3
1
In the 4-way handshake, we have the following:
FIN ------->
<------- ACK
<---x--- FIN (what if this packet is lost?)
ACK ------->
What happens if the third packet is lost, will it be re-transmitted? Note that by the time the third packet is sent, the program will have probably destroyed the socket, and so it can't send anything anymore!
user454606
Posted 2015-06-02T20:16:47.377
Reputation: 31
0
The short answer is no packets are guaranteed to arrive. Any number of conditions can cause packets to be dropped or lost in transit. TCP includes retry rules to ensure the data arrives.
Your scenario is a half-closed connection. One side closes the connection, and can only read data until the other side closes the connection.
FIN ------>
<------ ACK
The side sending the FIN packet will cycle through the FIN_WAIT1, FIN_WAIT2, and TIME_WAIT states as the connection closes. The side which receives the FIN packet will enter CLOSE_WAIT. When the it closes the connection, it will retry the FIN packets according to its retry rules until it receives an ACK or times out. Until the second FIN is sent, the connection is in a half-closed state.
<------ FIN
ACK ------>
Connections can be closed with 3 packets. These are common in the protocol dumps I see. In some cases, the response to the first FIN will be an RST (reset), and the final ACK will be replaces with an RST.
FIN ------>
<------ FIN,ACK
ACK ------>
In some cases, an RST (reset) is sent in place of the ACK, and the final ACK is replaced with an RST.
FIN ------>
<------ RST
RST ------>
Due to network delay it is possible for both ends to close an active connection. In this case the ACK, packets may be delivered in either order.
<------ FIN
FIN ------>
<------ ACK
ACK ------>
BillThor
Posted 2015-06-02T20:16:47.377
Reputation: 9 384
-1
From RFC 793:
Half-Open Connections and Other Anomalies
An established connection is said to be "half-open" if one of the TCPs has closed or aborted the connection at its end without the knowledge of the other, or if the two ends of the connection have become desynchronized owing to a crash that resulted in loss of memory. Such connections will automatically become reset if an attempt is made to send data in either direction. However, half-open connections are expected to be unusual, and the recovery procedure is mildly involved.
Francisco Tapia
Posted 2015-06-02T20:16:47.377
Reputation: 2 383
I don't see exactly how this answers the question. – Scott – 2015-06-02T21:07:46.350
What happen....?? That makes a half - open connection, what is a hoc?? Read rfc ive quoted a bit I wont to re invent the wheel, in the rfc is clear @Scott – Francisco Tapia – 2015-06-03T00:41:52.787
which side is the client in your diagram, left or right? – Frank Thomas – 2015-06-02T21:04:43.220
2@Frank Thomas Does it matter? once a connection has been established, the terms client and server stops being relevant. – user454606 – 2015-06-02T21:08:23.357
@FrankThomas: Do you think it matters? The left side is the first process to close the socket. – Scott – 2015-06-02T21:09:21.533
yes. half closed connections are a denial of service vector when the close is attempted server-side and the client does not respond, but are negligible when the client attempts to close and does not get a FIN to acknowledge that the server has closed its end.In this attack, the client(s) establish connections, and leave them open. when the server tries to close them, the client does not respond, keeping the connection open longer. on a high demand server, this can fill up state tables within the servers IP stack. essentially the same as syn flood attacks. – Frank Thomas – 2015-06-02T21:10:12.130