Discussion:
Trouble finding info on the TCP Accept sequence changing the port target port
(too old to reply)
R.Wieser
2021-05-03 18:33:57 UTC
Permalink
Hello all,

I'm currently trying to figure out how, at the level of ethernet packets,
the TCP Connect works. I can find quite a number of webpages what the the
initial three handshake packets look like, but no more.

More specific : how an Accept call on the listening socket tells the other
side that the target port has changed (to a newly created socket, so the
listening socket is free to accept another connection).

If someone knows where I can find that specific info (including SYN, ACK,
RST, ETC - preferrably with some schematic / pictures) I would be obliged.

Regards,
Rudy Wieser
JJ
2021-05-04 11:20:43 UTC
Permalink
Post by R.Wieser
Hello all,
I'm currently trying to figure out how, at the level of ethernet packets,
the TCP Connect works. I can find quite a number of webpages what the the
initial three handshake packets look like, but no more.
More specific : how an Accept call on the listening socket tells the other
side that the target port has changed (to a newly created socket, so the
listening socket is free to accept another connection).
If someone knows where I can find that specific info (including SYN, ACK,
RST, ETC - preferrably with some schematic / pictures) I would be obliged.
That's what Image search engines were designed for. Just use relevant
keywords like these:

tcp syn ack fin
R.Wieser
2021-05-04 12:15:59 UTC
Permalink
JJ,
Post by JJ
That's what Image search engines were designed for. Just use
tcp syn ack fin
Finding the right keywords must than be my problem, as I've been searching
for the relevant info for quite a bit before posting about it here.

But are you sure ? When I throw those into them all I get is (stuff like)
this :

https://www.guru99.com/tcp-3-way-handshake.html
https://www.cspsprotocol.com/tcp-connection-termination/
https://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/
https://ipwithease.com/what-is-tcp-fin-packet/
https://www.xmodulo.com/capture-tcp-syn-ack-fin-packets-tcpdump.html
etc.

I've found most of those websites using other keywords. "tcp syn ack" wil
just give you links to the initial connection, and "fin" will give you info
about closing it - as shown with the above results. No info about how
accepting (on a listening socket) works or which TCP packets are involved
though. :-|

Regards,
Rudy Wieser
JJ
2021-05-05 09:41:59 UTC
Permalink
Post by R.Wieser
Finding the right keywords must than be my problem, as I've been searching
for the relevant info for quite a bit before posting about it here.
But are you sure ? When I throw those into them all I get is (stuff like)
https://www.guru99.com/tcp-3-way-handshake.html
https://www.cspsprotocol.com/tcp-connection-termination/
https://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/
https://ipwithease.com/what-is-tcp-fin-packet/
https://www.xmodulo.com/capture-tcp-syn-ack-fin-packets-tcpdump.html
etc.
I've found most of those websites using other keywords. "tcp syn ack" wil
just give you links to the initial connection, and "fin" will give you info
about closing it - as shown with the above results. No info about how
accepting (on a listening socket) works or which TCP packets are involved
though. :-|
For articles/images which dwells on TCP in details, perhaps adding `rfc`
search keyword may help refining the search. Throw in non ambiguous
technical terms which are relevant to what you're trying to find.
R.Wieser
2021-05-05 10:27:51 UTC
Permalink
JJ,
Post by JJ
For articles/images which dwells on TCP in details, perhaps adding
`rfc` search keyword may help refining the search.
:-) Although I'm sometimes able to extract what I need from those RFCs I
most always find them quite unreadable. :-( They might be good as
reference material (aka: looking back), but when trying to figure out what
to do (aka: looking forward) they are not all that great ... At least, not
to me.
Post by JJ
Throw in non ambiguous technical terms which are relevant to
what you're trying to find.
A good suggestion. Than again, what do you think I've been trying to do ?
"connect", "listen" and "accept" won't work as they are way to ambiguous,
regardless of being combined with words like "win32", "TCP", "packets",
"ethernet", "wireshark" or "handshake".

Regards,
Rudy Wieser
t***@gmail.com
2021-05-05 14:28:06 UTC
Permalink
JJ,
Post by JJ
For articles/images which dwells on TCP in details, perhaps adding
`rfc` search keyword may help refining the search.
:-) Although I'm sometimes able to extract what I need from those RFCs I
most always find them quite unreadable. :-( They might be good as
reference material (aka: looking back), but when trying to figure out what
to do (aka: looking forward) they are not all that great ... At least, not
to me.
Post by JJ
Throw in non ambiguous technical terms which are relevant to
what you're trying to find.
A good suggestion. Than again, what do you think I've been trying to do ?
"connect", "listen" and "accept" won't work as they are way to ambiguous,
regardless of being combined with words like "win32", "TCP", "packets",
"ethernet", "wireshark" or "handshake".
Regards,
Rudy Wieser
I just tried, "tcp internals - port accept" in Google and it turned up some promising links...
R.Wieser
2021-05-05 17:07:38 UTC
Permalink
tecoop,
Post by t***@gmail.com
I just tried, "tcp internals - port accept" in Google and it turned up
some promising links...
I followed a lot of those links (spending at least an hour if not multiple)
but could not find the info I'm looking for. Why do you think I posted my
question here ?

Also, my second post in this thread shows I found a number of those
"promising links" and an explanation to why they did not pay off.

If you found the link to the info I would much obliged if you would post it.

... Or should I make it a challenge, just so you follow those links yourself
and realise that none of them lead anywhere. :-)

Regards,
Rudy Wieser

Loading...