Internet Protocols – Transmission Control Protocol (TCP)
TCP Concepts
TCP is part of the transport layer (Layer 4) in the OSI model, which provides host-to-host communication services for applications. It is connection-oriented, which means that a connection needs to be established between both ends of a communication link before any data can be sent. This connection is a logical path characterized by the source and destination IP addresses and their respective port numbers. This provides for a reliable session that ensures data integrity and order.
Three-way Handshake (Establish the connection)
The process of establishing a TCP connection involves a set of messages exchanged between the client and the server known as the “three-way handshake“. Here’s how it works:
1. SYN: The client begins by sending a segment with the SYN (Synchronize Sequence Numbers) flag set. This is to initiate communication and synchronize sequence numbers.
In the following example, in frame 192, the client (192.168.3.7) sent a segment with SYN flag set to the server (106.15.192.27)
2. SYN-ACK: Upon receiving the SYN, the server responds with a segment that has both the SYN and ACK (Acknowledgment) flags set, acknowledging the receipt of the client’s SYN.
After that, in frame 193, the server (106.15.192.27) responded with a segment contained both the SYN and ACK flags set to the client (192.168.3.7).
3. ACK: Finally, the client sends an ACK back to the server. After this step, the connection is established, and data transfer can begin.
In frame 194, the client (192.168.3.7) sent a segment with ACK flag set back to the server (106.15.192.27). Lastly, the connection was established and data transfer began.
Each step in the handshake process is crucial for synchronizing the sequence numbers and acknowledgment numbers between both the client and the server.
Four-way Handshake (Terminate the connection)
The TCP four-way handshake is an essential process for the orderly termination of a TCP connection. It ensures that both ends of the connection are properly informed of the closure and that all pending data is transmitted before the connection is fully closed.
1.FIN from Initiator: The host that wants to close the connection (let’s call it Host A) initiates the process. Host A sends a TCP segment with the FIN (Finish) flag set.
2.ACK for FIN from Receiver: The other host (Host B) receives the FIN segment. Host B sends back an ACK (Acknowledgment) segment.
3.FIN from Receiver: Host B can continue to send data if needed, as its side of the connection is still open for sending. Once Host B is ready to terminate the connection, it sends a FIN segment.
4.Final ACK from Initiator: Host A receives the FIN segment from Host B. Host A sends an ACK segment in response.
After sending this final ACK, the connection is fully closed. Host A waits for a period of time (defined by the TCP protocol) to ensure the ACK is received and to handle any delayed packets (TIME_WAIT state).
The four-way handshake is crucial for preventing abrupt terminations and potential data loss, which is particularly important in reliable data transfer protocols like TCP.
TCP Reset
A TCP reset packet (RST) is sent by a device to signal that something is wrong with the connection. It is used to abruptly close a TCP connection.
The RST is a flag in the TCP header. When set, it indicates that the receiver should consider the connection invalid.
When a device receives a TCP segment with the RST flag set, it immediately aborts the connection associated with that TCP segment. Any data queued for transmission or received but not yet processed is discarded.
Below is an example where the WAP server attempts to establish trust with the ADFS server. However, the ADFS server responds by sending a segment with a Reset Flag, which immediately terminates the connection.
Unlike normal connection termination with FIN flags, which involves a graceful shutdown of the connection with acknowledgment, RST does not involve a graceful shutdown.