1. C2S: SYN
    1. SYN With a random sequence number . We do this rather than assume 0 for security and reliability reason (no overlay window).
    2. Win
    3. MSS
    4. SACK_PERM (Selective ACK)
    5. WS
  2. S2C: [SYN, ACK].
    1. SYN with a sequence number and set the ACK bit to 1, acknowledge (received the SYN)
    2. Win
    3. 0 length
  3. C2S: [ACK]
    1. Acknowledge .
    2. Finalize Win
    3. 0 length


The SYN Queue

  • stores inbound SYN packets (struct inet_request_sock)
  • responsible for sending out SYN+ACK packets and retrying them on timeout.
  • After transmitting the SYN+ACK, it waits for the last ACK packet from the client
    • All received ACK packets must first be matched against the fully established connection table, and only then against data in the relevant SYN Queue.
    • On SYN Queue match, the kernel removes the item from the SYN Queue. Creates a struct inet_sock, adds it to the Accept Queue
$ sysctl net.ipv4.tcp_synack_retries
net.ipv4.tcp_synack_retries = 5

The Accept Queue


  • Stores fully established connections: ready to be picked up by the application.
  • When a process calls accept(), the sockets are de-queued and passed to the application.


The maximum allowed length of both the Accept and SYN Queues is taken from the backlog parameter passed to the listen(2) syscall by the application.

SYN Cookies

allows the SYN+ACK to be generated statelessly, without actually saving the inbound SYN and wasting system memory.


  1. A -> B: FIN, seq , ACK
  2. B -> A: (Data+) ACK , continue sending unfinished packets
  3. B -> A: FIN, seq , ACK
  4. A -> B: ACK
  • Problems with closed socket
    • What if final ack is lost in the network?
    • What if the same port pair is immediately reused for a new connection?
  • Solution:“active” closer goes into TIME WAIT
    • Active close is sending FIN before receiving one
    • Keep socket around for 2MSL (twice the “maximum segment lifetime”)
  • Can pose problems with servers
    • OS has too many sockets in TIMEWAIT, slows things down
    • Hack: Can send RST and delete socket, set SO_LINGER socket option to time O
    • OS won’t let you re-start server because port still in use (SO_REUSEADDR option lets you re-bind used port number)


Naked ACK

ACK sent without any data payload

Delay ACK

When one side of TCP receives data, it should reply with an ACK to the data. But If you also have a data to send, you can delay the ACK and include data within it (since ACK is only a flag in the packet)