tcp connection and stream flow question
Clash Royale CLAN TAG#URR8PPP
Could anyone explain the main principe of tcp flow when making a session ?
I have take a tcp dump when i'm trying to browse a site. when I analyse the packet by wireshark, i have found many Three way handshake process for one site browse. is that considere as normal ? below the flow :
1-[SYN], 2-[SYN,ACK],3-[ACK], 4-GET/HTTP/1.1 , 5-HTTP/1.1 301 Moved Permanently (text/html), 6-[ACK],7-[ACK],8-[TCP DUP ACK6#1], 9-[SYN],10-[SYN,ACK], 11-[ACK], 12-Client Hello, 13-[ACK]
tcp protocol-theory wireshark transport-protocol tcpdump
add a comment |
Could anyone explain the main principe of tcp flow when making a session ?
I have take a tcp dump when i'm trying to browse a site. when I analyse the packet by wireshark, i have found many Three way handshake process for one site browse. is that considere as normal ? below the flow :
1-[SYN], 2-[SYN,ACK],3-[ACK], 4-GET/HTTP/1.1 , 5-HTTP/1.1 301 Moved Permanently (text/html), 6-[ACK],7-[ACK],8-[TCP DUP ACK6#1], 9-[SYN],10-[SYN,ACK], 11-[ACK], 12-Client Hello, 13-[ACK]
tcp protocol-theory wireshark transport-protocol tcpdump
2
The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
– jcaron
Dec 11 at 22:51
@jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
– R. Mami
Dec 13 at 13:08
1
There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
– jcaron
Dec 13 at 14:20
add a comment |
Could anyone explain the main principe of tcp flow when making a session ?
I have take a tcp dump when i'm trying to browse a site. when I analyse the packet by wireshark, i have found many Three way handshake process for one site browse. is that considere as normal ? below the flow :
1-[SYN], 2-[SYN,ACK],3-[ACK], 4-GET/HTTP/1.1 , 5-HTTP/1.1 301 Moved Permanently (text/html), 6-[ACK],7-[ACK],8-[TCP DUP ACK6#1], 9-[SYN],10-[SYN,ACK], 11-[ACK], 12-Client Hello, 13-[ACK]
tcp protocol-theory wireshark transport-protocol tcpdump
Could anyone explain the main principe of tcp flow when making a session ?
I have take a tcp dump when i'm trying to browse a site. when I analyse the packet by wireshark, i have found many Three way handshake process for one site browse. is that considere as normal ? below the flow :
1-[SYN], 2-[SYN,ACK],3-[ACK], 4-GET/HTTP/1.1 , 5-HTTP/1.1 301 Moved Permanently (text/html), 6-[ACK],7-[ACK],8-[TCP DUP ACK6#1], 9-[SYN],10-[SYN,ACK], 11-[ACK], 12-Client Hello, 13-[ACK]
tcp protocol-theory wireshark transport-protocol tcpdump
tcp protocol-theory wireshark transport-protocol tcpdump
edited Dec 11 at 14:17
Ron Maupin♦
61.7k1162115
61.7k1162115
asked Dec 11 at 14:09
R. Mami
415
415
2
The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
– jcaron
Dec 11 at 22:51
@jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
– R. Mami
Dec 13 at 13:08
1
There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
– jcaron
Dec 13 at 14:20
add a comment |
2
The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
– jcaron
Dec 11 at 22:51
@jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
– R. Mami
Dec 13 at 13:08
1
There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
– jcaron
Dec 13 at 14:20
2
2
The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
– jcaron
Dec 11 at 22:51
The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
– jcaron
Dec 11 at 22:51
@jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
– R. Mami
Dec 13 at 13:08
@jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
– R. Mami
Dec 13 at 13:08
1
1
There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
– jcaron
Dec 13 at 14:20
There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
– jcaron
Dec 13 at 14:20
add a comment |
2 Answers
2
active
oldest
votes
The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.
If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "496"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55378%2ftcp-connection-and-stream-flow-question%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.
The answer to your question is yes, it's normal. Modern web sites use multiple TCP streams to build the web page you see in your browser. Text and images can be downloaded concurrently, making the page load faster. Also, as you may notice, a single "page" may have components download from many different servers.
answered Dec 11 at 14:17
Ron Trunk
34.1k23171
34.1k23171
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.
If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.
If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.
If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.
A browser may open multiple TCP connections in order to simultaneously load different parts of a web page. Each TCP connection will need to run through the full TCP handshake process because it is a separate connection.
If you look closely, you will see different source ports on each connection. A connection is identified by a pair of sockets (source and destination), each socket consisting of the IP and TCP addresses. If you change even one of the four values (source or destination IP or TCP addresses), then it is a different TCP connection, and the connection must be initialized.
edited Dec 11 at 14:26
answered Dec 11 at 14:17
Ron Maupin♦
61.7k1162115
61.7k1162115
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
that's very clear, thank you for the help
– R. Mami
Dec 11 at 14:23
add a comment |
Thanks for contributing an answer to Network Engineering Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55378%2ftcp-connection-and-stream-flow-question%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
The fact the the second TCP handshake then moves on to "Client Hello" makes me thing that you actually switched to a different protocol. The first HTTP request (and TCP connection) resulted in an HTTP redirect, which was probably an HTTP to HTTPS redirect, and then a new connection (HTTP over TLS over TCP) was opened on a different port, am I correct?
– jcaron
Dec 11 at 22:51
@jcaron, In this case yes, i think so too,the second TCP handshake here is a process for the switching to a different protocol (HTTP to TLSv1.2) but for the third,... there 're multiple TCP connection open to load other TCP stream content
– R. Mami
Dec 13 at 13:08
1
There are only 2 TCP connections in the data you provided above. Without more detailed logs, difficult to tell you more.
– jcaron
Dec 13 at 14:20