The article is intended for anyone who is familiar with TCP/IP and explains the TCP three-way handshake process.
I have captured the traffic between the client PC and a web server (example.net) using Wireshark.
To establish a connection between client and server, TCP uses a process called three-way handshake. (SYN, SYN-ACK, ACK)
First thing first, why is three-way handshake called as a three-way handshake? The reason being is that three segments are exchanged between the client and the server for TCP connection to be established.
The following sequence shows the process of a TCP connection being established.
Step 1Packet# 1
The client wants to initiate a connection to the server (184.108.40.206). So, the client sends a packet with SYN bit set. SYN flag announces an attempt to open a connection.
If you look at the TCP header, the source port is randomly selected by Windows and the destination is well-known port 80. Length of the data is zero because this is a SYN packet and no data is transmitted in this stage. If you look at the sequence number, the value is set to zero by Wireshark (Relative sequence number).
The actual value would be a 32 bit randomly selected number which we humans will find hard to keep up with. From the screenshot you can see the actual SEQ number from the client is 1932704549 (I have also attached the picture which shows the actual 32 bits sequence number below)
Step 2Packet# 2
In step 2, the server will respond to the client with ACK and SYN bit set. Like step 1, Length of the data is zero, no data is transmitted in this stage. The sequence number is set to 0 (relative) and acknowledges the request of the client for synchronization. The server sends an acknowledgment of 1 to the client. The ACK is specific to the SYN the client sent. The acknowledge number is set to one more than the receive sequence number.
Step 3Packet# 3
Finally, the client acknowledges the server’s request for synchronization with ACK 1. The ACK is specific to the SYN the server sent. The acknowledge number is set to one more than the receive sequence number.
The above process creates a reliable OSI Layer 4 connection between two hosts.
I have a Cisco C2960 in production which was compromised. The switch has been pulled and I'm trying to determine if the IOS image was tampered with. Since the switch is End-of-Life / End-of-Support, I'm unable to get from Cisco what the hash is to va...
Hello, We have Cisco 2960X with two etherchannels (2 ports each). One is static (mode on) to ESXi host and other active to another switch. On ESXi host load balancing policy is set to src-dst-ip (called IP hash) and it works as I see traffic on both ...
1)May I know the difference of ISIS metric-type internal and external while redistributing ? 2)I have configured metric-type external alone without metric keyword while redistributing but it is not effecting. May I know the reason why does not I...
Hi Team,I have Configured NAT64 on an ASR. It appears everything is working as required until the outgoing DNS64 Addressed IPv6 packets 'hit the NAT64 server (ASR)' on Int GE0/0/0. Int GE0/0/3.31211 is connected to the IPv6 only host. Keen to hear what th...
For the corp network, we have a velocloud router as the edge device connects to a branch office's velocloud router. Velocloud devices are managed by a 3rd part company which provided our internet connectivity. They work with ATT or Spectrum to provide us ...