Sequencing and acknowledging data

Because TCP is a connection-oriented protocol, the operating system keeps track of every byte (or octet) of data. Each byte is sequenced and, once received, is acknowledged. The following are the fields that help provide a snapshot of the data that's exchanged during a TCP connection:

  • Sequence number 32-bit: The three-way handshake starts the sequencing. The Synchronization (SYN) packets found in the first two packets of the three-way handshake are responsible for synchronizing the sequence numbers that are used during the connection.
    For example, as shown in the following screenshot, a client sends a SYN packet to the server with a sequence number of 100.
    The server responds by sending a Synchronization Acknowledgement (SYN, ACK) with a sequence number of 300 and an ACK of 101. The client sends a final ACK with a sequence number of 301 and an ACK of 101:

The three-way handshake

After the handshake, the data flow begins. In frame 5, we can see Sequence number: 1 (relative sequence number). Relative sequence numbers are generated by Wireshark, mainly because the actual sequence number is very large. The relative sequence number is easy to understand and represents a value in relation to this conversation.

Without using a relative sequence number, the absolute sequence number is Sequence number: 3344080265, as shown in the following screenshot:

 Absolute sequence numbers

If you would like to use relative rather than actual sequence numbers, right-click on anywhere in the TCP header, select Protocol Preferences, and then select Relative Sequence Numbers, as shown in the following screenshot:

 Protocol preferences—relative sequence numbers

This will adjust the sequence numbers to a more understandable value. To see the use of relative sequence numbers, refer to the figure TCP header, where you will see Sequence number 1.

  • Next sequence number: The value is in brackets as it is calculated. Wireshark adds the current sequence number to the TCP segment length to get the next sequence number.
  • Acknowledgment number 32-bit: During data transfer, the operating system keeps track of all bytes and reordering by using the sequence numbers. Every time the TCP receives data, the receiving host acknowledges that the data was received and that they are ready to accept more, starting with the next expected byte.
    The process occurs concurrent to the server sending data. As a result, it is called an expectational acknowledgment. As shown in the following diagram, the client sends an ACK to the server stating that they have received 524 bytes of data and they are ready for more, starting with 525:

Acknowledging the data
  • Offset: The line right after the Acknowledgement number is 1000. This line is the data offset field, which indicates the length of the TCP header. After the TCP header, the data begins. In this case, the offset value is 32 bytes. The following diagram shows how this value is calculated:

Offset value calculation
  • The size of a fixed TCP header field is 20 bytes. However, many times in today's networks, the TCP header has additional options, so the value is not always consistent.

While keeping track of the data exchange, another important element in the TCP header is the use of flags, as discussed in the next section.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.134.78.106