Understanding TCP 3-Way Handshake Process

TCP (Transfer control protocol) is used at the data transmission layer of the OSI model in connection-oriented networks. TCP provides a secure and reliable link between two systems. Connection-oriented protocols provide a handshake mechanism between two systems and are responsible for connection opening at start, data flow during the connection and closure of connection post successful data transfer. Reliability of connection-oriented processes makes TCP so popular and it is widely used across networks. 

In today’s topic we will learn about Transfer control (TCP) protocol, how being a connection-oriented protocol helps to establish secure and reliable connections, and how TCP 3-day handshake process works?

TCP Header

To understand the 3-way handshake process end to end let’s understand the TCP header structure.

The header of TCP ranges from 20 – 60 bytes. 40 bytes is for options and padding. If there are no options and padding then the header is 20 bytes. The fields in the header are:

• Source port address – is 16 bits and holds the port address of application sending data segment.
• Destination port address – is 16 bits and holds the port address of the application receiving the data segment. 
• Sequence number – is 32 bit and hold sequence number used in reassembling the message at receiving end, which are received out of order
• Acknowledgement number – is 32 bit and holds acknowledgement. It is ack of previous bytes received successfully
• Header length (HLEN) is 4 bit and indicates length of TC header 
• Control flags – are 6 in number 1 bit which controls connection establishment, connection termination and connection abortion, mode of transfer and flow control etc.
• URG – urgent pointer is valid 
• ACK- acknowledgement number is valid
• PSH – Request to push
• RST – Connection reset 
• SYN – Synchronize sequence number
• FIN – Connection termination 
• Window size – is size of window sending TCP bytes
• Checksum – is used for error control and mandatory here
• Urgent pointer – is used to point to data that is urgently required which needs to reach the receiving process urgently. 

What is TCP 3-Way Handshake  

TCP 3-way handshake establishes a reliable connection between two communicating entities over a network using TCP/IP. It involves three steps to ensure this – 

Step 1: SYN (Synchronize)

• The client initiates the connection by sending a SYN (synchronize) packet to the server.
• This packet contains an initial sequence number (ISN), which is a randomly generated number used for tracking the connection.
• The client transitions to the SYN-SENT state.

Step 2: SYN-ACK (Synchronize-Acknowledge)

• The server responds with a SYN-ACK packet, which includes:
• Its own randomly generated ISN.
• An acknowledgment (ACK) number, which is the client’s ISN + 1.
• The server transitions to the SYN-RECEIVED state.

Step 3: ACK (Acknowledge)

• The client sends an ACK packet back to the server, confirming receipt of the server’s SYN-ACK.
• The acknowledgment number is set to the server’s ISN + 1.
• Both client and server transition to the ESTABLISHED state, allowing data transfer to begin.

During the process of handshake client and server exchange receive initial sequence numbers to confirm connection establishment. The secure and reliable connection helps in reserving the CPU, buffer, and bandwidth of systems so they can communicate without a glitch. 

Related FAQs

1. What happens if a packet is lost during the handshake?

If a packet (SYN, SYN-ACK, or ACK) is lost:

• The sender retries sending the packet after a timeout.
• If repeated attempts fail, the connection is not established.

2. What is the difference between SYN and SYN-ACK?

• SYN: Sent by the client to initiate a connection and includes its initial sequence number (ISN).
• SYN-ACK: Sent by the server in response to the SYN, containing its own ISN and acknowledging the client’s ISN.

3. Can a TCP connection be established without a three-way handshake?

No, TCP requires the three-way handshake to ensure reliability and synchronization before exchanging data.

4. What happens after the three-way handshake?

Once the handshake is complete, both the client and server enter the ESTABLISHED state, allowing them to start sending and receiving data.

5. How does TCP close a connection after data transfer?

TCP uses a four-way handshake (FIN-ACK-FIN-ACK) to gracefully terminate the connection.

6. What is a half-open connection?

A half-open connection occurs when one side closes the connection, but the other side remains open due to network failures or crashes.

7. How does SYN flooding attack exploit the three-way handshake?

In a SYN flooding attack:

• The attacker sends multiple SYN requests but never responds with an ACK after receiving SYN-ACK.
• The server keeps waiting, leading to resource exhaustion (Denial of Service – DoS).
• Protection methods include SYN cookies and rate limiting.

8. What is an ISN (Initial Sequence Number) in TCP?

An ISN is a randomly generated number assigned by each device during the handshake to track data packets and ensure security.

9. Is the three-way handshake used in UDP?

No, UDP (User Datagram Protocol) is connectionless and does not use a handshake process like TCP.

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)