TCP and TCP Handshake

Table of Contents

What is TCP?

https://en.wikipedia.org/wiki/Transmission_Control_Protocol

TCP is a connection oriented protocol that works on the IP layer and offers a transmission environment to its users (HTTP, SMTP, etc.), that is, two parties initiate the connection and observe each other’s health. TCP connection between two parties is established by a process called 3-Way Handshake.

TCP Handshake

The TCP handshake is a three-step process (SYN, SYN-ACK, ACK) used by the Transmission Control Protocol (TCP) to establish a reliable connection between a client and a server before data can be exchanged. It synchronizes initial sequence numbers and confirms that both the client and server are ready to communicate, ensuring data is ordered correctly and reliably sent.

The Three Steps

  1. SYN (Synchronize): The client initiates the process by sending a segment with the SYN flag set to the server. This segment includes a randomly chosen initial sequence number (ISN) to mark the beginning of the client’s data stream.
  2. SYN-ACK (Synchronize-Acknowledge): The server receives the SYN segment and responds with a segment that has both the SYN and ACK flags set. It increments the client’s sequence number to create an acknowledgment number and sets its own random sequence number. This acknowledges the client’s request and signals the server’s readiness to connect.
  3. ACK (Acknowledge): The client receives the SYN-ACK segment and sends a final ACK segment to the server. This segment acknowledges the server’s SYN-ACK, completing the handshake and confirming that the connection is established.

Purpose of the Handshake

  1. Reliability: Establishes a stable, connection-oriented link for reliable data transfer, ensuring that segments are received and in the correct order.
  2. Synchronization: Both the client and server agree on an initial sequence number, which is crucial for tracking and reassembling data segments during the communication.
  3. Resource Allocation: Confirms the server has the resources and capacity to accept the connection before any significant data transfer begins.

What are sequence and acknowledgment numbers?

In TCP, a connection is a two-way stream of data, and each side manages its own sequence numbers for the data it sends and acknowledges the data it receives from the other side.

  1. Sequence number (SEQ): The sequence number in a TCP header indicates the position in the data stream of the very first byte of data in that segment.
  2. Acknowledgment number (ACK): The acknowledgment number tells the other side the sequence number of the next byte of data the receiver expects to receive. The receiver acknowledges all bytes up to, but not including, the ACK number.

Sequence number wraparound

In the TCP protocol, a sequence number is never less than the next expected (or “call”) sequence number, except when it wraps around the maximum value. The sequence number is a 32-bit counter that identifies each byte of data sent, and it must be managed carefully to ensure reliable, ordered delivery.

  1. Because the sequence number is a 32-bit field, its value can only go up to 2^32 - 1. When it reaches this maximum, it wraps around and starts over at 0. In this specific case, a sequence number may appear to be less than a previously sent number.
  2. For example, if a connection is transferring a very large amount of data:
  3. The sender transmits a segment with a high sequence number, such as 4,294,967,290.
  4. The sender then transmits a subsequent segment with a sequence number of 4,294,967,295, which is the maximum value.
  5. The next segment sent will have a sequence number that has “wrapped around” back to a low value, like 0 or 1, which appears smaller than the previous segments.
  6. This will lead to an exception

How is wraparound handled?

TCP is designed to handle this phenomenon by using modulo arithmetic for its sequence number comparisons. As long as the Maximum Segment Lifetime (MSL)—the maximum time a packet can exist on the internet—is shorter than the time it takes for the sequence numbers to wrap, there is no confusion. For modern, high-speed networks, the time to wrap around may be very short, so additional mechanisms were added:

• PAWS (Protection Against Wrapped Sequence Numbers): This mechanism uses a TCP timestamp option to help distinguish between new packets and old, duplicate packets with the same sequence number after a wraparound. [9, 15]

What about retransmissions and out-of-order packets?

When a receiver gets an out-of-order segment with a sequence number that’s lower than what is expected (excluding wraparound), it is treated as a problem and likely dropped. Retransmitted segments keep their original sequence number, which might appear out of order if a newer segment has already been received, but the receiver’s state machine handles this correctly by using the sequence numbers to reassemble the data stream in the proper order. [4, 16, 17, 18, 19]

Reading material

  1. TCP Sequence Number https://stackoverflow.com/questions/10452855/tcp-sequence-number
  2. https://www.quora.com/When-a-host-sends-a-TCP-segment-with-size-zero-what-is-the-impact-of-this-segment-on-the-sequence-number-of-the-next-packet-sent-by-this-host
  3. https://www.cs.miami.edu/~burt/learning/Csc524.032/notes/tcp_nutshell.html
  4. https://superuser.com/questions/966212/does-the-sequence-number-of-tcp-packet-headers-wrap-around
  5. https://en.wikipedia.org/wiki/Transmission_Control_Protocol
  6. https://www.ibm.com/docs/en/zos-basic-skills?topic=4-transmission-control-protocol-tcp
  7. https://www.ibm.com/docs/en/zos-basic-skills?topic=4-transmission-control-protocol-tcp
  8. https://cs.stanford.edu/people/eroberts/courses/soco/projects/1999-00/internet/tcp.html
  9. https://www.linkedin.com/pulse/against-syn-flood-attack-giovanni-iavarone-gknif
  10. https://superuser.com/questions/966212/does-the-sequence-number-of-tcp-packet-headers-wrap-around
  11. https://www.geeksforgeeks.org/computer-networks/wrap-around-concept-and-tcp-sequence-number/
  12. https://www.linkedin.com/advice/0/what-security-risks-using-tcp-selective-acknowledgments-lgaxc
  13. https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20010301-ios-tcp-isn-random.html
  14. https://jumpcloud.com/it-index/what-is-an-acknowledgment-number
  15. https://www.vaia.com/en-us/textbooks/computer-science/computer-networks-a-systems-approach-3-edition/chapter-5/problem-8-the-sequence-number-field-in-the-tcp-header-is-32-/
  16. https://ylioo.com/networking/tcp/seq_num/
  17. https://stackoverflow.com/questions/50828062/quickfixj-initiator-disconnecting-due-to-low-seqnum-too-low
  18. https://stackoverflow.com/questions/43074286/tcp-sequence-number-smaller-than-initial-sequence-number-the-one-received-in-tc
  19. https://obkio.com/blog/what-is-packet-reordering/
  20. https://xillybus.com/tutorials/usb-superspeed-packets-traffic-components

Links to this note