First page Back Continue Last page Summary Graphics
TCP Connection Establishment
3-Way Handshake
Notes:
As an illustration, a common TCP connection example is going to a web site through your Netscape browser (i.e. connecting to a web server). This section illustrates the aspects of connection establishment and ongoing communication that will be relevant to IP packet filtering.
What happens? A web server is running on a machine somewhere, waiting for a connection request on TCP service port 80. You click on the link for a URL in Netscape. Part of the URL is parsed into a host name; the host name is translated into the web servers IP address; and your browser is assigned an unprivileged port (e.g. 14000) for the connection. An HTTP message for the web server is constructed. It's encapsulated in a TCP message, wrapped in an IP packet header, and sent out.
When the client program sends its first connection request message, the SYN flag is accompanied by a synchronization sequence number. The client is requesting a connection with the server, and passes along a starting sequence number it will use as the starting point to number all the rest of the messages the client will send.
The packet is received at the server machine. It's sent to service port 80. The server is listening to port 80, so it's notified of an incoming connection request (the SYN connection synchronization request flag) from the source IP address and port socket pair (<your IP address>, 14000). The server allocates a new socket on it's end, (<web server IP address>, 80), and associates it with the client socket.
The web server responds with an acknowledgement (ACK) to the SYN message, along with its own synchronization request (SYN). Now the connection is half-open.