Page191

The TCP Handshake

TCP uses a three-way handshake to establish a reliable connection. The connection is full duplex, and both sides synchronize (SYN) and acknowledge (ACK) each other. The exchange of these four flags is performed in three steps: SYN, SYN-ACK, ACK, as shown in Fig. 5.8.

FIG. 5.8 TCP three-way handshake.

The client chooses an initial sequence number, set in the first SYN packet. The server also chooses its own initial sequence number, set in the SYN/ACK packet shown in Fig. 5.8. Each side acknowledges the other’s sequence number by incrementing it: this is the acknowledgement number. The use of sequence and acknowledgment numbers allows both sides to detect missing or out-of-order segments.

Once a connection is established, ACKs typically follow for each segment. The connection will eventually end with a RST (reset or tear down the connection) or FIN (gracefully end the connection).

UDP

UDP is the User Datagram Protocol, a simpler and faster cousin to TCP. UDP has no handshake, session, or reliability: it is informally called “Send and Pray” for this reason. UDP has a simpler and shorter 8-byte header (shown in Fig. 5.9), compared to TCP’s default header size of 20 bytes. UDP header fields include source IP, destination IP, packet length (header and data), and a simple (and optional) checksum. If used, the checksum provides limited integrity to the UDP header and data. Unlike TCP, data usually is transferred immediately, in the first UDP packet. UDP operates at Layer 4.

FIG. 5.9 UDP header [7].

UDP is commonly used for applications that are “lossy” (can handle some packet loss), such as streaming audio and video. It is also used for query-response applications, such as DNS queries.