WillianAPP SharingIT

Basic of 3way handshake

Written by:

Willian de Souza Oliveira

Understanding the TCP/IP protocol is crucial for those delving into computer network topics, particularly the Three-way Handshake. Essentially, when two hosts wish to exchange information (e.g., a client accessing a server), this “handshake” is initiated to formally establish the connection.

When a host initiates communication with a remote host, a socket is established, with the client host’s IP and a high port used as the source (e.g., 192.168.1.3:55002), and the remote IP plus a reserved port used as the destination (e.g., 192.168.1.1:80). Each host maintains control of its connections with other hosts. For more details, researching TCP ports and sockets is recommended.

00_2015-10-sharingit.com.br-WilliandeSouzaOliveira-3_way_handshake

The first handshake sends a synchronization request (SYN), the second confirms the initial synchronization request and synchronizes connection parameters (SYN-ACK), and the last handshake confirms to the destination that the connection has been established (ACK).

Once all data is transferred, sessions are closed, and the connection is terminated in the same formal manner as it began, with a Three-way Handshake.

01_2015-10-sharingit.com.br-WilliandeSouzaOliveira-3_way_handshake

The first “FIN” handshake is sent when the host has no more data to send, the second handshake (FIN + ACK) is sent by the remote host to confirm receiving the request and inform session termination. The third and final handshake (FIN) is sent again to the remote host to confirm termination.

Several other TCP header control fields are fundamental for understanding tcpdump, the subject of my next article. They include: ⦁ ACK – Confirmation indicator ⦁ PSH – Push function ⦁ RST – Connection terminated ⦁ SYN – Synchronize sequence numbers ⦁ FIN – No more data from the sender

03_2015-10-sharingit.com.br-WilliandeSouzaOliveira-3_way_handshake

In the example above, we observe the Three-way Handshake between two hosts, with all the mentioned flags [SYN – SYN-ACK – ACK – FIN – FIN + ACK – ACK]. The socket of ports mentioned at the beginning of the article is also visible, where host 192.168.1.222:49566 initiates the Three-way handshake with remote host 192.168.1.150:80.

In the next article, I will introduce Tcpdump, an essential network sniffer for troubleshooting.

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Articles

Previous:
Next: