I have a TCP server that listens for an incoming client, then sends it one packet of data every second. I was wondering, does the SYN/ACK packet only get sent on initial connection, so it looks like this:
<client connect>
SYN
ACK
DATA
DATA
DATA
<client disconnect>
Or does it get sent with every packet, like this?
<client connect>
SYN
ACK
DATA
SYN
ACK
DATA
SYN
ACK
DATA
<client disconnect>
Also, if it's the first case, are there any benefits of UDP over TCP if you just keep the connection open over a long period of time?
SYN is only at the beginning.
ACK is on subsequent segments in either direction. [edit]The ACK will also define a window size. If the window size is 100 for example, the sender can send 100 segments before it expects to receive an ACK. E.g If sender sends 100 segments but segment number 50 gets lost, then receiver will get 1-49 & 51 -100. Receiver will then ACK for 50 (next segment it expects) and set window size to 1. Sender will resend 1 segment with sequence number 50. Receiver will then ACK for 101 and set the window size back up to a higher number [edit]
Both are actually fields in the TCP header and can be sent with data, though the SYN and the first ACK typically are data-less.
So neither of the scenarios you describe is quite correct. The first is actually closer to reality, but all the data packets after the SYN do have to include an ACK, and also an acknowledgement number field which identifies the number of the next packet expected.
The end of a session also involves handshakes with FIN flagged packets and ACKs relating to them.
The exchanged sequence numbers are used to identify lost packets and enable a retry mechanism, and also to reassemble the entire stream of packets in the correct order.
With UDP you can't just keep the connection open over a long period of time. There is no connection.
This sequence of SYN/ACK/FIN flags is what makes a connection.
With UDP, there are no SYNs or ACKs, so communication is one-way, delivery is not guaranteed and order is not preserved. But it has less overhead, so it's useful when speed is more important than reliability, as for example in streaming media.
This is a bit simplified yet, but it's the best I can do at the moment.
There's much more on this in the wikipedia entry on TCP and of course in the RFCs.
Picture this: The original TCP standard RFC 793 allowed data to be sent with the first SYN packet though. However, that's not the case today. What you get is a separate SYN packet during initiation of the Three-Way-Handshake from the requestor of the connection. Suppose A requests to connect with B, thus A sends a packet with a SYN bit set. B responds with an ACK to acknowledge receipt and sends A the ACK + SYN packets. Data can then be transmitted henceforth.
Dordal has a very good explanation on this matter. Click this link here.
It's kinda like:
SYN starts a connection; you'll usually only see it when the connection's being established. But all data being sent via TCP requires an ACK. Every byte sent must be accounted for, or it will be retransmitted (or the connection reset (closed), in severe cases).
Actual connections aren't usually exactly like the diagram above, though, for two reasons:
Most TCP/IP stacks try to reduce the number of naked ACKs without unduly risking retransmission or a connection reset. So a conversation like this one is quite possible:
As for UDP, there's no built-in concept of SYN and ACK -- UDP is by nature "unreliable", and not connection-oriented, so the concepts don't apply as much. Your acknowledgement will usually just be the server's response. But some application-layer protocols built on top of UDP will have some protocol-specific way of acknowledging data sent and received.