TCP Connection Establishment
Welcome back to the course on Computer Network and Internet Protocols. So, we are looking into the details of Transmission Control Protocol or TCP.So, in this lecture we will look into the details of TCP connection establishment and how TCP chooses the initial sequence number, based on the concept that we discussed earlier and then in the subsequent lecture. So, we will go to the flow control mechanism in TCPin details.(Refer Slide Time: 00:43)So, TCP connection establishment, it is a three way handshaking based mechanism it isutilizes a special connection request message called SYN a short form forsynchronization we call it as TCP SYN message. So, the connection establishment using3 way handshaking mechanism that is something like this, like Host A and Host B wantsto communicate with each other. So, Host A and Host B wants to communicate with eachother, Host A initiates the connection establishment.So Host A sends a SYN message with certain initial sequence numbers. So, in a momentwe will discuss that how TCP chooses this initial sequence number. So, it sends a SYNmessage with the initial sequence number as x, then Host B sends an acknowledgmentmessage along with also a SYN message, so this SYN message from Host B to Host A, itis used to ensure the bidirectional connection in TCP. So, if you remember in the lastclass we have talked about that TCP connection is bidirectional. So Host A cancommunicate with Host B at the same time Host B can also communicate with Host Aand because of this reason, Host B also sends a same packet with an initial sequencenumber. So, here in this example Host B sends this SYN message while sending back theACK.So, we are basically piggy backing SYN and ACK together piggy backing means we arecombining 2 message together in terms of TCP header, you need to set bit 1 for both theSYN flag and for the ACK flag. So, this SYN plus ACK message it is sending a newinitial sequence number, so this sequence number y it will be used for B to A datatransfer and earlier proposed sequence number from A to B that is x will be used for A toB data transfer and in acknowledge with this x, so it sends a acknowledgement numberof x plus 1.Now, if you remember the connection establishment procedure 3 way handshakingmechanism that we have discussed earlier in the case of general transport layer servicemodel. Host A can see this message host a can find out that the acknowledgment numberit corresponds to the SYN message that it has transmitted and if it corresponds to theSYN message that is transmitted it takes this SYN plus ACK as a feasible one or a validone. And then it sends a acknowledgement message finally to B and in thatacknowledgement message it sends a sequence number of x plus 1 incrementing theprevious sequence that it has initiated and acknowledges this acknowledgement numbery plus 1.So, with this 3 way handshaking mechanism, Host A and Host B initiate the connection.Now the question is that how will you choose the initial sequence number. So, choosingthe initial sequence number is an important aspect that we have looked into a genericdiscussion of a transport layer service models. So, while choosing the initial sequencenumber the objective is to avoid the delayed duplicate. So that you can identify amessage by looking into your sequence number whether that message is a delayedduplicate or it is just like the application has crashed and the application has initiatedanother connection at the same port with the different sequence number.So, to do that what you need to ensure that well, the initial sequence number that you arechoosing that initial sequence number should not fall within the forbidden region of theprevious sequence number. Now how will you ensure that to ensure that earlier we haveseen that well, whenever you are choosing the initial sequence number you have 2 wayto choose the initial sequence number. So, just try to remember the concepts that wediscussed earlier, so just briefly explaining it again for your convenience.(Refer Slide Time: 04:42)So, whenever you are choosing this initial sequence number. So this is the time axis andthis is the sequence number axis. So, this was the earlier connection if this was the earlierconnection then this was say the forbidden region for this particular connection. So, thisis the connection 1 and this is the forbidden region for connection 1.Now whenever you are initiating a new connection say at this point, connection 1 gotcrashed here, so once connection 1 got crashed you want to initiate a new connection.And whenever you are initiating a new connection you need to ensure that you are notstarting the new connection say; this is your new connection, connection 2 you are notstarting this connection 2 at a point such that the forbidden region for connection 2overlaps with connection 1 so this we do not want.So, to prevent that what we do that to prevent that we want to initialize connection 2,such that these 2 forbidden region does not overlap with each other. Now to do that youhave 2 options the first option is the first option is just, so the first option is you make ashift at the time domain and the second option is that to make a shift at the connectionestablishment domain. That means, at the sequence number domain. So, the first step isthat you start it after giving a gap so this is connection 2. So, you start it after giving agap, so that these gap will ensure that the sequence number space do not overlap.So, you wait for certain amount of time to ensure that all the packets for connection 1which was transmitted in the network they have died off and no traces of that those ofthey are in the network and then only you try a new connection, otherwise the option isthat you choose the initial sequence number in such a way which will be high enough.So, there would be difference here from the last sequence number which is used byconnection 1 and a new sequence number that you are using from connection 2. So, thereis a difference here such that you will be able to ensure that this sequence number spacewhich was been used by connection 1, you are not going to use that sequence numberspace for the connection 2 for the data of connection 2.Now TCP uses the second principle, so TCP ensures that whenever a connection, sayconnection 1 crashes, so this was connection 1 whenever connection 1 crashes, wheneveryou are starting connection 2 you choose the connection 2, the initial sequence numberof connection 2 in such a way that there is a gap in between so this is for connection 2;there is a gap in between and there is no overlap between the sequence number which isbeing used by connection 1 and which is being used by connection 2.So, for that, TCP uses a clocking mechanism, so TCP generates the sequence numberbased on a clock. So, that was the first implementation of TCP or the earlier version ofthe TCP, it used the sequence it used to generate the sequence number based on a clockmechanism. So, the methodology was something like this, so this originalimplementation of TCP it used a clock based approach. So, the clock ticked every 4microseconds, so whenever the clock is ticking you are generating a new sequencenumber if you have a byte 2 set and the value of the clock it cycles from 0 to 232-1.So, you remember that TCP uses a 32 sequence number, so your entire sequence numberspace is 0 to 232-1; so that means, at every 4 microseconds you are generating a newsequence number and whenever a connection crashes and get restarted then you will usethe sequence number which is being generated by the clock. So, that is used forgenerating the initial sequence number, then the sequence number will incrementedbased on the bytes that you are receiving and you are transmitting based on your flowcontrol and the congestion control algorithm. So, this value of the clock it gives theinitial sequence number which will be being used.(Refer Slide Time: 09:29)So, with this clock based mechanism what you are ensuring; that means, whenever aprevious connection say get crashed here, the connection get crashed here and you arerestarting the connection by the time the clock value will increase. And because the clockvalue is increasing you will obviously get a initial sequence number here, which hascertain gap from the sequence number filled which was used by the previous connection.So, you will start from here and you will be able to ensure that the forbidden region ofthe sequence number which is been used by connection 2, so this is connection 2 that isnot overlap with the forbidden region of connection 1. Now, with this particular approachwe have a problem like this sequence number generation becomes little bit deterministic.(Refer Slide Time: 10:17)So, if you know that well the clock is ticking at every 4 microsecond and at every 4microsecond you are generating a new sequence number; that means, an attacker will beable to understand by looking into the previous sequence numbers that, what is the clocktick rate, current clock tick rate. And when the previous connection got crashed howmuch time has been passed in between, divided by the 4 microsecond that should be theinitial sequence number of the next connection. If that is the possible that is the case thenthere is the possibility of SYN flood attack which can happen in case of TCP.So, in case of TCP the SYN flood attack is that you are continuously sending this kind ofspurious SYN connection to a node and that particular node will accept those connectionat a genuine connection and they will get blocked here, because, they will think of thatthat particular initial sequence number which is been generated, it is it is indeed a correctinitial sequence number based on my clock input, so it will accept those SYNconnection. And if you are sending multiple such SYN connections from multiplecomputers, that translates to a denial of service attacks. So, the computer and a serverwill only become busy to response to the SYN packets, it will not be able to send anydata packets any further.So, that is a possibility of a SYN flooding attack to launch a denial of service over TCP.So, that’s why the later function of the TCP or indeed the current version of the TCPwhat it does, that it uses the cryptographic function to generate the initial sequencenumbers. So, it is like that your clock value will give 1 one function 1 value. So, say theclock value is saying that your initial sequence number should be x, if your initialsequence number is x then you apply a cryptographic function to generate a initialsequence number such that your initial sequence number y it is more than x and becausethis is generated from a cryptographically secured function, so the attacker will not beable to predict the value of y.So, that way, you are ensuring that well in case of a previous connection, when theconnection got crashed here and you are trying to generate a new sequence number, yourclock value says that you should generate the new sequence number from this point. But,then whenever you are restarting a connection you should generate it from this point, butthen the cryptographic hash function generates another value which is more than thisparticular point say for at here. And you are starting your new connection from thatpoint.So, that way it will ensure because you are going higher of that, it will ensure that thereis no overlap between the forbidden region of this new connection and the forbiddenregion of this old connection, and at the same time because this value wascryptographically generated the attacker will be not be able to guess that. So, that wayyou will be able to safeguard the SYN flood attack in a TCP. OK?(Refer Slide Time: 13:28)Now, TCP connection release it again uses the 3 way handshaking mechanism. So, wehave 2 Host, Host A and Host B. Now Host A want to close the connection, when Host Awants to close the connection at it initiates this connection closure we call it as an activeclose. So, in case of active close Host A will send a FIN message FIN is the full form offinish.So, you want to close the connection send a FIN message with a current sequencenumber and a current acknowledgement number, then Host B once it receives the FINmessage it again go to the close connection closure with this passive close. So, in thepassive close, it sends a FIN message, it sends an acknowledgement message to this fin,so that Host A can close the connection in that acknowledgement it acknowledges thisFIN message with n plus 1. And at the same time it Host B wants to close the connectionitself, so this FIN message from Host A to Host B it is closing the connection from A toB.Now, if B wants to close the connection as well, so we have a bidirectional connection Balso B to A now if B wants to close this connection B sends this FIN message. If B doesnot want to close it immediately then what B can do that B can only sends theacknowledgement message and later on when it wants to close the connection, it cansends the its own FIN message that is also possible.
TCP Connection Establishment- Part 2
Now, once Host A receive theseacknowledgement message it starts a timeout, this timeout is to prevent these data lossdue to the symmetric nature of the closure. So, if you remember we have looked intoearlier that asymmetric closure insight and unreliable network is not possible so we wantto implement a symmetric closure with a timeout value.So, this timeout value ensures that well if you are still receiving some packets from B,then you can continue receiving that packet once this timeout occurs, you completelyclose that connection you will not accept any packet after that. Even if you may get anycertain packets after that, but those packets will get lost. You cannot do anything withthose packets and a similarly Host A sending the acknowledgement message against aFIN message or FIN plus acknowledgement message send by Host B and it updates theacknowledgement number accordingly against these sequence number, and sends backthe acknowledgment to Host B, so Host B again closes the connection and do not sendany data.So, you can see that the timeout is here in case of the active close, but for passive closewe do not require any timeout because, that is the last entity which is going to close. Werequire this timeout for active close because it may happen that when Host A is initiatedthis closure, Host A after getting the acknowledgement Host A can still receive some datafrom Host B because, Host B has not sent any FIN message with it or even if it has sent aFIN message it may happen that because of these reordering of the packet you mayreceive certain packets after that.So, we apply this timeout mechanism at the active close side, but at the passive closeside we do not require the timeout because, in the passive close side whenever you aregetting an acknowledgement from Host A, you know that Host A has already closed it isconnection, Host A has send a FIN message itself. So, it is just like that your friend hasclosed the door and your friend has not do not want you to enter his room. So, you do notwant to wait any more.So, so that is the reason here that Host A has already initiated that finish message. So,Host A will not send any more data Host B knows that, so for the passive close case youdo not need to wait for the timeout value, whereas for the active close case I amforcefully trying to close the connection. So I am giving an opportunity for the other endto send few more data to me if it wants, so that is why we have this timeout value here.Now as you have looked earlier for that hypothetical transport layer protocol that theseentire transport layer protocol follows a state transition diagram. So we also have a statetransition diagram for TCP.(Refer Slide Time: 17:48)So, let us look into the state transition diagram of TCP in little details because, that is theimportant concept for TCP. So, this entire state transition procedure start from this closestate; that means, the server and the client both of them are closed, so they are they havenot started any TCP socket yet.So, this are the notation that you see that everything is written by 1 message slashanother message, so this is the event action pair. So, that first one is the event and secondone is the action. Then, this dashed line is for the server. So, this dashed line which isbeing followed that is for the server and solid line is for the TCP client.(Refer Slide Time: 18:43)So, the client as you know that in a client server OSI model, the server remains in thelisten state for getting a connection, getting a connection request from a client. So, theclient initiates the connection request and once connects client receives sends aconnection request and a server receives it, it start processing with that connection.So, let us see that how this entire team moves using this state transition diagram usingTCP state transition diagram. So, from this close state let us first look into the client side.So, the client initiate the connect system call and sends the SYN message. So, that is thefirst step of the 3 way handshaking procedure and then the client moves to the SYN sentstate.So, at this state, the client has sent a SYN message and it is waiting for theacknowledgement from the server. Now from this SYN state sent state client can decideafter sending the SYN that I do not want to send any more data want to immediatelyclose the connection, so it may use a close message to close the connection immediatelyand move to the close state.So, whenever it is in the close state even if the server receives the SYN message andsend back with an acknowledgement, it will not accept that acknowledgement, it willsimply drop the acknowledgement. And, it will not send any more data because it is inthe close state and the server will wait for some amount of time, get a time out and againmove to the close state. So, that is for SYN sent state.(Refer Slide Time: 20:29)Now, after you have send a SYN then you can in that 3 way handshaking mechanismfrom the client to server first you have to send the SYN message, then you will receivean ACK from the server along with the SYN from the server as well and finally you willsend the ACK message.So, here in the second stage you have received a SYN plus ACK message from theserver. So, once you have received these SYN plus acknowledgment message from theserver, then you send an acknowledgement message and move to the established state.Similarly the server from the close state, it first makes this listen system call and movesto the listen state. So, at the listen state it is ready to receive any connectionestablishment message. So, once it receives a SYN message it sends back with a SYNplus acknowledgment message.So, this is the second step of the 3 way handshaking mechanism. So, the server hasreceived the SYN message and then sending a SYN plus acknowledgement message andthis is the third step of the 3 way handshaking where the client is receiving the SYN plusACK from server and sending back with the final acknowledgement and once the clienthas done that, client is moving to the established state and it is ready for data transfer.Now, from this listen state again the server can execute a close and close the connectionimmediately, when the server has received a send SYN message and send back a SYNplus acknowledgement message, server moves to the SYN receive state. So, from theSYN receive state it can make a reset call and reset the connection to the listen state.So, this reset call is that server somehow decides that it do not want to continue theconnection any more, that is sometime required to prevent the attack whenever you arereceiving multiple SYN messages from the same client like a SYN flooding thing toprevent that you can have a reset call or maybe for some application requirement orbased on the application programming or certain exception in the application side youwant to reset the existing connection.So, from the SYN receive you can call a reset call and again move to the listen state andignore these SYN you have already received. Now, there is there can be 1 case whereboth the server and the client are initiating the connection together, so in that case that iswe call as a simultaneous open.(Refer Slide Time: 23:07)So, it is just like that from the server and client, the client has send a SYN and at thesame time the server has also sent a SYN. So, if that is the case like you are getting aSYN message from the server, the client is getting a SYN message from the serverbecause ideally the client should sent a SYN and after that get the client should get aSYN plus acknowledgement. But if it is just getting the SYN message from the server, itsends a SYN plus acknowledgement message and the client can also move to the SYNreceive state.So, it is just like that you have sent a SYN message to the server, but rather than getting aSYN plus acknowledgement, the acknowledgement to the SYN that you have sent youare getting a SYN message and not the acknowledgement message, so you are the clientis moving to the SYN receive state. At this stage, whenever you are getting anacknowledgement message, you are moving towards the established state. So, the serveris moving server is getting this acknowledgment final acknowledgement message for the3 way handshaking and it is moving to the establish state.So, that way through this procedure everyone is moving towards the established state andfrom this establishment state data transfer can get initiated. So, this is for the connectionestablishment of TCP that it moves to this multiple states, and finally reaches to theestablished state when you can initiate data transfer. Now the data transfer can goes onbased on the principle that we have shown you earlier that if established then send thensend data or if established and receive data. And after this connection established state,then after this data transfer is over say you want to move to the connection closure stateyou want to close that connection.(Refer Slide Time: 24:54)Now, whenever you are wanting to close that connection, the client can initiate theconnection that particular connection we call it as an active close, because the connectionclosure is initiated by the client and for the server who is receiving that finish messageFIN message we call that as a passive close. So, we have seen that earlier.Now, in case of the active close, the client send an client execute the close primitive andsend a FIN message. So, whenever it has sent a FIN message it moves to this FIN wait 1state, then after sending this FIN message, you think of the connection release phasefrom the client to the server; you have sent a FIN message, after sending a FIN message,there are 2 possibilities, 1 possibility is that you get a FIN plus ACK. And the secondpossibility is that the client and the server, the client has sent a FIN message and it is notgetting an ACK it is it is not getting a FIN it is just getting the ACK. So, if it is this casethat you are not getting the finish from the server. That means the server is believing thatit has more data to send you just receive an acknowledgement message and you move tothe FIN wait 2 state from FIN wait 1 state, because you have not received a FIN plusACK.Now, if you are receiving the FIN plus ACK message, after receiving this FIN plus ACKmessage you go to this time wait state. So, you remember that for the active connection,active closure we have this time out value, where after receiving this FIN plus ACK youwait for a timeout value once the time out happens then you clear the connection, so itmoves to this time wait state.Similarly this FIN wait state it has received the acknowledgement, but it was waiting forgetting the FIN from the server, once it get this FIN from the server it sends that ACKand moves to the time wait state. Now there can be another case like it has sent a FINmessage to the server, but without getting an ACK, it has received another FIN messagefrom the server itself.(Refer Slide Time: 27:22)So, it is a case of so this case is simultaneous closure case, where the client has sent aFIN message to the server and server has sent another FIN message to the client, withoutsending the ACK. So that means, the server is believing that it has more data to receive,so in that case the client moves to the closing state by sending an ACK. So, you get thefinish message because you are anyway ready to finish, so you send thatacknowledgement message and move to this closing state. In this closing state you arebasically waiting for the acknowledgement from the server for this finish message thatyou have sent.Now, after that if the server sends this acknowledgement message to you, then you moveto the time wait state and after the time out occurs, you move to the close state. In case ofpassive close, things are pretty simple that you are in the close wait state because youhave received the FIN message and you have send back with an acknowledgementmessage and in the passive wait state you finally make a close call, so the server here ismaking a close call here you sent your own FIN message, server is sending its own FINmessage and waiting for the last acknowledgement message.So, we need to go for this synchronous closure and in case of synchronous closure toprevent the data loss as much as possible, TCP has taken this steps and in this particularsteps, the interesting part is this timeout for active closure that once all the things is overthe node which is initiating for the closure it waits for certain amount of time. Once thetimeout occurs they close it, but for the passive close you do not require the timeoutbecause, for the passive close the other end has already closed the connection, so youknow that it is not going to send anymore data to you.So, this is the entire connection modeling part of TCP protocol and in the next class,we’ll look into the flow control algorithm. So, this connection establishment it hashelped you to set the initial sequence number. So once this initial sequence number hasbeen established then you can use that initial sequence number. So, you are at theestablished state and with that established state and the initial sequence number that hasbeen agreed upon during the connection establishment phase; you can use that for furtherdata transfer using your flow control algorithm.So, in the next class we will look into that flow control algorithm in details.Thank you all for attending this class.
Log in to save your progress and obtain a certificate in Alison’s free Advanced Diploma in Computer Networks and Internet Protocol online course
Sign up to save your progress and obtain a certificate in Alison’s free Advanced Diploma in Computer Networks and Internet Protocol online course
Please enter you email address and we will mail you a link to reset your password.