πŸ•ΈοΈ
Th4ntis CyberSec
  • πŸ•·οΈ>whoami_
  • πŸ–₯️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • πŸ’»Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • πŸͺŸWindows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • πŸ”ŽOSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • πŸ› οΈTools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • πŸ“”Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • πŸ“•Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
      • Mimikatz
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • πŸ““Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • πŸ“¦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • 3-Way Handshake Process:
  • Common ports/protocols:
Edit on GitHub
  1. Networking

3-Way Handshake

Additional notes

3-Way Handshake Process:

Transmission Control Protocol (TCP) provides a secure and reliable connection between two devices using the 3-way handshake process. TCP uses the full-duplex connection to synchronize (SYN) and acknowledge (ACK) each other on both sides. There are three steps for both establishing and closing a connection. They are βˆ’ SYN, SYN-ACK, and ACK.

Synchronization Sequence Number (SYN) βˆ’ The client sends the SYN to the server

  • When the client wants to connect to the server, then it sends the message to the server by setting the SYN flag as 1.

  • The message carries some additional information like the sequence number (32-bit random number).

  • The ACK is set to 0. The maximum segment size and the window size are also set. For example, if the window size is 1000 bits and the maximum segment size is 100 bits, then a maximum of 10 data segments can be transmitted in the connection by dividing (1000/100=10).

Synchronization and Acknowledgement (SYN-ACK) to the client

  • The server acknowledges the client request by setting the ACK flag to 1.

  • The ACK indicates the response of the segment it received and SYN indicates with what sequence number it will start the segments.

  • For example, if the client has sent the SYN with sequence number = 500, then the server will send the ACK using acknowledgment number = 5001.

  • The server will set the SYN flag to '1' and send it to the client if the server also wants to establish the connection.

  • The sequence number used for SYN will be different from the client's SYN.

  • The server also advertises its window size and maximum segment size to the client. And, the connection is established from the client-side to the server-side.

Acknowledgment (ACK) to the server

  • The client sends the acknowledgment (ACK) to the server after receiving the synchronization (SYN) from the server.

  • After getting the (ACK) from the client, the connection is established between the client and the server.

  • Now the data can be transmitted between the client and server sides.

3 -Way Handshake Closing Connection Process

To close a 3-way handshake connection:

  • First, the client requests the server to terminate the established connection by sending FIN.

  • After receiving the client request, the server sends back the FIN and ACK request to the client.

  • After receiving the FIN + ACK from the server, the client confirms by sending an ACK to the server.

Common ports/protocols:

Last updated 2 years ago

πŸ’»