TCP connection termination involves a four-way handshake: one side sends FIN, the other acknowledges and sends its own FIN, and both acknowledge the second FIN. Half-close is possible (one side closes write while reading continues). RST (Reset) abruptly terminates a connection, discarding buffered data. TIME_WAIT state persists for 2*MSL to prevent packet confusion.
Observe TCP connection termination using tcpdump in normal and abrupt (RST) scenarios. Measure TIME_WAIT duration and observe its impact on socket reuse. Test half-close behavior by closing write and continuing to read. Monitor TCP state transitions using netstat.
FIN is not the same as RST; FIN allows graceful shutdown while RST is abrupt. TIME_WAIT prevents connection confusion; reducing it can cause issues. A connection in TIME_WAIT state still occupies a socket and can prevent rapid reconnection.
You already know how TCP connections are established through the three-way handshake (SYN, SYN-ACK, ACK). Tearing them down is surprisingly more complex, because TCP is a full-duplex protocol — data can flow in both directions simultaneously, and each direction must be closed independently. The four-way handshake (sometimes called four-way FIN) handles this gracefully. When one side has no more data to send, it transmits a segment with the FIN (finish) flag set. The other side acknowledges the FIN with an ACK, but it can continue sending data — this state is called a half-close. Only when the second side also finishes sending does it transmit its own FIN, which the first side then acknowledges. At that point, both directions are closed and the connection is fully terminated.
Consider a concrete example: a web server finishes sending a response and calls `close()` on its socket. The server's TCP stack sends a FIN to the client, signaling "I have no more data for you." The client's TCP acknowledges this FIN but might still be sending data (perhaps a large file upload). During this half-closed state, data flows only from client to server. When the client finishes, it sends its own FIN, the server acknowledges it, and the connection is fully closed. This asymmetry is important — it means closing a connection is a cooperative act, not a unilateral one.
The RST (reset) flag is TCP's emergency exit. Instead of the orderly four-way handshake, a RST immediately destroys the connection. Any data in transit or buffered is discarded. RST is used when something is fundamentally wrong: a connection attempt to a closed port, a segment arriving for a connection that no longer exists, or an application that crashes without closing its sockets cleanly. It can also be sent deliberately by applications that want to abort a connection without waiting for graceful shutdown. The key difference is that FIN says "I am done sending, but let us wrap up properly," while RST says "this connection is invalid — stop everything immediately."
After the four-way handshake completes, the side that sent the last ACK enters the TIME_WAIT state, where it waits for twice the Maximum Segment Lifetime (MSL) — typically 60 seconds total — before fully releasing the connection. This seems wasteful, but it solves two critical problems. First, if the final ACK is lost, the other side will retransmit its FIN, and the TIME_WAIT state ensures the machine is still around to re-acknowledge it. Second, it prevents "ghost segments" — old, delayed packets from this connection — from being mistakenly delivered to a new connection that happens to reuse the same four-tuple (source IP, source port, destination IP, destination port). In practice, TIME_WAIT is most visible on busy servers where thousands of short-lived connections cause sockets to accumulate in this state, sometimes exhausting ephemeral ports. Understanding TIME_WAIT is essential for debugging "address already in use" errors and for configuring high-traffic servers.
No topics depend on this one yet.