Analysing TCP Headers using Wireshark
From Wikipedia
TCP is used mostly by various applications available by internet, including the World Wide Web (WWW), E-mail, File Transfer Protocol, Secure Shell, peer file, and streaming media applications.
3 Way Handshakes
The handshaking process usually takes place in order to establish rules for communication when a computer sets about communicating with a foreign device. When a computer communicates with another device like a modem, printer, or network server, it needs to handshake with it to establish a connection.
- Client sends a TCP packet to the server with the SYN flag
- Server responds to the client request with the SYN and ACK flags set.
- Client completes the connection by sending a packet with the ACK flag set
Structure of TCP segment
Transmission Control Protocol accepts data from a data stream, splits it into chunks, and adds a TCP header creating a TCP segment. A TCP segment only carries the sequence number of the first byte in the segment.
A TCP segment consists of a segment header and a data section. The TCP header contains 10 mandatory fields, and an optional extension field.
| Source Port | The 16-bit source port number, Identifies the sending port. |
| Destination Port | The 16-bit destination port number. Identifies the receiving port |
| Sequence Number | The sequence number of the first data byte in this segment. If the SYN control bit is set, the sequence number is the initial sequence number (n) and the first data byte is n+1. |
| Acknowledgment Number | If the ACK control bit is set, this field contains the value of the next sequence number that the receiver is expecting to receive. |
| Data Offset | The number of 32-bit words in the TCP header. It indicates where the data begins. |
| Reserved | Six bits reserved for future use; must be zero. |
| Flags | CWR, ECE, URG, ACK, PSH, RST, SYN, FIN |
| Window | Used in ACK segments. It specifies the number of data bytes, beginning with the one indicated in the acknowledgment number field that the receiver (the sender of this segment) is willing to accept. |
| Checksum | The 16-bit one’s complement of the one’s complement sum of all 16-bit words in a pseudo-header, the TCP header, and the TCP data. While computing the checksum, the checksum field itself is considered zero. |
| Urgent Pointer | Points to the first data octet following the urgent data. |
Source: www.hackingarticles.in
Reviewed by Anonymous
on
2:42 AM
Rating:
