A TCP connection is established with
a three-way handshake. Several Unix vendors have had to patch their
releases to protect against a "SYN-SYN/ACK denial-of-service" attack,
which is just pretending to open up many connections and never using
them. I just mention this FYI.
The computer is assumed to be already set up to listen for an
incoming TCP connection. Solaris does this by listening for
connections via inetd. The file /etc/inet/inetd.conf controls
the daemons it listens for, and what program is launched when a
connection attempt is made.
1) The client issues an "active open"
by calling connect. This causes the client to issue a TCP
SYN segment. The SYN contains an initial sequence number for the
client. This will be the "port" that the client is willing to
talk to the server on. The destination port number it sends
to on the server right now is known as a "well-known port number".
That would be port 80 for http, port 21 for FTP, port 23 for
TELNET, and port 25 for SMTP.
2) The server responds by sending a SYN/ACK packet. The packet contains
the initial sequence number of the client and an initial sequence number
the server will open a port on.
3) The client acknowledges the server's SYN. The channel is now