1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

question about TCP connection ..please help

Discussion in 'Network+' started by kapulet, Apr 8, 2007.

  1. kapulet

    kapulet New Member

    5
    0
    17
    hi I got problem to solve one question about correct steps to establish a TCP connection.
    A) SYN=0,SYN=0 ACK=1;SYN=0 ACK=1
    B) SYN=1,SYN=1 ACK=0;SYN=1 ACK=0
    C) SYN=1,SYN=1 ACK=1;SYN=0 ACK=1
    D) SYN=0,SYN=1 ACK=1;SYN=0 ACK=1
    E) SYN=1,SYN=1 ACK=0;SYN=1 ACK=1

    THANKS FOR ANY HELP
     
    WIP: A+,N+,CCNA
  2. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    First - N+ does not require this level of knowledge of TCP headers as far as I'm aware.

    The answer is C) assuming I have decoded the question format correctly.

    Where did this question come from?

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  3. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Hi

    Your question is vague - you don't give us any more information about what you're trying to understand.

    I presume its the basic Syn/Ack connection sequence for TCP Session establishment. If so, then it appears that none of the potential answers you have given are correct - since this is a three step process (known as the '3-way handshake').

    Allow me to summarise:

    Host 1 (we'll call it 'PC') needs to establish a session with Host 2 ('SRV'). In order to do this, PC needs to first contact SRV. SRV then replies to PC that it is able & willing to accept the connection. PC then responds back and the session is duly established.

    This takes the form of:

    Step 1 = SYN=0, ACK=0
    Step 2 = SYN=1, ACK=1
    Step 3 = SYN=0, ACK=1

    Therefore none of the potential answers you have given are correct, as the answer should read:

    Syn=0,Ack=0; Syn=1,Ack=1; Syn=0,Ack=1
     
    Certifications: A few
    WIP: None - f*** 'em
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    <Cough> The first step taken by a device doing an active open is to send a SYN packet!

    See here. :biggrin

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. Crito

    Crito Banned

    505
    14
    0
    C is the closest, but shouldn't there be a semicolon between first and second SYN?

    I just remember is as SYN, SYN/ACK, ACK

    PC -----------SYN------------> SERVER
    PC <-------SYN/ACK-------- SERVER
    PC ------------ACK-----------> SERVER

    And though I don't recall it being on Network+ either it is on the Security+ and CEH exams (in relation to SYN flood DoS attacks, where final ACK is never sent.)
     
    Certifications: A few
    WIP: none
  6. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Wasn't on Network+ when I did it.

    I passed Net+, and have no idea what you're all on about! :oops:
     
  7. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    It's known as a three-way handshake and is initiated between two applications when they wish to communicate over TCP/IP.

    And also LAND attacks where a network is flooded with SYN packets from a spoofed source IP address that matches a computer on the network.
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  8. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Oh yeah! I know what you're on about now! It was part of the CCNA stuff I did at uni. One of those things that if you don't need to use it, you don't remember it. 8)
     
  9. Crito

    Crito Banned

    505
    14
    0
    I though LAND was where you send a malformed packet with identical source and destination IPs. What you describe sounds more like a Smurf attack, but that sends a ping (ICMP packet) to the network's broadcast addy.
     
    Certifications: A few
    WIP: none
  10. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Yes, that's the fella. It's caused by spoofed SYN packets getting into the network. The targeted machine responds to the SYN packet that is addressed to itself and it becomes unavailable as it continuously sends and replies to itself.
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  11. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    I swear you guys are making these attack names up as you go along. :)
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  12. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Now a 'Whack Attack' on the other hand is similar to a 'Back-Crack-And-Sack-Attack' but uses a different method of .............................
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  13. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    ooops

    Yeps - typo extraordinaire I think!

    And there's me working in poxy network security - giving off the most fraudulent advice possible!

    Of course it should read S=1,A-0;S=1,A=1;S=0,A=1.

    Not much point making the first part of a handshake zero on both sides... :oops:

    That would be a bit like sending a FIN=0 to end a session... :biggrin
     
    Certifications: A few
    WIP: None - f*** 'em
  14. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    LOL - If you think they're bad, wait until you hear about Ping Of Death, Teardrop, Bonk and Boink...
     
    Certifications: A few
    WIP: None - f*** 'em
  15. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    LOL! Wanna expand on those Zeb!
     
  16. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    I first heard of the ping of death about 10 years ago, when it was demonstrated to me bringing a NT server down. IIRC it was a oversized ping packet that the TCP/IP stack at the time couldn't deal with - so it blue-screened.

    Harry. (Hoping his memory hasn't failed him)
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  17. wizard

    wizard Petabyte Poster

    5,763
    35
    174
    Certifications: SIA DS Licence
    WIP: A+ 2009
  18. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    kapulet,

    Isn't this question directly from one of the following:
    1. Cisco Press INTRO Exam Certification Guide
    2. Cisco Press ICND Exam Certification Guide
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  19. kapulet

    kapulet New Member

    5
    0
    17
    hi..well sorry i didnt write more about this question..At first I need it for CCNA Intro not for N+.t is about TCP Simple Acknowledgment.I do understand how it works but this question is put the way that i cant figure out its correct answer. (sorry 4 my english)
    question is:Select the statement that correctly orders the steps to establish a TCP connection.
    thanks
     
    WIP: A+,N+,CCNA
  20. kapulet

    kapulet New Member

    5
    0
    17
    hi.yap it is from CCNA Intro
     
    WIP: A+,N+,CCNA

Share This Page

Loading...