A: TCP Transport Ports

By certskills October 11, 2018 09:05

You might have missed this latest #CCNA question because configuring routers and switches does not reinforce the concepts required to answer this question. If you do want to do some labbing to learn more, download Wireshark (or some other network analyzer) and capture the messages that your computer sends and receives when it connects to a website today. Check out the question first and come back here for the answers.

The Answers:

C, E


Background: TCP Connection Establishment

When an application uses TCP, as is the case in the scenario for this question, the endpoints send a series of three messages. The messages set different TCP flags whose combinations identify the messages as part of the TCP connection establishment process. Figure 2 shows the sequence, but the first message has a SYN flag set, the second has both a SYN and ACK flag set, and the third has an ACK flag (but not SYN) flag set.

Figure 2: TCP Connection Setup for this Question

The question stem also gives us enough information to determine which well-known port the messages use. The question mentions a URL that begins with HTTPS, meaning it uses SSL. SSL uses well-known port 443. As you can see from the figure, the first and third messages in the TCP connection establishment flow go towards the server so that the destination port is 443 in that case.


Why the Answers are Right or Wrong

For this question, the background description reveals the two correct answers. The third message has an ACK flag (but not SYN flag), and flows towards the web server, with a destination port of 443.

The wrong answers all list a fact that is not true about that third message.

Q: TCP Transport Ports
Q: Config Process
By certskills October 11, 2018 09:05
Write a comment


  1. Marcelo October 1, 17:41

    Hi Mr Wendell, I want to say that all the contents of the book and the blog have been of great help in the process of pursuing the certification.
    Please, I would like you to help me with a question about the process of closing the tcp connection and releasing the sockets.
    Let’s say that I open one Chrome window to watch a youtube video and other window for a random web page. The sockets remain opened
    indefinitely, let’s say for example when the video has finished loading?, or is there an automatic inactivity timer that begins the process of sending the FIN segment?

    Reply to this comment
    • certskills Author October 2, 10:08

      I’d suggest downloading Wireshark, installing it, and doing a trace in which you do just that. You’ll see your computer close the TCP connections on their own. I haven’t researched all the why/wherefore details, but the application (eg a web browser) will often close the TCP connection by choice, either after completing the work, or after completing the work plus some timeout (eg, waiting for a minutes literally.) Also, note that most web pages today have content that exists on multiple web servers, eg, many web sites use Google Analytics to track usage. So when loading one web page, you’ll see TCP connections to multiple severs (eg, one to a Google Analytics service), often times with the TCP connection being closed after the work is done.
      Hope this helps.

      Reply to this comment
      • Marcelo October 4, 10:53

        Thanks a lot for this, the understanding of the process is now more clear to me. Please, help me with my last question, about the window in tcp connection and the advance ack, I have been puzzled with since I read that topic. The question is in the next commentary (Oct 2). Thanks in advance.

        Reply to this comment
  2. Marcelo October 2, 11:27

    In the first book, chapter 5, section “Flow control using windowing”, there is a part that says: “…if an acknowledgment is received before the window is exhausted, a new window begins, and the sender continues sending data until the current window is exhausted”.

    How can be possible that the sender receives the ACK for all of the bytes of the window, before that it finishes sending the window bytes, or maybe, as soon as it has sent the last bit of the data towards the other host? That is what I understand after reading the paragraph of the beginning, but it doesn’t make sense, because at the receiver side some of the frames could be discarded in L2, but the ACK for all the window was already sent to the sender.

    I hope you can help me clarifying this, thanks in advance.

    Reply to this comment
  3. certskills Author October 16, 10:24

    To answer the specifics to your question, I think the phrasing in the book says “If an acknowledgement is received”, not “If an acknowledgement is received for all the bytes”. I think you added the “for all the bytes”.
    EG, the sender has a window of 40,000 bytes, sending segments of 1000 bytes (just to make the math easy. If the first byte is sequence #1, the sender could send 40 such segments, seq # 1 – 40000 before stopping due to flow control. However, say around the time the sender sent #23, the sender received an ack for the first 10,000 bytes, with no change to the window size. The sender at that point could keep sending through byte 50000. That’s the point.

    Reply to this comment
  4. Stanley Gono December 27, 12:07

    Hi Wendell,
    I am studying for my CCNA certification, but I have come across some questions in the book with multiples correct answers when I am asked to pick less than the correct answer. For example, the questions will have 3 correct answers and I am only required to pick 2. How does one deal with question like that on the test. 200301-BOOK-v1-21-002 is one of such questions. I know that if R2 is neither the DR or BDR in the scenario given, then R1 is the DR, but when I pick this answer, I was marked wrong. I don’t quite remember the other question of this kind, but I have seen a few of those.

    Reply to this comment
    • certskills Author January 1, 15:36

      Hi Stanley,
      First, on that specific question, there are two correct answers, not three. The Vol 1 book and the electronic version in the testing engine both show it as having two correct answers, which is correct. So in this case it may be that you disagree and believe there are three correct answers. From your comments, I think if you refer to the explanation to the question, in the answers appendix (in the print book) or found via a link when you view the question in PTP, that should resolve the issue. Of note, you claim that R1 will be the DR, but the question stem notes that the link uses OSPF network type point-to-point, which means that no DR nor BDR will be used.

      On the real exam, they will tell you the number of correct answers to each multichoice question. You asked what to do if they ask for the “wrong” number of correct answers on the real exam. I’d say that to get the points, you must pick the number of correct answers that Cisco tells you to pick. But also, maybe read the question stem and answers again more carefully if that happens – it could be a case where you missed a fact, which is likely what happened when you read this question.

      Hope this helps,

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email