In this section we will learn how the TCP opens and closes its connections. In order to establish a connection, the three-way handshake procedure is used as described in the following section.
The three-way handshake is a connection establishment procedure from the client socket to the server socket, as shown in the following image:
Before the start of the TCP three-way handshake, the client will be in the CLOSED state and the server will be in the LISTEN state as shown:
|
SN |
TCP-A (122.167.84.137) state |
Flow CTL |
TCP-B (10.0.0.221) state | ||
|
From |
To |
From |
To | ||
|
1 |
CLOSED |
CLOSED |
LISTEN | ||
The TCP state machine
To examine a three-way handshake in Wireshark, open the normal-connection.pcap file provided in the book.
The first step of the handshake process is that the socket client will construct a SYN packet and send it to the server. During this process the socket client will perform the following tasks:
tcp.flags.synis set to1and its SYN packet is sent by the client.- The client generates and sets the
tcp.seq=3613047129the initial sequence number (ISN). Wireshark shows, by default, relative sequence numbers; a user can change this setting under: Edit | Preferences | Protocols | TCP | Relative sequence numbers. - The client sets
tcp.ack =0. - The
tcp.window_sizeis advertised to the server and its value is in the packettcp.window_size_value == 65535,which tells it that it can transmit up to65535bytes of data depending on MSS. For example if MSS is 1440 bytes, the client can transmit 45 segments. - TCP client includes other
tcp.optionssuch as Maximum Segment Size (MSS), No-Operation (NOP), window scale, timestamps, and SACK permitted. - The client chooses
tcp.options.sack_perm == 1in the "selective acknowledgements" processing. - TSval/TSecr is the timestamp
tcp.options.timestamp.tsval == 123648340.
The following table depicts the state transition of the first handshake message:
|
Sr. No. |
TCP-A (122.167.84.137) state |
Flow CTL |
TCP-B (10.0.0.221) state | ||
|
From |
To |
From |
To | ||
|
1 |
CLOSED |
CLOSED |
LISTEN | ||
|
2 |
CLOSED |
SYN_SENT |
<SEQ=3613047129><CTL=SYN> |
LISTEN | |
TCP state machine changes SYN_SENT
In this process the server responds to the client's SYN:
- The server sets
tcp.flags.syn =1andtcp.flags.ack=1, confirming that the SYN has been accepted. - The server generates and sets ISN
tcp.seq=2581725269. - The server sets
tcp.ack=3613047130as the clienttcp.seq+1. - The server sets
tcp.window_size_value == 26847as the server window size. - The server sets
tcp.optionsand responds to the client.
The following table depicts the state transitions of the second handshake message:
|
Sr. No. |
TCP-A (122.167.84.137) state |
Flow CTL |
TCP-B (10.0.0.221) state | ||
|
From |
To |
From |
To | ||
|
1 |
CLOSED |
CLOSED |
LISTEN | ||
|
2 |
CLOSED |
SYN_SENT |
<SEQ=3613047129><CTL=SYN> |
LISTEN | |
|
3 |
SYN_SENT |
<SEQ=2581725269><ACK=3613047130><CTL=SYN,ACK> |
LISTEN |
SYN-RECEIVED | |
TCP state machine changes when SYN-RECEIVED is sent by the server
After successfully exchanging this message, the TCP connection will be established in this connection:
- The client sets
tcp.flags.ack == 1and sends to the server. - The client
tcp.seq=3613047130is ISN+1 andtcp.ack=2581725270isSYN_ACK( tcp.seq+1). - The client window size is set again and this will be used by the server
tcp.window_size_value == 4105.
The following table depicts the state transitions of the third handshake message:
|
Sr. No. |
TCP-A (122.167.84.137) state |
Flow CTL |
TCP-B (10.0.0.221) state | ||
|
From |
To |
From |
To | ||
|
1 |
CLOSED |
CLOSED |
LISTEN | ||
|
2 |
CLOSED |
SYN_SENT |
<SEQ=3613047129><CTL=SYN> |
LISTEN | |
|
3 |
SYN_SENT |
<SEQ=2581725269><ACK=3613047130><CTL=SYN,ACK> |
LISTEN |
SYN-RECEIVED | |
|
4 |
SYN_SENT |
ESTABLISHED |
<SEQ=3613047130>><ACK=2581725270><CTL=ACK> |
SYN-RECEIVED |
ESTABLISHED |
TCP state machine when the client sends ACK