Skip to content

Page190

Socket Pairs

A socket is a combination of an IP address and a TCP or UDP port on one node. A socket pair describes a unique connection between two nodes: source port, source IP, destination port, and destination IP. The netstat output in Fig. 5.6 shows a socket pair between source IP 192.168.80.144, TCP source port 51178, and destination IP 192.168.2.4, destination TCP port 22.

Fig 5.6 Fig 5.6 TCP socket pair

A socket may “listen” (wait for a connection); a listening socket is shown as 127.0.0.1:631 in Fig. 5.6. A socket pair is then “established” during a connection. You may have multiple connections from the same host (such as 192.168.80.144), to the same host (192.168.2.4), and even to the same port (22). The OS and intermediary devices such as routers are able to keep these connections unique due to the socket pairs. In the previous example, two connections from the same source IP and to the same IP/destination port would have different source ports, making the socket pairs (and connections) unique.

TCP Flags

The original six TCP flags are:

  • URG: Packet contains urgent data
  • ACK: Acknowledge received data
  • PSH: Push data to application layer
  • RST: Reset (tear down) a connection
  • SYN: Synchronize a connection
  • FIN: Finish a connection (gracefully)

Two new TCP flags were added in 2001: CWR (Congestion Window Reduced) and ECE (Explicit Congestion Notification Echo), using formerly reserved bits in the TCP header. A third new flag was added in 2003: NS (Nonce Sum). These flags are used to manage congestion (slowness) along a network path. All 9 TCP flags are shown in Fig. 5.7.

Fig 5.7 Nine TCP flags Fig 5.7 Nine TCP flags