SYN | SYN/ACK | ACK
Above term is used to describe how a TCP connection is established. Imagine situation - there is Mike and Kate. Mike wants to send a message to Kate via TCP on port 80. First thing that Mike has to do, is to check if Kate is accessible. He will open TCP connection to check this.
Mike - sends a TCP SYN to Kate on port 80 >>> Kate
Kate - responds with a TCP SYN/ACK >>> Mike
Mike - sends a TCP/ACK >>> Kate
Connection is established
Let's examine those steps:
- Mike sends a SYN request to Kate.
- Kate receives the request and if there is a listening process on port 80, she will respond with a TCP packet with the SYN/ACK flags set.
- Mike receives TCP SYN/ACK, checks the acknowledgement number (more about it here) and then can send the last part of handshake - TCP/ACK. At this point, both parties are successfully connected and can share data on via TCP socket.
Closed port
If there is a situation, when no service is running on Kate server in port 80, she will send response with TCP RST/ACK flags. After this request connection is terminated.
Mike - sends a TCP SYN to Kate on port 80 >>> Kate
--- port is closed ---
Kate - responds with a TCP RST/ACK >>> Mike
Connection is terminated
Other responses
When scanning a network you have to bear in mind that not every one will go as you would like. On the server which is being scanned can run firewall which will drop your SYN requests, hence it will never reach a destination. Rarely, you can encounter situation when request reaches a server, but response is firewalled and dropped.
No comments:
Post a Comment