TCP 3_Handshake_Processx - FTP Directory Listing

screechingagendaΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

83 εμφανίσεις

TCP 3
-
Way Handshake (SYN,SYN
-
ACK,ACK)

The
TCP

three
-
way handshake in
Transmission Control Protocol

(also called the three message
handshake) is the method used to establish
TCP

socket connections and tear down
TCP

socket
connections over the network. TCP's three way handshaking technique is referred to as the 3
-
way
handshake or as "SYN
-
SYN
-
ACK" (or more accurately SYN, SYN
-
ACK, ACK). The
TCP

handshaking mechanism is designed so that two
computers

attempting to communicate can
negotiate the parameters of the
network

TCP

socket connection before beginning
communication. This three way handshaking process is also designed so that both ends can
initiate and

negotiate separate
TCP

socket connections at the same time. Being able to negotiate
multiple TCP socket connections in both directions at the same time allows a single physical
network

interface (such as
ethernet
) to be multiplexed.

3
-
Way Handshake Description

Below is a (very) simplified description of the
TCP

3
-
way handshake process. Have a look at the
diagram on the right as you examine the list of events on the left.

EVENT

DIAGRAM

Host A

sends

a TCP
SYN
chronize packet to Host B

Host B receives A's
SYN

Host B

sends

a
SYN
chronize
-
ACK
nowledgement

Host A receives B's
SYN
-
ACK

Host A

sends

ACK
nowledge

Host B receives
ACK
.

TCP socket connection is
ESTABLISHED
.


TCP Three Way Handshake

(SYN,SYN
-
ACK,ACK)

SYN
chronize and
ACK
nowledge messages are indicated by a bit inside the header of the
TCP

segment
.

TCP

knows whether the
network

TCP

socket connection is opening, synchronizing, established
by using the
SYN
chronize and
ACK
nowledge messages when establishing a
network

TCP

socket connection.

When the communication between two
computers

ends, another 3
-
way communication is
performed to tear down the
TCP

socket connection. This setup and teardown of a
TCP

socket
connection is part of what qualifies
TCP

a
reliable

protocol
. TCP also acknowledges that data is
successfully received and guarantees the data is reassenbled in the correct order.

No
te that
UDP

is connectionless. That means
UDP

doesn't establish connections as
TCP

does, so
UDP

does not perform this 3
-
way handshake and for this reason, it is referred to as an unre
liable
protocol.

Protocols Encapsulated in TCP

Note that
FTP
,
Telnet
,
HTTP
,
HTTPS
,
SMTP
,
POP3
,
IMAP
,
SSH

and any other protocol t
hat
rides over
TCP

also has a three way handshake performed as connection is opened.
HTTP

web
requests,
SMTP

emails,
FTP

file transfers all manage the messages they each send. TCP handles
th
e transmission of those messages.

TCP

'rides' on top of
Internet Protocol (IP)

in the protocol stack, w
hich is why the combined pair
of Internet protocols is called
TCP
/
IP

(
TCP

over IP).
TCP

segments are passed
inside

the
payload section of the
IP

packets.
IP

handles
IP addressing

and
routing

and gets the packets from
one place to another, but
TCP

manages the actual communication sockets between endpoints
(
computers

at either end of the
network

or
internet

connection).



Denial of Service Attack

Then Buy.com, on the day the discount e
-
tailer

went public. One by one, leading sites on the
Web have been brought to their knees by so
-
called denial of service attacks. Such attacks flood a
Web server with false requests for information, overwhelming the system and ultimately
crashing it. The followi
ng graphics explain how such attacks work and how companies can
possibly prevent them.



How a "denial of service" attack works


In a typical connection, the user sends a message asking the server to authenticate it. The server
returns the authentication
approval to the user. The user acknowledges this approval and then is
allowed onto the server.

In a denial of service attack, the user sends several authentication requests to the server, filling it
up. All requests have false return addresses, so the ser
ver can't find the user when it tries to send
the authentication approval. The server waits, sometimes more than a minute, before closing the
connection. When it does close the connection, the attacker sends a new batch of forged requests,
and the process
begins again
--
tying up the service indefinitely.

Typical connection


"Denial of service" attack



How to block a "denial of service" attack

One of the more common methods of blocking a "denial of service" attack is to set up a filter, or
"sniffer," on a network before a stream of information reaches a site's Web servers. The filter can
look for attacks by noticing patterns or identifiers conta
ined in the information. If a pattern
comes in frequently, the filter can be instructed to block messages containing that pattern,
protecting the Web servers from having their lines tied up.