tags:

views:

80

answers:

3
+3  Q: 

Rationale behind ACKs and SEQs?

I am not sure if people find this obvious but I have two questions:

  1. During the 3-way handshake, why is ACK = SEQ + 1 i.e. why am I ACKing for the next byte that I am expecting from the sender?
  2. After the handshake, my ACK = SEQ + len. Why is this different from the handshake? Why not just ACK for the next byte I am expecting as well (the same as during the handshake)?

I know I must've missed out a basic point somewhere. Can someone clarify this?

+3  A: 

During the handshake you're synchronizing. The sequence number is the known data. Once you've synced, the data length is the known data as well as a useful pseudo-random verifier. Sender knows how much he sent and if you reply, he assumes you got it. This is easier than reply with, say a checksum or hash of the data, and is usually sufficient.

No Refunds No Returns  2010-03-01 19:51:31
I see... I think I understood your point about the handshake. But again, why not just reply with ACK = SYN just to say "Alright.. I got your SYN numbered this"? And secondly, my second question concerned the same thing... I wasn't really suggesting we add a checksum or a hash... From your reply, it seems to be that there is a notion of security involved somewhere but I'm still trying to figure out where...
Legend  2010-03-01 20:18:58
no - it's just a verification. Once sender/receiver have synced they need a way to positively confirm receipt of the message. The AOK is that receiver got as many bytes as sender sent. Something know to both parties. It's not security. It's more like a parity bit though that is an inaccurate analogy. Why impose a messsage counter on the protocol? It adds no value, only overhead.
No Refunds No Returns  2010-03-01 21:19:53
+5  A: 

This is because the first byte of sequence number space corresponds to the SYN flag, not to a data byte. (The FIN flag at the end also consumes a byte of sequence number space itself.)

Matthew Slattery  2010-03-01 20:00:12
A: 

Both the SYN and FIN flags cause the sequence number of the stream to increment by one. Thus

SYN (seq x) -------------->
                           <--- SYNACK (ack x+1, seq y)
ACK (seq x+1, ack y+1) --->

Is your three way handshake. It's done that way because SYNs and FINs require acknowledgement of receipt. That way everyone can be on the same page during the lifetime of the connection.

Theoretically any packet in part of the TWHS could have payload, but if either of the packets with the SYN flag set have payload, the opposite side needs to acknowledge both data AND the flag.

jdizzle  2010-03-08 03:57:18

related questions

Windows packet sniffer that can capture loopback traffic?
Sockets and Processes in Java
Getting the Hostname or IP in Ruby on Rails
How do I measure bytes in/out of an IP port used for .NET remoting?
How do I read and write raw ip packets from java on a mac?
Tool for degrading my network connection?
How do you find out which NIC is connected to the internet?
How do you parse an IP address string in C#?
Spread vs MPI vs zeromq?
How do you get the ethernet address using Java?
Leaving your harddrive shared
Should a wireless network be open?
Wifi Management on XP (SP2/SP3)
Broadcast like UDP with the reliability of TCP
Default Routes
Optimizing for low bandwidth
What workshops / user groups / conventions do you attend?
Why is Peer-to-Peer programming a hard topic to obtain good research for?
Boundary Tests For a Networked App
Remoting server auto-discovery. Broadcast or not?
How do I interpret 'netstat -a' output
Default Internet connection on Dual LAN Workstation
Objective-C/Cocoa: How do I accept a bad server certificate?
Easiest way to provide VPN access easily for all client OSes?
How to setup Quality of Service?