tcp connection and stream flow question

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












2














Could anyone explain the main principe of tcp flow when making a session ?



I have take a tcp dump when i'm trying to browse a site. when I analyse the packet by wireshark, i have found many Three way handshake process for one site browse. is that considere as normal ? below the flow :



1-[SYN], 2-[SYN,ACK],3-[ACK], 4-GET/HTTP/1.1 , 5-HTTP/1.1 301 Moved Permanently (text/html), 6-[ACK],7-[ACK],8-[TCP DUP ACK6#1], 9-[SYN],10-[SYN,ACK], 11-[ACK], 12-Client Hello, 13-[ACK]










share|improve this question



















  • 2




    The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
    – jcaron
    Dec 11 at 22:51










  • @jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
    – R. Mami
    Dec 13 at 13:08







  • 1




    There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
    – jcaron
    Dec 13 at 14:20















2














Could anyone explain the main principe of tcp flow when making a session ?



I have take a tcp dump when i'm trying to browse a site. when I analyse the packet by wireshark, i have found many Three way handshake process for one site browse. is that considere as normal ? below the flow :



1-[SYN], 2-[SYN,ACK],3-[ACK], 4-GET/HTTP/1.1 , 5-HTTP/1.1 301 Moved Permanently (text/html), 6-[ACK],7-[ACK],8-[TCP DUP ACK6#1], 9-[SYN],10-[SYN,ACK], 11-[ACK], 12-Client Hello, 13-[ACK]










share|improve this question



















  • 2




    The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
    – jcaron
    Dec 11 at 22:51










  • @jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
    – R. Mami
    Dec 13 at 13:08







  • 1




    There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
    – jcaron
    Dec 13 at 14:20













2












2








2







Could anyone explain the main principe of tcp flow when making a session ?



I have take a tcp dump when i'm trying to browse a site. when I analyse the packet by wireshark, i have found many Three way handshake process for one site browse. is that considere as normal ? below the flow :



1-[SYN], 2-[SYN,ACK],3-[ACK], 4-GET/HTTP/1.1 , 5-HTTP/1.1 301 Moved Permanently (text/html), 6-[ACK],7-[ACK],8-[TCP DUP ACK6#1], 9-[SYN],10-[SYN,ACK], 11-[ACK], 12-Client Hello, 13-[ACK]










share|improve this question















Could anyone explain the main principe of tcp flow when making a session ?



I have take a tcp dump when i'm trying to browse a site. when I analyse the packet by wireshark, i have found many Three way handshake process for one site browse. is that considere as normal ? below the flow :



1-[SYN], 2-[SYN,ACK],3-[ACK], 4-GET/HTTP/1.1 , 5-HTTP/1.1 301 Moved Permanently (text/html), 6-[ACK],7-[ACK],8-[TCP DUP ACK6#1], 9-[SYN],10-[SYN,ACK], 11-[ACK], 12-Client Hello, 13-[ACK]







tcp protocol-theory wireshark transport-protocol tcpdump






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 11 at 14:17









Ron Maupin

61.7k1162115




61.7k1162115










asked Dec 11 at 14:09









R. Mami

415




415







  • 2




    The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
    – jcaron
    Dec 11 at 22:51










  • @jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
    – R. Mami
    Dec 13 at 13:08







  • 1




    There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
    – jcaron
    Dec 13 at 14:20












  • 2




    The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
    – jcaron
    Dec 11 at 22:51










  • @jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
    – R. Mami
    Dec 13 at 13:08







  • 1




    There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
    – jcaron
    Dec 13 at 14:20







2




2




The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
– jcaron
Dec 11 at 22:51




The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
– jcaron
Dec 11 at 22:51












@jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
– R. Mami
Dec 13 at 13:08





@jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
– R. Mami
Dec 13 at 13:08





1




1




There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
– jcaron
Dec 13 at 14:20




There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
– jcaron
Dec 13 at 14:20










2 Answers
2






active

oldest

votes


















3














The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.






share|improve this answer




















  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23


















3














A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.



If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.






share|improve this answer






















  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23










Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "496"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55378%2ftcp-connection-and-stream-flow-question%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.






share|improve this answer




















  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23















3














The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.






share|improve this answer




















  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23













3












3








3






The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.






share|improve this answer












The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 11 at 14:17









Ron Trunk

34.1k23171




34.1k23171











  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23
















  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23















that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23




that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23











3














A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.



If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.






share|improve this answer






















  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23















3














A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.



If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.






share|improve this answer






















  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23













3












3








3






A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.



If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.






share|improve this answer














A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.



If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.







share|improve this answer














share|improve this answer



share|improve this answer








edited Dec 11 at 14:26

























answered Dec 11 at 14:17









Ron Maupin

61.7k1162115




61.7k1162115











  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23
















  • that's very clear, thank you for the help
    – R. Mami
    Dec 11 at 14:23















that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23




that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23

















draft saved

draft discarded
















































Thanks for contributing an answer to Network Engineering Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55378%2ftcp-connection-and-stream-flow-question%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown






Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?