3 Way Handshake - TCP

 TCP 3-way handshake

tcp 3 way handshake real life example

Intro

 When a connection between a client and server is established via the TCP protocol, it uses a mechanism that helps in creating a secure and reliable connection between client and server. And we call it 3 way handshake. it is a necessary component of data transfer or connection between the client and server, first, a handshake will be done between the client and server, and then it proceeds with the creation of the connection.

TCP 3-way handshake does a lot of things in just 3 packets, and here are the thing that happens.

  •  Initiation of the connection.
  • discussing the parameter that will be used to transfer data, such as MTU and MSS [We will discuss more in depth]
  • Agreement on the connection and starting the data transfer.

Packets that come in the TCP 3-way handshake

TCP 3-way handshake starts with 3 packets: syn, syn-ack, and ack.

Syn - Usually sent by the sender to initiate the connection with the server. Basically, this packet contains all the parameters that the sender or client can use for the connection. You can find a lot of information in this packet, such as 

The sequence number: Basically sender tells the receiver that start counting packets from this number. In Wireshark, you don't need to worry about this, as Wireshark has a concept of relative and raw numbers, which will automatically start from 0 for every new connection.

window size: This advertises how much data the sender can receive.

Window Scale: Used when the window size must exceed 65535 bytes.

MSS : This determines the maximum data size per TCP segment.

Note: MYU doesn't come in a Syn packet; it contains the MSS, which we can use to find the MSS using the following equation

MSS = MTU – 40 bytes (20 bytes IP header + 20 bytes TCP header)

 

Syn-ACK: This packet is sent by the server. In short, it replies to the syn packet, it checks the parameters that are sent in the syn packet, and if the server is compatible with the parameters, then it will send a syn-ack packet with the parameters that the server wants to use. It will also contain the same parameters as syn packets.

Ack: Client will again send a packet based on the packet sent by the server, and if the client agrees to work on the parameter sent by the server, then again it will send an ack packet and after this the connection will be established.

Wireshark in Action

Now, let's see the same thing in Wireshark.

Syn



You can also check in your system, you just need to start Wireshark and try to access website. In my example, I am using: www.google.com. You can navigate to Transmission Control Protocol, and there you can see all the information that SYN is sending.

There is a lot of information we can see, but I will only highlight some of it that is important and can be used for troubleshooting. So in this diagram, we can see the following things.

Syn-Ack :

Here, we will see the server parameters that can be used for the connection.


}

  • Here flag will syn and ack will set to 1 and the rest will be set to 0.
  • Sequence number and acknowledgement number.
  • window size and calculated window size.
  • MSS: here, you can see a different value [1412] from the syn packet[1460].The 

Ack packet

Here you will find all the clients agreeing on all the parameters that are going to be used in this connection.

Wireshark commands that you can use to find these packets.

tcp.flags.syn ==1: to find all the syn packets in the Wireshark.

tcp.flags.syn == 1 && tcp.flags.ack == 1: to find the syn-ack

tcp.flags.ack == 1 && tcp.flags.syn == 0: to find ack packets


I hope you learned something new. If you like it, please drop a comment and let me know the topic I should write next.


 


Post a Comment

0 Comments