 Hello and welcome to the session on identifies the phases of TCP connections. At the end of the session, students will be able to uniquely identify the phases in TCP connections. TCP is connection oriented. A connection oriented transport protocol establishes a virtual path between the source and destination. All of the segments belonging to a message are then sent over this virtual path. Using a single virtual pathway for the entire message facilitates the acknowledgement process as well as the retransmission of damaged or lost frames. However, you may wonder how TCP which uses the services of IP, a connectionless protocol can be connection oriented. Usually the reason is that the TCP is virtual, not physical. TCP operates at a higher level. If a segment arrives out of order, TCP holds it until the missing segments arrive. IP is unaware of this reordering. In TCP, connection oriented transmission requires three phases. Connection establishment, data transfer and connection termination. Connection establishment using three-way handshaking. TCP transmits data in full duplex mode. When two TCPs in two machines are connected, they are able to send segments to each other simultaneously. This implies that each party must initialize communication and get approval from the other party before any data are transferred. The connection establishment in TCP is called three-way handshaking. In this example, an application program called the client wants to make a connection with another application program called the server using TCP as the transport layer protocol. The process starts with the server. The server program tells its TCP that it is ready to accept a connection. This request is called a passive open. However, the server TCP is ready to accept a connection from any machine in the world. It cannot make the connection itself. The client program issues a request for an active open. A client that wishes to connect to an open server tells its TCP to connect to a particular server. TCP can now start the three-way handshaking process. To show the process, we use here the timelines. Each segment has values for all its header fields and perhaps for some of its option fields. However, it shows only the few fields necessary to understand each phases. Here shown the sequence number, the acknowledgement number, the control flags, only those that are set and window size. The steps in this phase are first step. The client sends the first segment, a SYN segment, SYN segment in which only the SYN flag is set. This segment is for synchronization of sequence numbers. The client in this example chooses a random number as the first sequence number and sends this number to the server. This sequence number is called the initial sequence number ISN. Note that this segment does not carry contain any acknowledgement number. It does not define the window size either. Here note that this SYN segment is a control segment and carries no data. However, it consumes one sequence number. When the data transfer starts, the ISN is incremented by one. A SYN segment cannot carry data but it consumes one sequence number. Second, the server sends the second segment SYN plus ACK segment with two flag bits set SYN and ACK. This segment has a dual purpose. First it is SYN segment for communication in other direction. The server uses this segment to initialize a sequence number for numbering the bytes sent from the server to the client. The server also acknowledges the receipt of SYN segment from the client by setting the ACK flag and displaying the next sequence number. A SYN plus ACK segment cannot carry data but does consume one sequence number. Third, the client sends the third segment. This is just an ACK segment. It acknowledges the receipt of the second segment with the ACK flag and acknowledgement number field. Note that here the sequence number in this segment is the same as the one in SYN segment. The ACK segment does not consumes any sequence number. The client must also define the server window size. In this case, the third segment must have a new sequence number showing the byte number of the first byte in the data. An ACK segment if carrying no data consumes no sequence number. Now, the connection establishment using three-way handshaking. Simultaneous open. A rare situation may occur when both processes issue an active open. In this case, both TCP transmits SYN plus ACK segment to each other and one single connection is established between them. SYN flooding attack. The connection establishment procedure in TCP is susceptible to a serious security problem called SYN flooding attack. This happens when one or more malicious attackers send a large number of SYN segments to a server pretending that each of them is coming from a different client by faking the source IP address in the datagram. The server assuming that the client are issuing an active open allocates the necessary resources such as creating transfer, control block, tables and setting timers. The TCP server then sends SYN plus ACK segment to the fake clients which are lost. When the server waits for the third leg of the handshaking process, however the resources are allocated without being used. During this short period of time, the number of SYN segments is large. This SYN flooding attack belongs to a group of security attacks known as denial of service attack in which the attacker monopolizes a system with so many service requests that the system overloads and deny services to valid requests. Some implementation of TCP strategies to elevate the effect of SYN attack. Data transfer. After connection is established, bi-directional data transfer can take place. The client and the server can send data and acknowledgments in both directions. The acknowledgment is piggybacked with the data. Figure shows an example. After a connection is established, the client sends 2000 bytes of data in two segments. The server then sends 2000 bytes in one segment. The client sends one more segment. The first three segments carry both data and acknowledgment but the last segment carries only an acknowledgment because there is no more data to be sent. The segment from the server on the other hand does not set the push flag data service. Now connection termination. Any of the two parties involved in exchanging data can close the connection. However, it is usually initiated by the client. Most of the implementation today allows two options for connection termination. Three-way handshaking and half-close. Three-way handshaking. Most of the implementation today allows three-way handshaking for the connection termination. In correction, in a common situation, the client TCP after receiving a close command from the client's process sends the first segment, a FIN segment. That is, finished segment in which the FIN flag is set. FIN, then after FIN segment can include the last chunk of data sent by the client or it can be just a control segment. The FIN segment consumes one sequence number if it does not carry data. The server TCP after receiving FIN segment informs its process of the situation and sends the second segment, FIN plus ACK segment to confirm the receipt of FIN segment from the client. The client TCP sends the last segment and ACK segment to confirm the receipt of the FIN segment from the TCP server. Four-way handshaking that is half-closed. In TCP, one end can stop sending data while still receiving data. This is called half-closed. Either the server or the client can issue a half-closed request. It can occur when the server needs all the data before processing can begin. FIN plus ACK segment consumes one sequence number if it does not carry data. Connection Reset. TCP at one end may deny connection request, may abort existing connection or may terminate an idle connection. All of these are done with the reset flag. Here pause the video and attempt this MCQ. The answer is A. Now attempt the next MCQ. Here the answer is C. Here are my references. Thank you.