logo
+44 20 3695 6722+1 (646) 491-62-59
Request protection
Client Portal
DDoS protection
CDN
WAF
VDS/VPS
How it works
For partners
About company

TCP handshake

Categories
All articles
Attack
Protocol
Term
Command

To begin with, it is worth explaining what TCP (Transmission Control Protocol) is - it is a protocol that controls the transmission of data. TCP is almost always used on top of IP to ensure reliable packet transmission, so this stack of protocols is often called TCP/IP. According to the OSI model, it operates at the 4th level, which is also called transport.

To establish a reliable connection, TCP uses a process called the “three-way handshake”. The established connection will be full-duplex, that is, both channels can transmit information simultaneously, and they also synchronize (SYN) and acknowledge (ACK) with each other. The exchange is performed as follows:

1) The client sends a segment with the SYN flag set. In this case, an arbitrary sequence number is assigned to the segment in the range from 1 to 232 (the so-called initial sequence number), relative to which the sequence of segments in the connection will be further counted.

2) The server receives the request and sends a response segment with the SYN+ACK flags set simultaneously, while writing the received sequence number increased by 1 in the "acknowledgment number" field (which confirms the receipt of the first segment), and also sets its own sequence number, which, as in the SYN segment, is selected arbitrarily.

3) After the client receives a segment with SYN+ACK flags, the connection is considered established, the client, in turn, sends in response a segment with the ACK flag, updated sequence numbers, and does not contain a payload.

4) Data transfer begins.

During the data transfer, the client and the server exchange segments with the ACK or PSH+ASK flags set, alternately confirming the number of packets received by increasing the sequence number and acknowledgment number.

Steps 1, 2 determine the connection parameter (serial number) for one direction and confirm it. Steps 2, 3 determine the connection parameter for the other direction and also confirm it. With their help, a full-duplex connection is established.

Interestingly, the initial SYN parameters are selected randomly when establishing connections between the client and the server.

In conclusion, it should be added that checking the sequence numbers of incoming packets and the principles used in a 3-way handshake allow you to implement the simplest methods of filtering DDoS attacks.

We use cookies to make the site faster and more user-friendly. By continuing to use the site you agree to our Privacy Policy
logo footer
+44 20 3695 6722+1 (646) 491-62-59
sales@stormwall.network
facebookinstagramlinkedIntwitter
facebookinstagramlinkedIntwitter
DDoS protectionWebsite protectionSecure hostingSecuring TCP / UDP ServicesNetwork protection (BGP)IP transit
CDN & WAFContent Delivery Network (CDN)Cloud WAF
Servers and VPSVDS/VPS
How it worksHow StormWall worksTechnologiesInstructionsAPIKnowledge base
For partnersFor resellers and service providersWhite LabelBring a friend
CompanyWhy StormWallWe protectedBlogPressAbout StormWall
Payment methodsvisamastercardpaypalapplepaygpayapplepay
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© 2013-2024 StormWall.network. All rights reservedPrivacy Policy