In this lesson, you will learn how two TCP devices synchronize using TCP Three-way handshake (3-way handshake) and what are the three steps of a TCP three way handshake and how two TCP devices synchronize.

Before the sending device and the receiving device start the exchange of data, both devices need to be synchronized. During the TCP initialization process, the sending device and the receiving device exchange a few control packets for synchronization purposes. This exchange is known as Three-way handshake.

The Three-way handshake begins with the initiator sending a TCP segment with the SYN control bit flag set.

TCP allows one side to establish a connection. The other side may either accept the connection or refuse it. If we consider this from application layer point of view, the side that is establishing the connection is the client and the side waiting for a connection is the server.

TCP identifies two types of OPEN calls:

Active Open. In an Active Open call a device (client process) using TCP takes the active role and initiates the connection by sending a TCP SYN message to start the connection.

Passive Open A passive OPEN can specify that the device (server process) is waiting for an active OPEN from a specific client. It does not generate any TCP message segment. The server processes listening for the clients are in Passive Open mode.

Transmission Control Protocol TCP Three Way Handshake

TCP Three-way Handshake

Step 1. Device A (Client) sends a TCP segment with SYN = 1, ACK = 0, ISN (Initial Sequence Number) = 2000.

An Initial Sequence Number (ISN) is a random Sequence Number, allocated for the first packet in a new TCP connection.

The Active Open device (Device A) sends a segment with the SYN flag set to 1, ACK flag set to 0 and an Initial Sequence Number 2000 (For Example), which marks the beginning of the sequence numbers for data that device A will transmit. SYN is short for SYNchronize. SYN flag announces an attempt to open a connection.

Step 2. Device B (Server) receives Device A’s TCP segment and returns a TCP segment with SYN = 1, ACK = 1, ISN = 5000 (Device B’s Initial Sequence Number), Acknowledgment Number = 2001 (2000 + 1, the next sequence number Device B expecting from Device A).

Step 3. Device A sends a TCP segment to Device B that acknowledges receipt of Device B’s ISN, With flags set as SYN = 0, ACK = 1, Sequence number = 2001, Acknowledgment number = 5001 (5000 + 1, the next sequence number Device A expecting from Device B)

This handshaking technique is referred to as TCP Three-way handshake or SYN, SYN-ACK, ACK.

After the Three-way handshake, the connection is open and the participant computers start sending data using the agreed sequence and acknowledge numbers.

TCP Three-way Handshake – A Real World Example

Let us dissect the process of TCP three-way handshake, using a real world example. I am including the Wireshark screen shots also, to understand the concepts more clearly.

I am sitting at my desk and I need to open Google web page for a search. The URL is https://www.google.com. Protocol used is HTTPS over TCP and Destination TCP Port number is TCP 443. I have entered the URL in my browser and hit the “Enter” key.

Topology and IP addresses for TCP Three-way handshake study are shown below.

TCP 3 Way Handshake topology

Step 1: First step in establishing a reliable TCP connection (using Three-way handshake) between my computer and the Web Server is to send a TCP segment, with SYN flag set to 1, to the Web Server. All other TCP Flags are set to 0. The TCP Segment with SYN Flag set to 1, is informing the Web Server that My computer wants to open a TCP session with the Web Server.

The Initial Sequence Number (ISN) generated by the TCP/IP protocol stack in my computer is 2605483508.

TCP 3 way handshake syn

TCP SYN Capture

Key values for the TCP Three-Way handshake SYN request (Sent from My Computer to Web Server) are shown in below table.

Sequence Number 2605483508 (My Initial Sequence Number)
SYN flag 1
ACK flag 0
Source IP Address 192.168.0.84 (My IP Address)
Destination IP Address 74.125.236.82 (Web Server’s IP Address)
Source TCP Port Number 57452 (Private Port Number, between 49152–65535, opened by the TCP/IP protocol stack running in my computer for this connection)
Destination TCP Port Number 443 (Well-known port number for HTTPS, where the Web Server is listening for incoming requests)

Step 2: After receiving the SYN request from my computer, the Web Server replied back with a TCP SYN-ACK packet. In a TCP SYN-ACK packet, both SYN and ACK flags are set to 1 and the remaining TCP Flags are set to 0.

The SYN Flag set to 1 is to inform my computer that the Web Server is also willing to open a TCP session with my computer. The ACK Flag set to 1 is to Acknowledge previous TCP SYN reqest.

Initial Sequence Number (ISN) generated by the TCP/IP protocol stack running on the Web server is 877776654. The Acknowledgement number 2605483509 is to inform My Computer that the previous data was received successfully. Acknowledgement number poins that the next Sequence Number of the TCP segment from my computer to the Web Server should be 2605483509.

Note that the Acknowledgment number is increased by 1 if SYN, ACK or FIN flags are set in a received TCP packet. If the TCP packet is carrying data, the Acknowledgment number is increased according to the size of the data the packet is carrying.

TCP 3 way Handshake SYN ACK

TCP SYN ACK Capture

Key values for the TCP Three-Way handshake SYN-ACK message (Sent from Web Server to My Computer) are shown in below table.

Sequence Number 877776654 (Web Server’s Initial Sequence Number)
Acknowledgement number 2605483509 (Web Server’s Acknowledgement number)
SYN flag 1
ACK flag 1
Source IP Address 74.125.236.82 (Web Server’s IP Address)
Destination IP Address 192.168.0.84 (My IP Address)
Source TCP Port Number 443 (Well-known port number for HTTPS, where the Web Server is listening for incoming requests)
Destination TCP Port Number 57452 (Private Port Number, between 49152–65535, opened by the TCP/IP protocol stack running in my computer for this connection)

Step 3: The final step in establishing a TCP reliable connection using Three-Way handshake is to send back a TCP ACK packet to the Web Server, for the SYN-ACK packet we received in last step.

My Sequence number is 2605483509, as specified as the Acknowledgement number in the previous SYN-ACK packet. My Acknowledgement number to the Web Server is 877776655.

TCP 3-way Handshake Ack

TCP ACK Capture

Key values for the TCP Three-Way handshake ACK message (Sent from My Computer to Web Server) are shown in below table.

Sequence Number 2605483509
Acknowledgement number 877776655
SYN flag 0
ACK flag 1
Source IP Address 192.168.0.84 (My IP Address)
Destination IP Address 74.125.236.82 (Web Server’s IP Address)
Source TCP Port Number 57452 (Private Port Number, between 49152-65535, opened by the TCP/IP protocol stack running in my computer for this connection)
Destination TCP Port Number 443 (Well-known port number for HTTPS, where the Web Server is listening for incoming requests)

Once the TCP Three-way handshake ACK message is sent, TCP connection is Established and the computers can now start communicating reliably using TCP.

You have learned what is TCP Three-way hand shake (3-Way handshake), the three steps of a TCP three way handshake and how two TCP devices synchronize. Click “Next” to continue.

Cited from:

http://www.omnisecu.com/tcpip/tcp-three-way-handshake.php

Advertisements