We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 581 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


295 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Rene,

    Excellent lesson!!! It's so good read a lesson like this, because you make it be so simple!

    Thanks and Abraço

  2. Hello Prathamesh!

    The TCP sequence number is random because, as Rene mentioned earlier, TCP is vulnerable to security issues like spoofing, injection or connection resetting. If an a attacker is able to determine the sequence number, he/she would be able to spoof a trusted source, and thus compromise the TCP session.

    For an example of such a spoofing attack, take a look at the following link: http://www.citi.umich.edu/u/provos/papers/secnet-spoof.txt

    (Notice that this paper is almost 20 years old and yet it's still valid today!!! Shows just how well designed and robust these protocols are.)

    The sequence number is generated by the OS of the device sending the data. Each OS may use a different method for that calculation, but in general it is calculated as a function of the current time. The method has to be random enough so that the sequence numbers cannot be predicted.

    Concerning the ending of a TCP session, the initiator is responsible for sending a TCP segment with the FIN flag set in the header. This indicates to the receiver that the initiator is requesting to end the session. The receiver responds with the ACK flag set in the header. Next, the receiver responds with a FIN flag and the initiator responds with an ACK. The session is ended. Take a look at the following image that depicts this process.


    I hope this was useful for you!


  3. Hello Samuel.

    Concerning your questions about sequence numbers:

    I want to know if the last sequence number of the three way handshake is the same after the hanshake?

    The quick answer is yes. Now for more detail. When a TCP session begins, a sequence number is chosen to begin the handshake. This very first sequence number is random. (However, if you look at the sequence numbers portrayed in Wireshark, you'll see that it starts at 1. This is the RELATIVE sequence number, as it states in Wireshark. It is displayed in this way for simplicity.) Once the handshake is over and data is being sent, the sequence numbers that are used are in succession to the initial sequence numbers chosen during the handshake.

    It only adds 1 when handshaking, but not during data transfer?

    Yes, during the handshake, the ACK number that is returned by the second party is the original Sequence number plus 1. This is done to identify that this ACK is in response to the specific SYN request that started the handshake. So, during the handshake, the purpose of adding 1 is to indicate which request the acknowledgement is a response to.

    Once the handshake is complete, the sequence and acknowledgement numbers have a different purpose. They are no longer incremented sequentially, but they are incremented based on the number of bytes the host is expecting to receive before needing to send the next set of data. This functionality is part of a mechanism called Windowing or Window Scaling which Rene explains here: https://networklessons.com/cisco/ccna-routing-switching/tcp-window-size-scaling/

    This mechanism with the sequence and acknowledgement numbers can be more clearly understood in the diagram I have attached to this post.

    I hope this has been helpful for you!


  4. ٍVery good explanation, it helped me a lot thanks....

    In the lecture of TCP in class the professor did something like in the picture that i attached is this correct or i miswrote the diagram?

30 more replies! Ask a question or join the discussion by visiting our Community Forum