TCP Handshake – A Wireshark Review
The TCP 3-way handshake is a foundational concept for the internet – setting up a reliable TCP connection between clients and servers. Another protocol for clients and servers to communicate is UDP, of course, but here we’ll highlight the TCP connection.
So, how do we setup a TCP connection? The TCP handshake table shows, in order, what the client and server send to one another to open up a connection.
[By default, Wireshark converts all sequence and acknowledgement numbers into relative numbers. This means that all SEQ and ACK numbers always start at 0 for the first packet seen in each conversation.]
A great way to see it in action is to visualize it through Wireshark.
Since this is the start of the TCP connection, the client sends a TCP packet with the sequence number set to 0. We can see this by looking at the wireshark file in the listing of capture packets and see that the first TCP packet sent from the client to the server includes SYN seq=0 in the Info field. Please see highlight within the red circle. We can also inspect the details section and see that “Sequence number: 0” and expand the “Flags” field in the details section to also see that the Syn bit is “Set”.
NOTE: I am hiding the public IP addresses used for the server.
In the packet listing field, we see the server respond with a SYN-ACK message with Seq=0 and Ack=1. The sequence adn acks numbers are related between the client and server. So, for the TCP handshake example, if the client sends a seq=0, the server responds with ack=1. The packet is identified as a SYN-ACK packet by looking at the packet listing field and also by looking at the packet details field, highlighted in red below.
Finally, we can see the client that initiated the TCP session sends an acklowledgement to complete the 3-way handshake. (Reminder that the Syn bit is not set). Note that the syn=1 and ack=1, because the TCP-Syn from the server sent a seq=0 and ack=1 in the TCP Syn-Ack (from above).
With that, the TCP 3-way handshake is complete, the connection is established, and the client and server are ready to exchange data.
Leave a Reply