THE DESIGN CYCLE
■ SNIFFERSHOT 4. Note that the
Sniffer Portable application calculates
lots of things automatically for the
user. For instance, the Next expected
Seq number field is not an actual
part of the TCP packet. It’s put there
by the Sniffer Portable application
to help you troubleshoot TCP
that this packet is aimed at the
EDTP Ethernet MINI because we
set the EDTP Ethernet MINI’s TCP
port address to 20202 decimal in
our driver code. The sequence of
bytes we are studying in Sniffershot
1 make up the first part of a
three-part handshake process. In
Sniffershot 1, the client laptop is trying to establish a communications
session with the EDTP Ethernet
MINI server. Note that the client
laptop has forwarded its initial 32 bit sequence number to the
EDTP Ethernet MINI and is expecting the MINI to acknowledge the receipt of a single byte of data. In this case, no data
is actually transmitted and the SYN flag is considered as the
byte of data. The client laptop’s transmission of this SYN flag
with no data is the first handshake of the three-way process.
PawPaw and Bubba always acknowledged each other’s
message. Thus, we must do the same. In Sniffershot 2, the
Ethernet MINI server is sending a TCP packet to the laptop
client. Note that our Acknowledgement number is the
laptop client’s sequence number plus one for the SYN flag
pseudo byte. We have successfully acknowledged (ACKed)
the receipt of the SYN from the laptop client. It’s not
enough for the Ethernet MINI to simply keep up with the
client’s sequence number. The laptop must also keep a
running tally of the bytes coming in and going out. So, the
EDTP MINI sends along its initial sequence number to the
laptop and sets the ACK and SYN flags in the outgoing
packet. This is the second part of
the three-way handshake process.
We are now in position to
perform the final handshake.
Here’s what should happen:
The Acknowledgement number received by the EDTP
Ethernet MINI has incremented by one indicating the SYN
ACK packet was received and has been acknowledged by the
laptop. As no data was included in the incoming handshake
reply, the Sequence number does not change. The third handshake is signaled by the setting of the ACK flag in the MINI
server’s incoming handshake response. All of the required
numbers have been exchanged. It’s time to haul some data.
A BANNER DAY
A bit of simple math used against the Sequence
number and Next expected Seq number tells us that 32
bytes of data flowed from the Ethernet MINI server to the
client laptop in the TCP packet represented in Sniffershot 4.
The ACK flag will always be set from now on indicating that
the Acknowledgement number is being actively tracked.
The work performed in Sniffershot 4 transmitted the EDTP
1) The client laptop should ACK
the EDTP Ethernet MINI’s SYN.
2) The incoming packet received
by the MINI has the ACK flag set.
Sniffershot 3 fills in the blanks.
■ SNIFFERSHOT 5. The ACK and
PSH flags along with the GET
command set this capture apart
from a normal TCP packet. Note that
the Sniffer Portable application has
recognized port 80 as a well-known
December 2007 79