TCP Three Way HandShake

Hi All, Today I’m going to talk about another important topic. TCP Three Way Handshake. From a previous post we talked about the Transport Layer Protocols. There we talked about the TCP protocol as well. Please refer that post before going through this one if you don’t have any idea what a transport layer protocol is.

As we know already, TCP is a reliable transport layer protocol which makes TCP/IP protocol as a reliable one. Also we know that it is connection oriented. All these things depend on the TCP three way handshake procedure. So TCP need the client and server to do a verification process known as three way handshake and establish a connection before sending other data.  This is known as three way because it includes three packets to be transmitted  to establish the connection. Let’s see how it’s happening with an example. Here I’m using a Wireshark captured packets to show how it happens in real world.

SYN

This is the first message of the three way handshake. Client who wants to connect to a server sending a SYN message to the server.

Screenshot from 2016-08-26 07:56:07

Here you can see the source port and the destination port is set as 49061(client) and 8181(server). Then there is a Sequence Number set to 0. This is a random number pick by the client for security reasons. Also you can see that the SYNchronized is set to 1 as well. So this is the first message of the three way handshake send by the client to the server asking for the connection establishment before sending data.

SYN+ACK

Then when the server receives this SYN sent by the client, server will send a SYN+ACK to the client, saying that he received the SYN sent by client and he wants to established the connection.

Screenshot from 2016-08-26 08:01:13.png

Here you can clearly see that now the source port is 8181(server) and the destination port is 49061(client). So this is the second message of the three way handshake which is sent by the server to the client. Server is sending a Sequence Number as well, which is set to 0. Again this is a random number picked by the server because of security reasons. Next one, ACKnowledgment is set to 1. If you can remember, client sends its Sequence Number as 0. So here what server has done is increment it by one and sending it back to the client. So now when the client receives this packet, he knows that this is the same sever to which I send the SYN. Also you can see that the Acknowledgment is set to 1. Also the Syn is set to 1.

ACK

Screenshot from 2016-08-26 08:06:47.png

This is the last message of the three way handshake. This is another ACK send by the client to the server. You can verify it by checking the port numbers. Source port is 49061(client) and the destination port is 8181(server). Here you can see the Sequence number is set to 1. It’s the same one as previous. Then the ACKnowlegment is set to 1. If you can remember the server sent it’s Sequence Number as 0. So now what client has done is he has increased it by 1 and sending it back to the sever. So when the server receives this packet, it knows that this is the same client with whom which I exchange the previous packet. Also the ACKnowlegment is set to 1 as well.

FIN+ACK

Now both parties know each other very well, connection is established. Now they can exchange their data over the created TCP connection. When each one of them wants to close the connection and stop the data transmission it will send a FYN+ACK.

Screenshot from 2016-08-26 08:12:31.png

Here you can see the source port is 49061(client) and the destination port is 8181(server). The Sequence Number is set to 338. So there was a data transmission before this packet. That’s why it have some different number. Also the FIN is set 1.

ACK

After server receiving the FIN sent by the client, it will accept and send a ACK for the FIN saying ok, I got your message and now we can close the connection.

Screenshot from 2016-08-26 08:15:22.png

Here the source port is 8181(server) and the client is 49061(client). The ACKnowledgment Number is set to 339. Increment the received Sequence Number by one. Also the ACK is set to 1. After this the connection will be closed. So after that no one will be able to send any data or control packet between client and server.

Hope now you have a clear idea about the TCP three way handshake procedure. Hope to see you soon with another interesting topic. Thank You!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s