quote of the day, brian mcgahan…

i’m glad i found this quote: http://blog.ine.com/tag/access-lists/

it has restored my faith…

When a TCP client attempts to establish a connection to a TCP server it first sends a TCP SYN packet to the server with the destination port as the well known port. This first SYN essentially is a request to open a session. If the server permits the session it will respond with a TCP SYN ACK saying that it acknowledges the request to open the session, and that it also wants to open the session. In this SYN ACK response the server uses the well known port as the source port, and a randomly negotiated destination port. The last step of the three way handshake is the client responding to the server with a TCP ACK, which acknowledges the server’s response and completes the connection establishment.

why? this is obvious stuff… however, on brian’s ine videos he often mentions the three way handshake as syn ack, syn… that drives me crazy… i like to have as unshakable anything i can possibly get my hands on… one of those things is, syn, syn ack, ack… SYN, SYN ACK, ACK…

wireshark agrees:

synack