TCP Handshakes
TCP Handshakes explained
 |
| Image taken from page 446 of Casey, E. (2009). Handbook of digital forensics and investigation. Academic Press. |
What is a TCP handshake? A TCP (Transfer Control Protocol) handshake involves two parties, the client and server and is done to establish a connection
How does it occur?
- the client informs the server that it wants to initiate a connection and does so by sending a packet known as a SYNchronised packet containing the special SYN bit. A sequence number is also included, which will be in each packet following the SYN. This is so that the server can maintain order even when packets are not received in their proper order
2) When ready to communicate, the server will respond with a packet containing the SYN bit and will an ACKnowledgement bit. The response also contains a sequence number so the client can receive in order. On top, a ACK bit will be sent, informing the client of the next expected packet
3) Once this has been received the client can begin sending data to the server; this is called the flow. The client will proceed to send however many messages is necessary to convey it’s message
4) Once finished, the virtual-circuit will be closed by sending a FIN
Important note: Flows are unidirectional- meaning they don’t go both ways. TCP protocols are bidirectional, meaning they do go both ways. As such, the TCP connection allows data to be send BOTH ways. It does so by containing two flows, one from client to server and one from server to client.
From this you should be able to explain:
- The client and server
- what a SYN is
- what an ACK is
- what a FIN is
- Flow
- the TCP protocol handshake
Please try to answer the above based on what you have just read.
Comments
Post a Comment