Should there be 4 packets at the end of TCP communication?

Question

Everywhere I look, people say/write that at the end of TCP communication there should be four packets. First the client send FIN-ACK, and it is ACKed by the other side, then the server sends its own FIN-ACK and it's also ACKed by the client. But when I look at the packet flow in wireshark, I always see only three packets: FIN-ACK, FIN-ACK, ACK. Take a look at the following image:

alt text

Something's missing? Should there be 4 packets or everything is just fine?

Accepted Answer

1

The 4way closing: fin - ack - fin - ack can be shortened to: fin- fin, ack - ack

You can find detailed Information here: RFC 793 hint: Figure 13

answered 30 Jun '15, 03:55

Christian_R
1.8k●2●6●25
accept rate: 16%

edited 30 Jun '15, 05:25

Could you provide some link that can cast more light on this subject?

(30 Jun '15, 04:16) morfik

See TCP Connection Termination.

(30 Jun '15, 05:51) Jaap ♦

@Jaap, in the link you gave, there's a normal closing and the simultaneous one. There's no info concerning the missing ACK packet.

(30 Jun '15, 11:24) morfik

At the RFC Figure 13 it is included. Figure 12 is telling the theoretical function and figure 13 tells you the practical one.

It is also possible to terminate the connection by a 3-way handshake, when host A sends a FIN and host B replies with a FIN & ACK (merely combines 2 steps into one) and host A replies with an ACK.[12] This is perhaps the most common method.

This sentence I had taken from here: https://en.wikipedia.org/wiki/Transmission_Control_Protocol

(30 Jun '15, 11:46) Christian_R

@Christian_R , now I get it!

(01 Jul '15, 06:07) morfik