meddulla/tcp_sequence_numbers.org

## tcp_sequence_numbers.org

      
    Raw
  

              tcp_sequence_numbers.org
            
          
    Example image download - Summary table of a client requesting an image
Source: https://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/
Sequence and ack numbers shown here are relative. “When a host initiates a TCP session, its initial sequence number is effectively random; it may be any value between 0 and 4,294,967,295, inclusive. However, protocol analyzers like Wireshark will typically display relative sequence and acknowledgement numbers in place of the actual values. These numbers are relative to the initial sequence number of that stream.”

  Packet Nr Direction Seq Nr Ack Nr Payload Len Flags Notes
  1 -> (client) 0 0 0 SYN Client initiates connection to server
  2 <- (server) 0 1 0 SYN, ACK Server ACKs client request and requests a connection as well. Ack nr increased to acknowledget client’s SYN
  3 -> 1 1 0 ACK Client increases its own seq nr by 1 to due to last syn sent (seq nr is equal to last ack if all goes well in connection and ack’s server’s SYN)
  4 -> 1 1 725 PSH, ACK Client sends HTTP header GET /image.png. Sets the PSH/Push flag so that the server kernerl won’t buffer the bytes and instead send them directly to the userland application
  5 <- 1 726 = 1 + 725 0 ACK Server acks client download request. Ack number is the previous ack number + the last received payload length
  6 <- 1 726 1448 ACK Download starts/server starts sending data
  7 -> 726 1449 0 ACK Client acks previous packet (1+1448=1449)
  8 <- 1449 726 1448 ACK Server continues download
  9 -> 726 2897 0 ACK Client acks previous packet (1449+1448=2897)
  .. 
  36 <- 21721 726 1230 PSH,ACK Server sends the final `HTTP/1.1 200 OK`. PSH so the client’s kernel won’t buffer and push the bytes downstream to the client app
  37 -> 726 22951 (21721+1230) 0 ACK 
  38 -> 726 22951 0 FIN, ACK Client says it wants to close the connection (since the server has said it has finished sending the msg by using HTTP 200 OK)
  39 <- 22951 727 1230 FIN,ACK Server acks client’s FIN request and sends a FIN of his own. the clien’ts FIN increases the ack by 1 (726+1)
  40 -> 727 22951 0 ACK Clients acks the server’s FIN. Both sides have ack’ed the other’s FIN. Connection ends here.
Packet Nr	Direction	Seq Nr	Ack Nr	Payload Len	Flags	Notes
1	-> (client)	0	0	0	SYN	Client initiates connection to server
2	<- (server)	0	1	0	SYN, ACK	Server ACKs client request and requests a connection as well. Ack nr increased to acknowledget client’s SYN
3	->	1	1	0	ACK	Client increases its own seq nr by 1 to due to last syn sent (seq nr is equal to last ack if all goes well in connection and ack’s server’s SYN)
4	->	1	1	725	PSH, ACK	Client sends HTTP header GET /image.png. Sets the PSH/Push flag so that the server kernerl won’t buffer the bytes and instead send them directly to the userland application
5	<-	1	726 = 1 + 725	0	ACK	Server acks client download request. Ack number is the previous ack number + the last received payload length
6	<-	1	726	1448	ACK	Download starts/server starts sending data
7	->	726	1449	0	ACK	Client acks previous packet (1+1448=1449)
8	<-	1449	726	1448	ACK	Server continues download
9	->	726	2897	0	ACK	Client acks previous packet (1449+1448=2897)
..
36	<-	21721	726	1230	PSH,ACK	Server sends the final `HTTP/1.1 200 OK`. PSH so the client’s kernel won’t buffer and push the bytes downstream to the client app
37	->	726	22951 (21721+1230)	0	ACK
38	->	726	22951	0	FIN, ACK	Client says it wants to close the connection (since the server has said it has finished sending the msg by using HTTP 200 OK)
39	<-	22951	727	1230	FIN,ACK	Server acks client’s FIN request and sends a FIN of his own. the clien’ts FIN increases the ack by 1 (726+1)
40	->	727	22951	0	ACK	Clients acks the server’s FIN. Both sides have ack’ed the other’s FIN. Connection ends here.