What happens on this typical http request?

I am using Wireshark to look at all packet exchanges between my client computer and a webserver.

I am just connecting to a server that gives me a 403 error (just as an example). The packets I understand are the 2 HTTP packets. But there are 5 packets that are TCP ones.

(the xxx.xx.x.x ip address represents the web server, for better clarity in the code below)

What are those TCP packets exactly and what's the purpose of each of them?

Thanks a lot

Here are the packets in chronological order:

 Number   Time      Source         Destination  Protocol   Info
 1        0.000     192.168.0.3    xxx.xx.x.x     TCP      50250 > http [SYN]...
 2        0.0261    xxx.xx.x.x     192.168.0.3    TCP      http  > 50250 [SYN]...
 3        0.0265    192.168.0.3    xxx.xx.x.x     TCP      50250 > http [ACK]...
 4        0.0267    192.168.0.3    xxx.xx.x.x     HTTP     GET/ HTTP/1.1
 5        0.0547    xxx.xx.x.x     192.168.0.3    TCP      http > 50250 [ACK]...
 6        0.0588    xxx.xx.x.x     192.168.0.3    HTTP     HTTP/1.1 403 Forbidden
 7        0.0589    192.168.0.3    xxx.xx.x.x     TCP      50250 > http [ACK]...

Solution 1:

The first 3 are your standard TCPIP 3-way handshake.

The next is the client's HTTP GET request

The next 2 are the server acknowledging the request, and returning an HTTP 403 response code - the server is configured to prevent access to the URL requested for some reason.

The next is the client acknowledging the server's response.

Solution 2:

The first three TCP segments are the "three way handshake" that TCP uses between hosts to negogiate and establish a connection. SYN-->, <--SYN ACK, -->ACK

The other TCP segments are standard TCP ACKnowledgements of TCP segments recieved by the host sending the ACKnowledgement.

Here's a link to the TCP/IP bible:

http://www.amazon.com/TCP-IP-Illustrated-Volume-Set/dp/0201776316