TCP 3-Way Handshake Process
Transmission Control Protocol
Transmission Control Protocol (TCP) is a connection-oriented, end-to-end reliable protocol. This enables application programs and devices to exchange messages over a network. It is designed to send packets across the internet and ensure the successful delivery of data and messages over networks.
TCP Header Format
The TCP header is the first 20 bytes of a TCP segment that contains the parameters and state of an end-to-end TCP socket. The TCP header carries several information fields, including the source and destination addresses.
Lets walk through all these fields.
Source port — 16 Bit number which identifies the source port number (sender’s TCP port).
Destination port — 16 Bit number which identifies the destination port number (receiver’s TCP port).
Sequence number — The sequence number is a 32 bit field that indicates how much data is sent during the TCP session.When you establish a new TCP connection, then the initial sequence number is a random value.
Acknowledgment Number — This 32 Bit field is used by the receiver to request the next TCP segment. If the ACK control bit is set this field contains the value of the next sequence number the sender of the segment is expecting to receive. Once a connection is established this is always sent.
Data offset — 4 Bit field which shows the number of 32 Bit words in the header. Also known as the Header length.
Reserved data — This 6 Bit reserved for future use and always set to zero.
Control bit Flags — TCP uses 9 Bit control flags to manage data flow in specific situations, such as to establish connections, send data and terminate connections.
- URG: Urgent pointer field significant. When this bit is set, the data should be treated as priority over other data.
- ACK: Acknowledgment field significant
- PSH: Push Function. Using this flag, TCP allows a sender to specify that the data must be transferred immediately and that we won’t wait until the entire TCP segment.
- RST: Reset the connection. This is only used when there are unrecoverable errors.
- SYN: Synchronize sequence numbers.This flag is used to set the initial sequence number.
- FIN: This finish bit is used to end the TCP connection.Because TCP is a fully duplex connection, so both parties will have to use the FIN bit to end the connection.
Window — The 16 bit window field specifies how many bytes the receiver is willing to receive.
Checksum — The 16-bit checksum field is used for error-checking of the header and data.
Urgent Pointer — If URG control flag is set, this value indicates an offset from the sequence number, indicating the last urgent data byte.
Options — this field is optional and can be anywhere between 0 and 320 Bits.
TCP 3-Way Handshake
In the establishment of a TCP connection between a client and a server, a TCP three-way handshake process is performed.
- The client sends a SYN (synchronize) packet to the server, which has a random sequence number. (Protocol analyzers like wireshark will often use a relative sequence number of 0 since it’s easier to read than some high random number.)
- The server sends back a SYN-ACK packet, containing a random sequence number and an ACK number acknowledging the client’s sequence number.
- The client sends an ACK number to the server, acknowledging the server’s sequence number.
- The sequence numbers on both ends are synchronized. Both ends can now send and receive data independently
Let’s monitor this 3-way handshake using Wireshark. Let’s take a scenario. when a client connects to the server. The server will send a message to the client saying “hello client” and disconnect the connection.
Here I wrote Node.js code to create a server and a client.
Now we have to start our server and connect the client. Let’s see what happens using Wireshark.
- The client sends a SYN packet to the server
As you can see, SYN flag is set.
2. The server sends back a SYN-ACK packet, containing a sequence number and an ACK number.
3. The client sends an ACK number to the server, acknowledging the server’s sequence number.
The sequence numbers on both ends are synchronized so that client and server can now send and receive data independently.
4. Because both ends are connected now, the server sends a message to the client saying “hello client”.
5. The client sends an ACK number to the server, acknowledging the server’s message. Last ACK number is 1 and length is 12 so that ACK number will be 12+1=13.
6. Now the message transaction is complete, so the connection has to terminate. Now server send a message to the client.
As you can see, the FIN flag is set to 1. That means the server is asking the client to terminate the connection.
7. The client sends an ACK number to the server, acknowledging the server’s FIN request.
8. TCP is a fully duplex connection; because of that, the client also sends a message to the server to close the connection.
9. The Server sends an ACK number to the client, acknowledging the client’s FIN request.
Now the TCP connection is terminated.
References
Hsu, F.-H. et al. (2016) “TRAP: A Three-Way handshake server for TCP connection establishment,” Applied sciences (Basel, Switzerland), 6(11), p. 358. doi: 10.3390/app6110358.
