Each and every communication through TCP starts with a procedure called three-way-handshake.
Here client is shown as active participant and server is shown as passive participant because client initiates (active) a connection to a server which waits (passive) for connetions on a particular port.
The three-way handshake is done in the following process:-
1. The client sends a SYN packet to the server indicating
that it wants to set a TCP connection.It also sends ISN (Initial Sequenc Number). Here ISN is x.
2. If the server is 'alive' and listening on the requested
port and can accept an incoming connection, it replies with its own SYN + ACK packet. It sends its own ISN (Initial Sequence Number)(for this connection, y ) and acknowledges the clients request by sending back client's ISN + 1 sequence number (x + 1).
3. Finally, after receiving the server's SYN + ACK
response, the client sends back an ACK packet with a sequence number of server's ISN + 1 (y + 1).
This triggers an "OPEN" connection allowing communication b/w the source and destination, until either of them issues a "FIN" packet or a "RST" packet to close the connection.
# tcpdump -n -S -t
Here, -n don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
-S print absolute, rather than relative, TCP sequence numbers.
-t don't print timestamp.
192.168.1.12.1051 > 192.168.1.11.23: S 4255483971:4255483971(0)
win 65535 (DF)
192.168.1.11.23 > 192.168.1.12.1051: S 4279842714:4279842714(0
ack 4255483972 win 32120 (DF)
192.168.1.12.1051 > 192.168.1.11.23: . ack 4279842715 win 65535 (DF)
1. First line: someone on client (192.168.1.12) is connecting to port 23 (telnet) of server (192.168.1.11). We can see that SYN flag is set (S), followed by:
4255483971:4255483971(0)
Here, 4255483971(=x) is the ISN (Initial Sequence Number) and it apears twice separated by ':' because there's no payload (0 in parentheses indicates this).
win 65535 indicates that the client has a buffer that can hold 65535 bytes.
mss 1460 indicates that the network on which the client exists can accept a maximum of 1460 bytes payload in a single packet. mss stands for maximum segment size .
<DF> requests that the packet shouldn't be fragmented.
Interesting fact: though the client has a buffer that can accept 65535 bytes of data, the network cannot accept more than 1460 bytes of payload.
2. Second line: server replies with a SYN and ACK flagged packet. It also sends its ISN (4279842714=y) and acknowledge number (clinet's ISN + 1 = 4255483972). Server's window size is 32120 and maximum segment size is 1460.
3. Third line: client sends back acknowledgement packet with a sequence number of 4279842715 (server's ISN + 1 = 4279842715).
Note that this packet has no flag set (`.' indicates that no flags were set).
Nice explanation with example....keep going
ReplyDelete