𝗛𝗼𝘄 𝗕𝗮𝗰𝗸𝗲𝗻𝗱 𝗔𝗰𝗰𝗲𝗽𝘁 𝗖𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝗼𝗻𝘀.

The TCP Connection Lifecycle
Server Binds and Listens
• The server creates a listening socket and binds it to a port.
• It calls the listen() system call to mark the socket as passive, ready to accept connections.(example : port 3000)

𝗦𝗬𝗡 𝗤𝘂𝗲𝘂𝗲
• When a client initiates a connection, the TCP handshake begins:

1. Client sends a SYN (synchronize) packet to the server.
2. The server responds with a SYN-ACK (synchronize-acknowledge).
3. The client completes the handshake with an ACK.

• Before the handshake completes, the connection is placed in the SYN queue.
• Connections in this queue are in a half-open state (SYN received but not yet acknowledged by the client).
• If the handshake isn't completed (e.g., due to a timeout), the entry is dropped from the SYN queue.

𝗔𝗰𝗰𝗲𝗽𝘁 𝗤𝘂𝗲𝘂𝗲
• Once the TCP handshake completes, the connection moves from the SYN queue to the accept queue.
• The server can then call the accept() system call to retrieve the connection.

𝗙𝗶𝗹𝗲 𝗗𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗼𝗿
𝘐𝘵'𝘴 𝘢𝘯 𝘪𝘯𝘵𝘦𝘨𝘦𝘳 𝘵𝘩𝘢𝘵 𝘴𝘦𝘳𝘷𝘦𝘴 𝘢𝘴 𝘢𝘯 𝘪𝘯𝘥𝘦𝘹 𝘵𝘰 𝘢𝘯 𝘦𝘯𝘵𝘳𝘺 𝘪𝘯 𝘵𝘩𝘦 𝘧𝘪𝘭𝘦 𝘥𝘦𝘴𝘤𝘳𝘪𝘱𝘵𝘰𝘳 𝘵𝘢𝘣𝘭𝘦 𝘮𝘢𝘪𝘯𝘵𝘢𝘪𝘯𝘦𝘥 𝘣𝘺 𝘵𝘩𝘦 𝘰𝘱𝘦𝘳𝘢𝘵𝘪𝘯𝘨 𝘴𝘺𝘴𝘵𝘦𝘮. 𝘛𝘩𝘪𝘴 𝘪𝘯𝘵𝘦𝘨𝘦𝘳 𝘳𝘦𝘱𝘳𝘦𝘴𝘦𝘯𝘵𝘴 𝘢 𝘳𝘦𝘧𝘦𝘳𝘦𝘯𝘤𝘦 𝘵𝘰 𝘢𝘯 𝘰𝘱𝘦𝘯 𝘧𝘪𝘭𝘦 𝘰𝘳 𝘴𝘰𝘤𝘬𝘦𝘵

• The accept() call returns a new file descriptor representing the client connection.
• The server application uses this descriptor to read from and write to the client socket.

𝗖𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝗼𝗻 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁:
𝙎𝙔𝙉 𝙌𝙪𝙚𝙪𝙚 𝙊𝙫𝙚𝙧𝙛𝙡𝙤𝙬𝙨:
• If the SYN queue is full, new connection attempts are dropped.
• Mitigation: Tune kernel parameters like 𝘯𝘦𝘵.𝘪𝘱𝘷4.𝘵𝘤𝘱𝘮𝘢𝘹𝘴𝘺𝘯_𝘣𝘢𝘤𝘬𝘭𝘰𝘨 or use SYN cookies.

𝗔𝗰𝗰𝗲𝗽𝘁 𝗤𝘂𝗲𝘂𝗲 𝗢𝘃𝗲𝗿𝗳𝗹𝗼𝘄𝘀:
• If the accept queue is full, new connections are ignored or reset.
• Mitigation: Increase the backlog size in the listen() call and adjust net.core.somaxconn.

𝗙𝗶𝗹𝗲 𝗗𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗼𝗿 𝗘𝘅𝗵𝗮𝘂𝘀𝘁𝗶𝗼𝗻:
• The system has a limit on open file descriptors (ulimit -n or /proc/sys/fs/file-max).
• Exceeding this limit prevents new connections.
• Mitigation: Increase the descriptor limit for the process.