I've been reading that to terminate a TCP connection 3 handshakes are required: FIN, FIN ACK, and ACK. However, when closing a connection, Wireshark displays FIN ACK, FIN ACK, ACK; it never displays FIN by itself.
However, when establishing a connection Wireshark clearly displays the three handshakes: SYN, SIN ACK, ACK.
So I'm kinda confused why when closing the connection the three handshakes aren't displayed like that.
A TCP implementation might send a standalone FIN in the first closing segment. However, it can also send a FIN ACK, instead.
The latter is strictly better: the implementation can bundle a "free" ACK with the FIN segment without making it longer. This is because, if you don't ACK, there is still room in the segment for the ACK number, which will be ignored, and waste bandwidth. Hence the last-sent ACK is simply re-sent, just in case the receiver missed it.
This is true for all TCP segments. Hence, except for the very first SYN segment, where the sender has no information about the ACK number, all the other segments will usually have the ACK flag on.
