- The TCP handshake. TCP uses a three-way handshake to establish a reliable connection. The connection is full duplex, and both sides synchronize (SYN) and acknowledge (ACK) each other. The exchange of these four flags is performed in three steps—SYN, SYN-ACK, and ACK
https://www.sciencedirect.com/topics/computer-science/three-way-handshake
- The client chooses an initial sequence number, set in the first SYN packet. The server also chooses its own initial sequence number, set in the SYN/ACK packet shown in Figure 3.8. Each side acknowledges each other's sequence number by incrementing it; this is the acknowledgement number. The use of sequence and acknowledgment numbers allows both sides to detect missing or out-of-order segments.
Once a connection is established, ACKs typically follow for each segment. The connection will eventually end with a RST (reset or tear down the connection) or FIN (gracefully end the connection).
https://www.sciencedirect.com/topics/computer-science/three-way-handshake
By default, Wireshark converts all sequence and acknowledgement numbers into relative numbers. This means that all SEQ and ACK numbers always start at 0 for the first packet seen in each conversation
TCP SYN
Since this is the start of the TCP connection, the client sends a TCP packet with the sequence number set to 0.
the first TCP packet sent from the client to the server includes SYN seq=0 in the Info field.
see that “Sequence number: 0” and expand the “Flags” field in the details section to also see that the Syn bit is “Set”.
https://madpackets.com/2018/04/10/tcp_handshake/
TCP SYN-ACK
see the server respond with a SYN-ACK message with Seq=0 and Ack=1.
for the TCP handshake example, if the client sends a seq=0, the server responds with ack=1. The packet is identified as a SYN-ACK packet by looking at the packet listing field and also by looking at the packet details field
TCP ACK
the TCP session sends an acklowledgement to complete the 3-way handshake. (Reminder that the Syn bit is not set). Note that the syn=1 and ack=1, because the TCP-Syn from the server sent a seq=0 and ack=1 in the TCP Syn-Ack
- The TCP level of the TCP/IP transport protocol is connection-oriented. Connection-oriented means that, before any data can be transmitted, a reliable connection must be obtained and acknowledged. TCP level data transmissions, connection establishment, and connection termination maintain specific control parameters that govern the entire process. The control bits are listed as follows:
URG: Urgent Pointer field significant
ACK: Acknowledgment field significant
PSH: Push Function
RST: Reset the connection
SYN: Synchronize sequence numbers
FIN: No more data from sender
There are two scenarios where a three-way handshake will take place:
Establishing a connection (an active open)
Ending a connection (an active close)
Frame 1:
It's a request to the server to synchronize the sequence numbers. It specifies its initial sequence number (ISN). The ISN is incremented by 1 (8221821+1=8221822), and is sent to the server. To start a connection, the client and server must synchronize each other's sequence numbers.
The Acknowledgment field (ack: 0) is set to zero because it's the first part of the three-way handshake.
Frame 2:
the server, BDC3, sends an ACK and SYN segment (TCP .A..S.)
In this segment, the server is acknowledging the request of the client for synchronization.
Meanwhile, the server is also sending its request to the client for synchronization of its sequence numbers.
The server transmits an acknowledgment number (8221823) to the client.
The acknowledgment is just proof to the client that the ACK is specific to the SYN the client initiated.
The process of acknowledging the client's request allows the server to increment the client's sequence number by one and uses it as its acknowledgment number
Frame 3:
the client sends an ACK segment (TCP .A....)
In this segment, the client is acknowledging the request from the server for synchronization. The client uses the same algorithm the server implemented in providing an acknowledgment number. The client's acknowledgment of the server's request for synchronization completes the process of establishing a reliable connection and the three-way handshake.
Ending a connection
Although the three-way handshake only requires three packets to be transmitted over our networked media, the termination of this reliable connection needs to transmit four packets. Because a TCP connection is full-duplex (data can flow in each direction independent of the other), each direction must be terminated independently.
Frame 4:
the client sending a FIN that's accompanied by an ACK (TCP .A...F). This segment has two basic functions. First, when the FIN parameter is set, it will inform the server that it has no more data to send. Second, the ACK is essential in identifying the specific connection they've established
Frame 5:
the server acknowledging the FIN that was transmitted from the client.
Frame 6:
After receiving the FIN from the client computer, the server will ACK. Even though TCP has established connections between the two computers, the connections are still independent of one another. So the server must also transmit a FIN (TCP .A...F) to the client.
Frame 7:
The client responds in the same format as the server, by ACKing the server's FIN and incrementing the sequence number by 1.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/three-way-handshake-via-tcpip
- SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment's sequence number to a random value A.
SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number i.e. A+1, and the sequence number that the server chooses for the packet is another random number, B.
ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A+1, and the acknowledgement number is set to one more than the received sequence number i.e. B+1.
At this point, both the client and server have received an acknowledgment of the connection. The steps 1, 2 establish the connection parameter (sequence number) for one direction and it is acknowledged. The steps 2, 3 establish the connection parameter (sequence number) for the other direction and it is acknowledged. With these, a full-duplex communication is established.
https://ddos-guard.net/en/terminology/protocols/tcp-3-way-handshake
3 Way Handshaking by Wireshark
No comments:
Post a Comment