more efficiently.

RST (Reset): The RST flag is used when one of the sides in a TCP connection hasn't been able to properly recover from a series of missing or malformed segments. It allows one of the partners in a TCP connection to request a fresh start.

SYN (Synchronize): The SYN flag is used when initially establishing a TCP connection. It ensures that the receiving end knows to examine the sequence number field and synchronize with the transmitting device.

FIN (Finish): When the FIN flag is set to 1, it indicates that the transmitting computer doesn't have any more data to send, and the connection can be closed.

Establishing a TCP Connection: Three-Way Handshake

For a good example of how TCP control flags are used, let's check out how a TCP connection is established. We'll use Computer A as the transmitting computer and Computer B as the receiving computer.

Computer A sends a TCP segment to Computer B with the SYN flag set. This indicates that Computer A wants to establish a connection and provides its sequence number.

Computer B responds with a TCP segment where both the SYN and ACK flags are set. This acknowledges Computer A's sequence number and indicates that Computer B is ready to establish a connection.

Computer A then responds with a TCP segment containing only the ACK flag. This acknowledges Computer B's acknowledgment and signifies that both computers are ready to start sending data.

Full Duplex Communication and Four-Way Handshake

When one of the devices involved in the TCP connection is ready to close the connection, a four-way handshake occurs:

The computer ready to close the connection sends a FIN flag.

The other computer acknowledges the FIN flag by sending an ACK flag.

If the acknowledging computer is also ready to close the connection, it will send a FIN flag.

The first computer responds with an ACK flag.

Remember, understanding TCP control flags and the handshake process is crucial for troubleshooting network issues and ensuring reliable and efficient communication between devices.

🎉