PCCITIZEN.com - SAFE COMPUTING/HOME NETWORKING/COMPUTING TIPS/CLEANUP-FIXUP-ADDUP

PicoSearch

 

HOME

START HERE

BE SAFE

ROUTERS

SIGNUP INFO

DIAGRAMS

TROUBLECITY

DEBUGGING

SPYING

WIRELESS

NETWORKING

ENCRYPTION

INTRUDERS

SPYWARE

ADD DISK

ANTIVIRUS

CLEANUP

FIREWALL

REMOTE

LINUX

UPGRADE

WPA!!

SWITCHES/HUBS

PC STUFF

CABLING

BACKUP

ETHERNET

TCP/IP INFO

PC INFO

ADSL INFO

WIRELESS INFO

 

HAVE I HELPED?

 

WHY YOU SHOULD ALWAYS WASH YOUR HANDS AFTER LEAVING THE RESTROOM

The TCP connection is the mechanism by which a program attempts to connect to an open, and listening port on a PC or a server. 

Remember that TCP "connections" are sequences of associated IP packets, discussed here and here.

This note explains the three-way TCP connection handshake.  There are also links at the bottom to related TCP/IP/Internet topics.  Using the characteristics of the three-way handshake, we can always determine who is the "originator" of a communication (TCP connection).  This is important to know, because it is much better if the user, which is you,  behind the router, initiates the communication, rather than an external ....possibly... unknown party.  In this manner, once we detect the outgoing TCP connection attempt, we can ALLOW any further communications on this connection, once it is established, because we know it is at the behest of the originator. 

The "three-way handshake" happens thus.  The originator (you, hopefully)  sends an initial packet called a "SYN" to establish communication and "synchronize" sequence numbers in counting bytes of data which will be exchanged.  The destination then sends a "SYN/ACK" which again "synchronizes" his byte count with the originator and acknowledges the initial packet.  The originator then returns an "ACK" which acknowledges the packet the destination just sent him.  The connection is now "OPEN" and ongoing communication between the originator and the destination are permitted until one of them issues a "FIN" packet, or a "RST" packet, or the connection times out.  All the protocols of the Internet which need "connections" are built on the TCP protocol.  The "three way handshake" establishes the communication.  Much like you picking up your phone, getting a dial tone, dialing the number, hearing ringing, and then the other party saying "hello" or "mushi mushi."

UDP is the other major underlying communication protocol of the Internet (besides TCP) - but it does not use a handshake to establish a "connection."  It is much like a letter dropped in the mail.  There are no guarantees, and the post office makes a "best effort" to deliver the letter.  But there is no final check to guarantee that the letter made it to its final destination.  Of course there is a variant of the US mail which does this -  registered mail. 

Operating behind a NAT/router has special challenges for UDP packets.  A UDP IP packet just suddenly shows up at the router's doorstep, much like a letter, and it must try to decide whether to let it pass or not.  Outgoing UDP packets are permitted pretty much without question, but incoming UDP packets (unsolicited UDP) are typically not permitted unless they correspond to previous UDP packets outgoing.  The IP address is used to see if it is one that was addressed in a previous outgoing packet.  There is then a timer placed on this; if a UDP packet is not seen on this connection for a certain time, then the router reverts to denying the incoming UDP. 

Now all the more familiar services of the Internet, such as web browsing (HTTP), email (POP3 and SMTP typically), FTP, Telnet, etc. etc. are built on top of the TCP and UDP protocols.  And of course TCP and UDP are built on top of the fundamental IP protocol.  IP protocols contain the IP addresses, TCP and UDP protocols contain the service addresses, to summarize it simply. 

You should also read this page on firewalls, which has a lot of additional information on the TCP connection mechanism and the role that firewalls play.

Here is a state transition diagram for TCP:

It is taken from this web page.

Some additional TCP/IP Related Info:  I will add to this information occasionally

IP Address Explanation

TCP Ports

Networks

DNS Explanation

Internet Domains

Troubleshooting your Internet Connection

Internet Service Providers

Support Your Local System Administrator

The UNIX PC Wars

Denial of Service Attacks

Local System Administrator

Personal Web Sites

Virtual Private Networks

Best Effort Service

pppoE protocols

MTUs, MSSs, and Black Holes!

XP TCP/IP Registry Components

NTP considerations

TCP/IP STUFF

WIRELESS STUFF

PC STUFF

ADSL/CABLE MODEM STUFF

 

Copyright John D Loop Wednesday October 26, 2005