tags:

views:

52

answers:

1
+1  Q: 

tcpip 3-way handshake

Why is data not transferred during the 3rd part of TCP 3-way handshake? e.g.

(A to B)SYN

(B to A)ACK+SYN

(A to B) ACK.... why cant data be transferred along with this ACK?

+1  A: 

I've always believed it was to keep the session establishment phase separate from the data transfer phase so that no real data is transferred until both ends of the session have agreed on the sequence numbers and session options, especially since packets arriving may be from a totally different, previous, session that just happens to have the same endpoints.

However, on further investigation, I'm not entirely certain that transmitting data with the handshake packets is disallowed. The section on TCP connection establishment in my Internetworking with TCP/IP1 book contains the following snippet:

Because of the protocol design, it is possible to send data along with the initial sequence numbers in the handshake segments. In such cases, the TCP software must hold the data until the handshake completes. Once a connection has been established, the TCP software can release data being held and deliver it to a waiting application program quickly.

Since it's certainly possible to construct a TCP packet with SYN (or ACK) and data, this may well be allowed. I've never seen it happen in the wild but, then again, I've never seen a hairy-eared dwarf lemur in the wild either, though I'm assured they exist.

It may be that it's the sockets software that prevents data going out before the session is fully established but TCP appears to consider it valid. It appears you can send data with a SYN-ACK packet (phase 2 of the connection establishment) since you have the other end's sequence number and options. Likewise, sending data with the phase 3 ACK packet appears to be possible as well.

The reason the TCP software holds on to the data until the handshake is fully complete is probably due to the reason mentioned above - only once both ends have agreed on the sequence numbers can you be sure that the data is not from a previous session.

1 Internetworking with TCP/IP Volume 1 Principles, Protocols and Architecture, 3rd edition, Douglas E. Comer, ISBN 0-13-216987-8.

paxdiablo  2010-08-09 06:17:07
Makes you wonder if such data would sneak past any deep-packet-inspection filters out there that aren't expecting data in the initial handshake!
caf  2010-08-10 00:40:14

related questions

Windows packet sniffer that can capture loopback traffic?
Sockets and Processes in Java
Getting the Hostname or IP in Ruby on Rails
How do I measure bytes in/out of an IP port used for .NET remoting?
How do I read and write raw ip packets from java on a mac?
Tool for degrading my network connection?
How do you find out which NIC is connected to the internet?
How do you parse an IP address string in C#?
Spread vs MPI vs zeromq?
How do you get the ethernet address using Java?
Leaving your harddrive shared
Should a wireless network be open?
Wifi Management on XP (SP2/SP3)
Broadcast like UDP with the reliability of TCP
Default Routes
Optimizing for low bandwidth
What workshops / user groups / conventions do you attend?
Why is Peer-to-Peer programming a hard topic to obtain good research for?
Boundary Tests For a Networked App
Remoting server auto-discovery. Broadcast or not?
How do I interpret 'netstat -a' output
Default Internet connection on Dual LAN Workstation
Objective-C/Cocoa: How do I accept a bad server certificate?
Easiest way to provide VPN access easily for all client OSes?
How to setup Quality of Service?