Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: TCP 3-way and 4-way handshake

TCP 3-way and 4-way handshake 8 years 7 months ago #25848

  • SteveP
  • SteveP's Avatar
  • Offline
  • Distinguished Member
  • Posts: 161
  • Karma: 0
When a host initiates a TCP connection, I know that the initial contact has the SYN flag set, the response has both SYN and ACK flags set and the confirmation has just the ACK flag set. All further communication has just the ACK flag set (as well as sequence numbers etc.).

As far as I know, at the end of the communication, the host sends a segment with the FIN flag set and the response has the ACK flag set. The same (remote) host sends a separate segment with the FIN flag set and then the local host concludes with a segment with the ACK flag set.

I'm interested to know why, in the first (setup) situation, the second segment has both the SYN and ACK flags set but, in the second (tear down) situation, the FIN and ACK segments are sent separately. I'm sure there must be a good reason ... but it eludes me.

Thanks for your time.
The administrator has disabled public write access.

Re: TCP 3-way and 4-way handshake 8 years 7 months ago #25949

  • SteveP
  • SteveP's Avatar
  • Offline
  • Distinguished Member
  • Posts: 161
  • Karma: 0
Bump - doesn't anyone have any ideas about this?
The administrator has disabled public write access.

Re: TCP 3-way and 4-way handshake 8 years 7 months ago #25951

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Just finished sniffing an http full conversation. I can see as you said SYN being sent with a the ACK response. However, I'm seeing some FINs with ACKs and some FINs without ACKs.

My guess is, for FIN case, It seams that the designers allowed the packet that finishes (FIN) a connection to also acknowledge (ACK) another packet. But ofcourse it's not a must. However, for SYN case, it does'nt matter wether the ACK has the SYN set or unset since the connection is just beginning and SYN cannot be used for another purpose other than signifying connection acceptance. So they chose to always set SYN. Does this make any sense to you?... In fact, does it make any sense to me!! :)

I'm also not sure why it sends mulitple FINs!!? :?
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: TCP 3-way and 4-way handshake 8 years 6 months ago #25994

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
The SYN is a command for the two 'ends' of the TCP connection to SYNchronise their sequence numbers, so it always appears at the beginning of a converstaion when the connection is established. There is no need to synchronise sequence numbers at the end when the connection is being torn down
The administrator has disabled public write access.

Re: TCP 3-way and 4-way handshake 8 years 6 months ago #25996

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
The SYN is a command for the two 'ends' of the TCP connection to SYNchronise their sequence numbers, so it always appears at the beginning of a converstaion when the connection is established. There is no need to synchronise sequence numbers at the end when the connection is being torn down

Understood. And what about the ACKs TheBishop?. If I got him right, SteveP was asking about why ACKs for SYNs get the SYN set while the ACKs for FINs don't have the FINs set. Or am I missing something here?
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: TCP 3-way and 4-way handshake 8 years 6 months ago #26010

  • SteveP
  • SteveP's Avatar
  • Offline
  • Distinguished Member
  • Posts: 161
  • Karma: 0
I understand the setup process and the need for SYN and ACK flags to be set (along with sequence numbers) but I was curious to see:

During setup:
1. SYN
2. SYN/ACK
3. ACK

During tear down:
1. FIN
2. ACK
3. FIN
4. ACK

Why, during the setup, are the SYN and ACK set in the same packet being sent from one PC to the other but, during the tear down, the ACK in response to the first FIN is separate from the ACK in the next packet sent in the same direction from the same PC? Logic would say to me that the tear down 2 & 3 stages could be combined to have FIN/ACK set so it's exactly comparable with the setup.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup