loading...

TCP 3 Way Handshake In Detail

snj profile image Nick Mose Originally published at coderscat.com on ・2 min read

aptitudefordummies.wordpress.com

TCP is a connection-oriented protocol and provides reliable communication. Before TCP transmits data, it will use the three-way handshake to establish a connection.

Why we need a 3-way handshake

Suppose Alice and Bob want to have a talk through a phone. During the old days. the connection is not stable. Before they beginning to talk with each other, they want to have a double-check about the connectivity.

So, this is the normal starting:

tcp-handshake.png

Similarly, TCP’s 3-way handshake is the process of exchanging some data to make sure 2 things:

  1. Sending data from client to server is OK
  2. Sending data from server to client is OK

The process

The overall process of 3-way handshake is:

tcp-3-handshake-process.png

SYN means synchronization of the sequence numbers. Client and server communicate each other their initial sequence numbers which are crucial for the communication to start.

Note : All the TCP segments which consume sequence numbers must be acknowledged by the peer. If no acknowledgment is received for this segment, it will be retransmitted until it reaches the specified number of times.

This is one important reason that TCP could provide a reliable data transmission.

What is ack/syn?

ack and syn are both flag bits of TCP header:

CAPTURE-2020_03_10_tcp-connection-3-handshake.org_20200310_131301.png

The sequence number and acknowledgment number are both 32 bits.

How the initial sequence number is generated?

Initial Sequence Number (aka ISN) does not start from 0, and both parties of the communication generate it separately.

Why ISN can not be a fixed number?

  1. For security. If the ISN of a connection is known, it is easy for an attacker to construct a sequence number. The source IP and source port numbers are easy to forge. In this way, an attacker can forge an RST packet and force the connection to close.
  2. A dynamically growing ISN can guarantee that segments in the right order.

What will happen if the client sends ack, but the server does not respond?

Defaultly, client will retry in 2 seconds, then 4 second, then 8 seconds … until it tried 6 times. This number is configured by /proc/sys/net/ipv4/tcp_syn_retries.

What else

CAPTURE-2020_03_10_tcp-connection-3-handshake.org_20200310_171943.png

From the captured result by Wireshark. Except for SYN, ACK, Sequence number, there are some other parameters contained.

MSS (Maximum Segment Size), MSS = 1460 for client is MSS = 1360 for server.

WS (Windows Scaling), which used to control the maximum TCP receive window size, more details please refer to RFC1323.

There are more parameters, they are important configuration parameters for both sides to know before TCP transmission start.

The post TCP 3 Way Handshake In Detail appeared first on CodersCat.

Posted on Dec 25 '19 by:

snj profile

Nick Mose

@snj

Programming for 16 years. Write stuff about programming and writing on coderscat.com. Programming languages, security, algorithms.

Discussion

markdown guide