TCP 3-Way Handshake

All TCP-based communication must begin with a handshake between two hosts.  This handshake process serves a few different purposes:

• It allows the transmitting host to ensure that the destination host is up and able to communicate.
• It lets the transmitting host check that it is listening on the port on which the source is attempting to communicate.
• It allows the transmitting host to send its starting sequence number to the recipient so that both hosts can keep the stream of packets in proper sequence.

The TCP handshake occurs in three separate steps.  In the first step, the device that wants to communicate (Host A) sends a TCP packet to its target (Host B).  This initial packet contains no data other than the lower-layer protocol headers.  The TCP header in this packet has the SYN flag set and includes the initial sequence number and maximum segment size (MSS) that will be used for the communication process.  Host B responds to this packet by sending a similar packet with the SYN and the ACK flags set, along with its initial sequence number.  Finally, Host A sends one last packet to Host B with only the ACK flag set.  Once this process is completed, both devices should have all the information they need to begin communicating with each other.

When it is time to bid goodbye, the handshake that occurs is called a teardown.  The TCP teardown is used to gradually end a connection between two devices after they have finished communicating.  This process involves four packets, and it utilizes the FIN flag to signify the end of a connection.

In a teardown sequence, Host A tells Host B that it is finished communicating by sending a TCP packet with the FIN and ACK flags set.  Host B responds with an ACK packet, ending the communication process.

In an ideal world, every communication would end gracefully with a TCP teardown.  In reality, connections often end abruptly.  For example, this may happen due to a potential attacker performing a port scan or simply a misconfigured host or if the user interrupts the connection by pressing Ctrl C.  In these cases, a TCP packet with the RST flag set is used.  The RST flag is used to indicate a connection was closed abruptly or to refuse a connection attempt.

The TCP 3-way handshake is the method used by TCP to set up a TCP/IP connection over an IP based network. TCP's 3-way handshake is often referred to as SYN, SYN-ACK, ACK because there are three messages transmitted by TCP to negotiate and start a TCP session between two computers. The TCP handshaking mechanism is designed so that two computers attempting to communicate can negotiate the parameters of the network TCP socket connection before transmitting data such as SSH or HTTP web browser requests. This 3-way handshake process is also designed so that both ends can initiate and negotiate separate TCP socket connections at the same time. Being able to negotiate multiple TCP socket connections in both directions simultaneously allows a single physical network interface to be multiplexed to transfer multiple streams of TCP data all at the same time.