TCP Connection States

Dear Reader,

The information below is about TCP and it’s connection states, this piece of information is based on research and other document found online, by no means it’s a complete document and by no means I am a TCP expert. So read it and verify before you use.

TCP Protocol operations may be divided in to three phases. Connections must be properly established in a multi-step handshake process (connection establishment) before entering the data transfer phase. After data transmission is completed, the connection termination closes established virtual circuit and releases all allocated resources.

A TCP connection is managed by an operating system through a programming interface that represents that local end point for communications, the internet socket. During the life time of a TCP connection the local end point undergoes a series of state changes.

Server represents waiting for a connection request from any remote TCP and port.

Client represents waiting for a matching connection request after having sent a connection request.

Server represents waiting for a confirming connection request acknowledgment after having both received and sent a connection request.

That is, client sent a SYN packet, server in return responded with SYN-ACK and is now waiting for a ACK.

Both server and client represents an open connection, data received can be delivered to the user. The normal state for the data transfer phase of the connection.

In the normal case, each side terminates its end of the connection by sending message with FIN (finish) bit set. This message, sometimes called as FIN, serves as a connection termination request to the other device, while also possibly carrying data like a regular segment. The device receiving the FIN responds with an acknowledgement to the FIN to indicate that it was received. The connection as a whole is not considered terminated until both sides have finished the shut down procedure by sending a FIN and receiving an ACK.

FIN-WAIT has got two sub states as below.

Both server and client represents waiting for a connection termination request from the remote TCP, or an acknowledgement of the connection termination request previously sent.

The FIN_WAIT_1 state is waiting for the peer to ACK the FIN that this end has just sent. That outgoing FIN is subject to all the normal TCP retry and timeout processing, so if the other end has completely disappeared and never responds, TCP should time out the connection and reset.

Both server and client represents waiting for a connection termination request from the remote TCP.

FIN_WAIT_2 seems to occur when the server has an active connection with a client and wants to shut down the TCP connection.

The server sends the client a packet with a “FIN” bit set. At this point, the server in is FIN_WAIT_1 state. The client gets the FIN packet and goes in to CLOSE_WAIT state, and sends an acknowledgement packet back to the server. When the server gets that packet, it goes in to FIN_WAIT_2 state.

From the server perspective, the connection is now closed, and the server can’t send any more data. However, under the TCP protocol, the client needs to shut down also by sending a FIN packet which the TCP implementation should ACK. The server should close about two milliseconds later.

Both server and client represents waiting for a connection termination request from the local user

CLOSE_WAIT means that the local end of the connection has received a FIN from the other end, but the OS is waiting for the program at the local end to actually close it connection.

The problem is  your program running on the local machine is not closing the socket. It is not a TCP tuning issue. A connection can and quite correctly stay in CLOSE_WAIT forever while the program holds the connection open.

Once the local program closes the socket, the OS can send the FIN to the remote end which transitions you to LAST_ACK while you wait for the ACK of the FIN. Once that is received, the connection is finished and drops from the connection table.

Both server and client represents waiting for a connection termination request acknowledgement from the remote TCP.

Closing should be a relatively rare state. The most obvious way for it to occur is that both ends call close at the same time. However, both ends should then acknowledge the other’s FIN, and then they should move to TIME_WAIT.

Both server and client represents waiting for an acknowledgment of the connection termination request previously sent to the remote TCP, which includes an acknowledgement of its connection termination request.

The LAST_ACK state is the state when you have received your FIN message to close the connection from  your neighbor, but you still need to flush and shutdown your connection. You send the final FIN yourself and wait for an ACK.

Either server or client represents waiting for enough time to pass to be sure the remote TCP received the acknowledgement of its connection termination request.

According to RFC 793 a connection can stay in TIME-WAIT for a maximum of four minutes known as a MSL (maximum segement lifetime).

TCP uses a special handshake to close completed sessions. The TIME_WAIT state is used to handle possible problems that may occur in the network relating to unreliable or delayed delivery. Accordingly, TCP holds connection for a temporary waiting period (TIME_WAIT) to ensure that any delayed packets are caught and not treated as new connection requests.

Reduced TIME_WAIT in windows:
use regedit and create a REG_DWORD named TcpTimedWaitDelay under

Set it to a decimal value of 30 which is for 30 seconds - the miminum

Reduced TIME_WAIT in Linux:
Set the timeout_timewait paramater using the following command:
/sbin/sysctl -w net.ipv4.vs.timeout_timewait=30
This will set TME_WAIT for 30 seconds.

Connection Establishment
To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind  to and listen at a port open it up for connections, this is called a passive open. Once the passive open is established, a client may initiate an active open, to establish a connection, three way handshake occurs:

  1. SYN: The active open is performed by the client sending a SYN to the server. The client set the segments sequence number to a random value A
  2. SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received number (A+1), and the sequence number that the server chooses for the packet is another random number, B.
  3. ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value ie. A+1, and the acknowledgement number is set to one more than the received sequence number i.e B+1.

Happy TCP .. ing



Leave a Reply

Your email address will not be published. Required fields are marked *