TCP FIN PACKET
Some of the applications often leave a connection open long after data has been transmitted, although the connection is no longer required. This typically happens when a connection is not deliberately closed as part of the transmission and is terminated later when the connection times out. This is an inefficient way to close a TCP connection. Let’s get a deep dive on TCP FIN.
TCP FIN packet is required to close a connection. During normal circumstances both sides are sending and receiving data simultaneously. Connection termination typically begins with one side signalling that it wants to close the connection to ensure that the connection is shutting down gracefully. TCP Connection termination is a 4-way handshake and not a 3-way handshake. To understand these requirements, it’s important to remember two TCP flags:
- FIN-ACK — Indicates acknowledgment of FIN packet.
- FIN — Indicates no more data will be transmitted from the sender.
When either side of a TCP data transmission is done, FIN signal is sent to close the connection. When one side receives a FIN, it must intimate to the application the other side is shutting down transmission. Application data transmission stops sending packets to the other side, while this side acknowledges FIN packet with an FIN-ACK. Even though a TCP connection is established with a three-way handshake (SYN, SYN-ACK, ACK), it can be terminated in various ways.
1) User initiates FIN to CLOSE the connection.
2) Remote TCP initiates by sending a FIN control signal.
3) Both users CLOSE simultaneously.
Related – TCP FIN VS RST Packets
Case 1: Local user initiates the close
In this case, a four-way handshake termination could begin, when one side transmits a FIN packet which the other side acknowledges with an ACK. No further data from the user will be accepted by the TCP and it enters the FIN-WAIT-1 state. FIN will be retransmitted until acknowledged. When the other Server has acknowledged the FIN and sent a FIN of its own, the client can ACK this FIN. Note that client receiving a FIN will ACK but not send its own FIN until its user has CLOSED the connection. After both FIN and ACK exchange has been concluded, the terminating side waits for a timeout before finally closing the connection.
Case 2: TCP receives a FIN from the network error
If an unsolicited FIN arrives from the network, the receiving side can ACK it and tell the user that the connection is closing. The user will respond with a CLOSE upon which the client can send a FIN to the server after sending any remaining data. The TCP then waits until its own FIN is acknowledged, from whereon it deletes the connection. If an ACK is not received after the user timeout, the connection is aborted. Half close connections are closed independently of each other. Each host closes its half-duplex connection independently of each other. This means closing of two unidirectional connections is unsynchronized.
In such a case, only one half duplex connection is closed. TCP connection is half-open if one end has aborted the session without the knowledge of the other end. This can happen any time when one of the two host crashes. When no attempt is made to transfer data across a half-open connection, one end that’s still up won’t detect that the other end has crashed.
Another common scenario of a half-open connection is when a client workstation is powered off. This happens when hosts are being used to run Telnet to server. If there is no data transfer going on between client-server and the user establish connection again after some time when workstation get power on, a new Telnet session initiated but previous connection is still active from server side but closed from client side. This way, many TCP half-open connections keep active on the server.
Related – TCP FLAGS
Case 3: Both users Close Simultaneously
A simultaneous CLOSE by client and server end connection causes FIN segments to be exchanged. When all segments preceding the FINs have been processed and acknowledged, each TCP can ACK the FIN has received. Both end terminate session upon receiving these ACKs to delete the connection.
The connection termination phase uses a 4-way handshake with each side of the connection terminating. When both end want to terminate the established session, they sends the FIN packet. Which was acknowledged by an ACK from both sides and the data transmission stops.