Computer systems often need to communicate with each other, which is achieved by connecting them to the same network. Various technologies facilitate this communication across different types of networks. In this section, we will explore the protocols commonly used in most networks.
The networks we utilize incorporate multiple protocols, some of which are covered in this class. Additionally, there are many other protocols in use, each of which may carry potential security risks.
Similar to how IP addresses are used for addressing in IP, TCP and UDP utilize ports for the same purpose. A port, represented by a number between 0 and 65535, specifies which network service should handle the request.
In the image below, we can see a TCP packet and how it appears to anyone analyzing network traffic.
The graphic illustrates that both the source and destination ports are represented by 16 bits, which is also true for UDP. The Sequence and Acknowledgment numbers are utilized in the three-way handshake and ensure reliable data transfer. Additionally, the control bits indicate the type of packet, while the other headers also play significant roles, though they are beyond the scope of this security course.
TCP employs a three-way handshake to facilitate communication between two systems. This handshake utilizes 32 bits of Pseudo Random Number Generator (PRNG) numbers to establish the connection, ensuring that both parties are willing to engage in communication.
The following graphic illustrates this process:
Here’s how TCP initiates communication:
This process is known as the SYN, SYN/ACK, ACK 3-way handshake, illustrated by two hosts establishing communication.
The screenshot displays Wireshark capturing packets, including the 3-way handshake. It shows the source and destination, with the Info field highlighting the ports and the SYN, SYN/ACK, and ACK steps.
The next screenshot illustrates data being exchanged between the two parties after the 3-way handshake, with the TCP packet’s data highlighted at the bottom of the image.