TCP Flags: Their use and abuse. - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: TCP Flags: Their use and abuse.

  1. #11
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Computer A sends a SYN packet to establish the connection. The SYN stands for synchronize (and refers to sequence numbers).

    Computer B receives the SYN packet, and sends a SYN/ACK back to A: Syn to synchronize, and ACK to acknowledge the receiving of A's SYN packet.

    Computer A receives this SYN/ACK, and sends an ACK back to B to acknowledge the receiving of B's SYN/ACK packet. At that point, the connection is said to be open. So yes, the second ACK is just an ack of an ack.

  2. #12
    Senior Member
    Join Date
    Nov 2002
    Posts
    339
    TCP A picks an initial sequence number (A_SEQ) and sends a segment to B containing: SYN_FLAG=1, ACK_FLAG=0, and SEQ=A_SEQ.
    When TCP B receives the SYN, it chooses its initial sequence number (B_SEQ) and sends a TCP segment to A containing: ACK=(A_SEQ+1), ACK_BIT=1, SEQ=B_SEQ, SYN_FLAG=1.
    When A receives B's response, it acknowledges B's choice of an initial sequence number by sending a dataless third segment containing: SYN_FLAG=0, ACK=(B_SEQ+1), ACK_BIT=1, SEQ=A_SEQ+1(data length = 0).
    Data transfer may now begin.

    How was that for a explination? HA! :P
    Seriously though...
    SYN= Hey ACK I wanna send some data
    SYN/ACK= Hey SYN I hear ya, I am ready for your data.
    SYN= Alright cool, here it comes.

    Thats pretty much it, after the final SYN packet is sent then data can be sent. That clear it up for you?
    Don\'t be a bitch! Use Slackware.

  3. #13
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Angelic, tcp communication is a TWO-WAY communication. Due to that, we need 3 packets to establish communication on both directions.
    at first time, both connections are closed
    A SYN ----> B
    B SYN/ACK ---> A (A changes his connection status to OPEN on receive)
    A --> B (B changes his connection to OPEN on receive)
    now we have two connections:
    A--->B
    B--->A
    at end we need to close BOTH connections to end conversation.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #14
    Yes, thanks guys. Heh heh, I have pages upon pages of printed off AO tutorials scattered about the desk at the moment. I think I get it, but let me pose this:

    Neg's and hatebreed's answers seem to differ a little. Look at Neg's post above then Neg's tutorial here.

    Conection oriented meaning there's a guarantee on data exchange via Acks: T(x) sends a SYNchronous Sequence Number to R(x). R(x) responds with a SYN ACK(nowledge). T(x) responds with an ACK to R(x), along with the first data --> Three-way handshake.
    So here, it's explained as:
    SYN
    SYN/ACK
    ACK

    But then, going by hatebreed's post:

    SYN= Hey ACK I wanna send some data
    SYN/ACK= Hey SYN I hear ya, I am ready for your data.
    SYN= Alright cool, here it comes.
    So...what accounts for this difference in answers?
    Neg: SYN, SYN/ACK, ACK
    HB: SYN, SYN/ACK, SYN

    Sorry for the hair-splitting, just want to make sure I have a GOOD grasp of this.

  5. #15
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    SYN
    SYN/ACK
    ACK
    RFC793
    The synchronization requires each side to send it's own initial
    sequence number and to receive a confirmation of it in acknowledgment
    from the other side. Each side must also receive the other side's
    initial sequence number and send a confirming acknowledgment.

    1) A --> B SYN my sequence number is X
    2) A <-- B ACK your sequence number is X
    3) A <-- B SYN my sequence number is Y
    4) A --> B ACK your sequence number is Y

  6. #16
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Neg gets the prize...... Oh, he already has her....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #17
    Great, perfect. Thanks for enduring my picky questions here. I'm definately getting it though.

    So, moving on from that -- ICMP. From here, ICMP is within TCP/IP and is acting as a control factor, checking for and reporting errors among transmissions, correct? Does that mean it works on the Transport Layer, since that level is for flow control and error checking?

  8. #18
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    ICMP uses IP, therefore is Network Layer. The flow control et all is handled by TCP itself on the Transport Layer, using the IP protocol.

    Layer 4 - Transport - TCP (<-- 3-way handshake; performs flow control, buffering,... connection-oriented) - UDP (connection-less)
    Layer 3 - Network - IP (in the TCP/IP-model this is the Internet-layer) - ICMP

  9. #19
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    "TCP/IP" is a protocol "suite".
    IP acts on network layer
    TCP and UDP acts on transport layer
    ICMP acts on network layer too, but uses IP to "carry" its information (in fact, all protocols on suite use IP)
    They are some protocols, among others, of the large TCP/IP "family".
    sometimes tcp/ip layers dont fit "exactly" on OSI layers, so we have odd things on TCP/IP (if looking at it from OSI persective)
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  10. #20
    Senior Member
    Join Date
    Nov 2002
    Posts
    339
    The Internet Control Message Protocol (ICMP) protocol is a example of a client server application. ICMP executes on all IP end system computers and all IP intermediate systems (i.e routers). The protocol is used to report problems with delivery of IP datagrams within an IP network. It can be used to show when a particular end system is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc. The most basic form of data of ICMP is the ECHO request and the ECHO reply.Each message may contain some optional data. When data are sent by a server, the server returns the data in the reply which is generated. ICMP packets are encapsulated in IP for transmission across an internet.
    It is the responsibility of the network layer (IP) protocol to ensure that the ICMP message is sent to the correct destination. This is achieved by setting the destination address of the IP packet. The source address is set to the address of the computer generating the ICMP request and the IP protocol type is set to ICMP to indicate that the packet is to be handled by the remote end system's ICMP server program. The ping application is a perfect exacmple of this.


    Heh, took me a few minutes to get this typed up. Didn't know people would have replied so quick.
    Don\'t be a bitch! Use Slackware.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides