Question

Analyzing Network Traffic, review the following questions and respond with answers to the questions using your critical thinking and moral reasoning skills. Using the knowledge gained by performing network traffic capturing, take a TCP connection and describe the process of communication between two hosts. Make sure you do not get bogged down by the fragmentation in your analysis, although it is important to mention this. Describe the linking of the sequence number and acknowledgment, IP addresses, along with how the connection is established and terminated within the packets you capture. You will want to include either your actual packet captures, or screenshots so we all can have a point of reference (Please make sure to filter it first).

Answer 1

Ans:

TCP is a unicast connection-oriented protocol. Before either end can send data to the other, a connection must be established between them. TCP detects and repairs essentially all the data transfer problems that may be introduced by packet loss, duplication, or errors at the IP layer (or below).

TCP Connection Establishment and Termination:

Connection Establishment :

1. The active opener (normally called the client) sends a SYN segment (a TCP/IP packet with the SYN bit field turned on in the TCP header) specifying the port number of the peer to which it wants to connect and the client’s initial sequence number or ISN(c). It typically sends one or more options at this point.
2. The server responds with its own SYN segment containing its initial sequence number (ISN(s)). The server also acknowledges the client’s SYN by ACKing ISN(c) plus 1. A SYN consumes one sequence number and is retransmitted if lost.
3. The client must acknowledge this SYN from the server by ACKing ISN(s) plus 1.

These three segments complete the connection establishment.

Connection Termination:

1. The active closer sends a FIN segment specifying the current sequence number the receiver expects to see . The FIN also includes an ACK for the last data sent in the other direction .
2. The passive closer responds by ACKing value K + 1 to indicate its successful receipt of the active closer’s FIN. At this point, the application is notified that the other end of its connection has performed a close. Typically this results in the application initiating its own close operation. The passive closer then effectively becomes another active closer and sends its own FIN. The sequence number is equal to L.
3. To complete the close, the final segment contains an ACK for the last FIN. Note that if a FIN is lost, it is retransmitted until an ACK for it is received.

It is also possible for the connection to be in a half-open state, although this is not common. The half-close operation in TCP closes only a single direction of the data flow. Two half-close operations together close the entire connection.