Skip to main content

TCP 3-way and 4-way handshake

More
16 years 8 months ago #25848 by SteveP
When a host initiates a TCP connection, I know that the initial contact has the SYN flag set, the response has both SYN and ACK flags set and the confirmation has just the ACK flag set. All further communication has just the ACK flag set (as well as sequence numbers etc.).

As far as I know, at the end of the communication, the host sends a segment with the FIN flag set and the response has the ACK flag set. The same (remote) host sends a separate segment with the FIN flag set and then the local host concludes with a segment with the ACK flag set.

I'm interested to know why, in the first (setup) situation, the second segment has both the SYN and ACK flags set but, in the second (tear down) situation, the FIN and ACK segments are sent separately. I'm sure there must be a good reason ... but it eludes me.

Thanks for your time.
More
16 years 7 months ago #25949 by SteveP
Bump - doesn't anyone have any ideas about this?
More
16 years 7 months ago #25951 by S0lo
Just finished sniffing an http full conversation. I can see as you said SYN being sent with a the ACK response. However, I'm seeing some FINs with ACKs and some FINs without ACKs.

My guess is, for FIN case, It seams that the designers allowed the packet that finishes (FIN) a connection to also acknowledge (ACK) another packet. But ofcourse it's not a must. However, for SYN case, it does'nt matter wether the ACK has the SYN set or unset since the connection is just beginning and SYN cannot be used for another purpose other than signifying connection acceptance. So they chose to always set SYN. Does this make any sense to you?... In fact, does it make any sense to me!! :)

I'm also not sure why it sends mulitple FINs!!? :?

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
16 years 7 months ago #25994 by TheBishop
The SYN is a command for the two 'ends' of the TCP connection to SYNchronise their sequence numbers, so it always appears at the beginning of a converstaion when the connection is established. There is no need to synchronise sequence numbers at the end when the connection is being torn down
More
16 years 7 months ago #25996 by S0lo

The SYN is a command for the two 'ends' of the TCP connection to SYNchronise their sequence numbers, so it always appears at the beginning of a converstaion when the connection is established. There is no need to synchronise sequence numbers at the end when the connection is being torn down


Understood. And what about the ACKs TheBishop?. If I got him right, SteveP was asking about why ACKs for SYNs get the SYN set while the ACKs for FINs don't have the FINs set. Or am I missing something here?

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
16 years 7 months ago #26010 by SteveP
I understand the setup process and the need for SYN and ACK flags to be set (along with sequence numbers) but I was curious to see:

During setup:
1. SYN
2. SYN/ACK
3. ACK

During tear down:
1. FIN
2. ACK
3. FIN
4. ACK

Why, during the setup, are the SYN and ACK set in the same packet being sent from one PC to the other but, during the tear down, the ACK in response to the first FIN is separate from the ACK in the next packet sent in the same direction from the same PC? Logic would say to me that the tear down 2 & 3 stages could be combined to have FIN/ACK set so it's exactly comparable with the setup.
Time to create page: 0.132 seconds