The article is intended for anyone who is familiar with TCP/IP and explains the TCP three-way handshake process.
I have captured the traffic between the client PC and a web server (example.net) using Wireshark.
To establish a connection between client and server, TCP uses a process called three-way handshake. (SYN, SYN-ACK, ACK)
First thing first, why is three-way handshake called as a three-way handshake? The reason being is that three segments are exchanged between the client and the server for TCP connection to be established.
The following sequence shows the process of a TCP connection being established.
Step 1Packet# 1
The client wants to initiate a connection to the server (18.104.22.168). So, the client sends a packet with SYN bit set. SYN flag announces an attempt to open a connection.
If you look at the TCP header, the source port is randomly selected by Windows and the destination is well-known port 80. Length of the data is zero because this is a SYN packet and no data is transmitted in this stage. If you look at the sequence number, the value is set to zero by Wireshark (Relative sequence number).
The actual value would be a 32 bit randomly selected number which we humans will find hard to keep up with. From the screenshot you can see the actual SEQ number from the client is 1932704549 (I have also attached the picture which shows the actual 32 bits sequence number below)
Step 2Packet# 2
In step 2, the server will respond to the client with ACK and SYN bit set. Like step 1, Length of the data is zero, no data is transmitted in this stage. The sequence number is set to 0 (relative) and acknowledges the request of the client for synchronization. The server sends an acknowledgment of 1 to the client. The ACK is specific to the SYN the client sent. The acknowledge number is set to one more than the receive sequence number.
Step 3Packet# 3
Finally, the client acknowledges the server’s request for synchronization with ACK 1. The ACK is specific to the SYN the server sent. The acknowledge number is set to one more than the receive sequence number.
The above process creates a reliable OSI Layer 4 connection between two hosts.
i am confused policing drops data that exceeds the set amount in bandwidth, and can resend data but shaping slows down data and can resend data ? I Was reading the Cisco cert guild can you apply shaping and policing on the queues?
Hi, I´m planning implement private vlan for all switches on network, 15 switches on all network ( there are 15 floors separetd by vlan 1-15). The purpose is block the hosts communicate each other on same network. I dont have ISE to implemment the bes...
Hi, I am trying to utilize DLEP with the EIGRP routing algorithm. If I query the system with "sh dlep neighbors," I see the correct CDR(Current Data Rate) for two radios connected with DLEP to the router, one having a data rate half of the other...
Hello everyone, I'm doing a review of some Cisco devices (switches and routers) and one of the questions I need to respond to is the date when the last patch was applied to the devices. Is there a way I can determine that from the equipment?
Hi there, I would like to use IP SLA UDP Jitter to alert when the MOS score is greater than 3.5. My config: ip sla 2udp-jitter 22.214.171.124 5000 codec g711alawtos 184threshold 60timeout 500frequency 15history hours-of-statistics-kept 1history en...