TCP half-open: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 05:14, 28 October 2012 edit Jarble (talk \| contribs) Autopatrolled, Extended confirmed users 150,086 edits wikifying ← Previous edit		Latest revision as of 14:46, 10 May 2025 edit undo Kvng (talk \| contribs) Extended confirmed users, New page reviewers 116,147 edits format endmatter
(8 intermediate revisions by 8 users not shown)
Line 1: {{unreferenced\|date=May 2017}} The term '''half-open''' refers to [[Transmission Control Protocol\|TCP]] connections whose state is out of synchronization between the two communicating hosts, possibly due to a crash of one side. A connection which is in the process of being established is also known as '''embryonic connection'''. The lack of synchronization could be due to [[SYN flood\|malicious intent]]. == RFC 793 == According to [http://www.ietf.org/rfc/rfc0793.txt RFC 793], a TCP connection is referred to as ''half-open'' when the host at one end of that TCP connection has crashed, or has otherwise removed the socket without notifying the other end. If the remaining end is idle, the connection may remain in the half-open state for unbounded periods of time. == Stateful Firewall Timeout == Another circumstance that can lead to half-open connections is if a [[stateful firewall]] times out a connection that is idle for too long. In this case, the firewall clears its internal state, and if either side of the connection sends a packet, the firewall will drop the packet. This will often result in a half-open connection as the two sides of the connection can end up with inconsistent connection states. == Embryonic connection == ~~Nowadays, however, the~~The term ''half-open connection'' iscan ~~most~~also ~~often~~be used to describe an '''embryonic connection''', i.e. a [[Transmission Control Protocol\|TCP]] connection ~~which~~that is in the process of being established. ~~The~~[[Transmission ~~TCP~~Control ~~protocol~~Protocol\|TCP]] has a [[Three-way handshake\|three state system]] for opening a connection. First, the originating endpoint (A) sends a [[SYN (TCP)\|SYN packet]] to the destination (B). A is now in an embryonic state (specifically, SYN_SENT), and awaiting a response. B now updates its kernel information to indicate the incoming connection from A, and sends out a request to open a channel back (the [[SYN/ACK]] packet). At this point, B is also in an embryonic state (specifically, SYN_RCVD). Note that B was put into this state by another machine, outside of B's control. Line 16 ⟶ 21: == See also == * [[Transmission Control Protocol]]▼ * [[SYN flood]] * [[SYN cookies]] * [[Stateful firewall]] == References == {{refbegin}} Twingate. (n.d.). ''What is a TCP Half Open Scan?''. Retrieved May 2, 2025, from [https://www.twingate.com/blog/glossary/tcp-half-open-scan](https://www.twingate.com/blog/glossary/tcp-half-open-scan) Palo Alto Networks. (n.d.). ''TCP Half Closed and TCP Time Wait Timers''. Retrieved May 2, 2025, from [https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/session-settings-and-timeouts/tcp/tcp-half-closed-and-tcp-time-wait-timers](https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/session-settings-and-timeouts/tcp/tcp-half-closed-and-tcp-time-wait-timers) Sanchit Gurukul. (n.d.). ''Understanding TCP Half-Open Connections''. Retrieved May 2, 2025, from [https://sanchitgurukul.com/understanding-tcp-half-open-connections](https://sanchitgurukul.com/understanding-tcp-half-open-connections) ▲ [[Category:Transmission Control Protocol\|Half-Open]] {{refend}} == External links == * [http://www.ietf.org/rfc/rfc0793.txt Transmission Control Protocol DARPA Internet Program Protocol Specification] ~~[[Category:Transmission Control Protocol\|Half-Open]]~~ ~~[[Category:Article Feedback 5]]~~ ~~{{compu-network-stub}}~~ ~~[[ru:Полуоткрытое TCP/IP-соединение]]~~