Example image download - Summary table of a client requesting an image
Source: https://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/
Sequence and ack numbers shown here are relative. “When a host initiates a TCP session, its initial sequence number is effectively random; it may be any value between 0 and 4,294,967,295, inclusive. However, protocol analyzers like Wireshark will typically display relative sequence and acknowledgement numbers in place of the actual values. These numbers are relative to the initial sequence number of that stream.”
| Packet Nr | Direction | Seq Nr | Ack Nr | Payload Len | Flags | Notes |
|---|---|---|---|---|---|---|
| 1 | -> (client) | 0 | 0 | 0 | SYN | Client initiates connection to server |
| 2 | <- (server) | 0 | 1 | 0 | SYN, ACK | Server ACKs client request and requests a connection as well. Ack nr increased to acknowledget client’s SYN |
| 3 | -> | 1 | 1 | 0 | ACK | Client increases its own seq nr by 1 to due to last syn sent (seq nr is equal to last ack if all goes well in connection and ack’s server’s SYN) |
| 4 | -> | 1 | 1 | 725 | PSH, ACK | Client sends HTTP header GET /image.png. Sets the PSH/Push flag so that the server kernerl won’t buffer the bytes and instead send them directly to the userland application |
| 5 | <- | 1 | 726 = 1 + 725 | 0 | ACK | Server acks client download request. Ack number is the previous ack number + the last received payload length |
| 6 | <- | 1 | 726 | 1448 | ACK | Download starts/server starts sending data |
| 7 | -> | 726 | 1449 | 0 | ACK | Client acks previous packet (1+1448=1449) |
| 8 | <- | 1449 | 726 | 1448 | ACK | Server continues download |
| 9 | -> | 726 | 2897 | 0 | ACK | Client acks previous packet (1449+1448=2897) |
| .. | ||||||
| 36 | <- | 21721 | 726 | 1230 | PSH,ACK | Server sends the final `HTTP/1.1 200 OK`. PSH so the client’s kernel won’t buffer and push the bytes downstream to the client app |
| 37 | -> | 726 | 22951 (21721+1230) | 0 | ACK | |
| 38 | -> | 726 | 22951 | 0 | FIN, ACK | Client says it wants to close the connection (since the server has said it has finished sending the msg by using HTTP 200 OK) |
| 39 | <- | 22951 | 727 | 1230 | FIN,ACK | Server acks client’s FIN request and sends a FIN of his own. the clien’ts FIN increases the ack by 1 (726+1) |
| 40 | -> | 727 | 22951 | 0 | ACK | Clients acks the server’s FIN. Both sides have ack’ed the other’s FIN. Connection ends here. |