Three-way TCP handshake

September 19, 2016 Standards

The three-way handshake is performed when establishing TCP connection to a port on the system. The handshake establishing reliable TCP connection if successful. The process involves three steps. The principal of how it works based on different flags set inside the packet. Lets look at three steps that occurring during three-way handshake.

Open System Interconnection Model OSI and TCP/IP Suite

July 21, 2016 Standards

OSI Model

The OSI (Open Systems Interconnection) is a general framework that allows network protocols, software and systems to be designed around general set of rules. This guidelines allow for systems to be compatible and logical traffic flow. OSI consists of 7 layers and knowing operational sequence of each one is extremely important. Lets look at OSI layers in more detail.

Data Link

1, Physical Layer

Consists of physical media that makes up infrastructure of our network. It includes things like wireless transmission, cabling, cabling standards and types, connectors and types, network interface cards, and more. From security stand point it is mostly protected by physically securing access to network media and devices.

2. Data Link Layer

Data Link layer is responsible for insuring that data is transferred free of errors. Data is transferred in frames in this layer. 802.3 for Ethernet and 802,11 for Wi-Fi are the protocols that reside at this layer.

3. Network Layer

Data travels in packets in this layer and it responsible for determining packet paths. It includes routing protocols like RIP and IGRP.  This is where IP addressing and routing is happening.

4. Transport Layer

This layer is where TCP and UDP parts of TCPIP suite reside. It ensures transport of data is successful. It includes sequencing and error checking,

5. Session Layer

It identifies established system session between different network entities. It monitors and controls remote sessions allowing multiple separate connections. NetBIOS and RPC reside in this layer.

6. Presentation Layer

Provides translation of data that is understandable by the next receiving layer. It deals with presentation of data. Any special processing of data that is required will be done at this layer.

7. Application Layer

Application and software we use on daily basis reside in this layer. Common examples would be protocols like HTTP and FTP. Everything is application specific at this layer


TCP/IP Suite

Each layer of the TCP/IP suits maps to one or more layers of the OSI model. Below image shows how TCP/IP suite maps to OSI model

Application Application
Transport Host-to-Host
Network Internet
Data Link Network Interface

TCP is connection-oriented protocol because it verifies that packets send reach destination. The process of verification starts with SYN packet.
1. The SYN packet starts handshake process by telling receiving system it wants to connect.
2. The receiving system replies with SYN-ACK response. This is aknowlagement to original SYN packet.
3. Ones the sender receives SYN-ACK it responds with ACK.


TCP packet sequence numbers important to understand for attacks such as session hijacking and man-in-the-middle attacks.
Sequence beginning number is always random.
1. When remote host receives SYN packet it response with SYN-ACK that has its own sequence number.
2. ACK response from first host will add 1 to original SYN