You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.
– DNS query is sent to the DNS server to resolve www.google.com
– DNS server replies with the IP address for Google?
– SYN packet is sent to Google.
– Google sends back a SYN/ACK packet
– Your computer completes the handshake by sending an ACK
– The connection is established and the transfer of data commences
Which of the following packets represent completion of the 3-way handshake?
A.
4th packet
B.
3rdpacket
C.
6th packet
D.
5th packet
Shouldn’t this be “A”, at the 4th packet?
1. (B) –> [SYN] –> (A)
Imagine a server (A) and a client (B). If (B) needs to talk to (A), it initiates the first part of the three-way handshake by sending a SYN (Synchronize) packet.
Note: A SYN packet is a TCP packet with the SYN flag set only (see TCP header diagram in Resources). It’s important to note that unless a SYN packet is received by A from B, there is no way to establish a TCP connection. Therefore, if your firewall drops all SYN packets to your internal network (and to itself), there is no way for anyone to establish a TCP connection to you.
2. (B) <– [SYN/ACK] [ACK] –> (A)
When the (B) receives the SYN/ACK packet from (A), it completes the final part of the three-way handshake by returning an acknowledgement and sending it an ACK packet.
Sorry, I meant 3rd packet :). when B sends the final ACK packet to A.
SYN is the first packet in the handshake process. The thing before that was the name resolution process, no TCP handshaking yet. Due to the name resolving you get the IP and to that you connect and the 3-wway-handshaking process starts.
D. 5th Packet is the right answer.
The question is based on the Wireshark capture analysis, if you look at the screenshot you will see in the first cloumn named No. short for Number that in the 5th packet the 3-way handshake completed at after that in the 6th packet the GET HTTP starts.
you guys are thinking in the packet sequence but the question is based on the packet sequence number that Wireshark is numbering them.
Wireshark starts with No. 1 and goes up on each packet for simplicity. so in the screenshot the first 2 packets are DNS query resolution and the rest 3 packets are the handshake process.
so the question is asking the packets representing the completion of the 3-way handshake based on Wireshark capture which it numbers it as 5 in the screenshot. so it is the 5th packet in Wireshark capturing anaylsis in this screenshot.
good luck.