TCP Three-Way Handshake Packet Breakdown
Understand the TCP three-way handshake through interactive visualization, and inspect the packet structure of SYN, SYN-ACK, and ACK.
What is the TCP three-way handshake?
TCP (Transmission Control Protocol) is a connection-oriented protocol. Before data can be transferred, both endpoints must establish a connection. The three-way handshake is the process that creates that connection.
Why is a three-way handshake needed?
- Confirm that both sides can send and receive data
- Synchronize initial sequence numbers
- Prevent stale connection requests from causing confusion
Step 1: SYN (Synchronize Sequence Numbers)
The client sends a SYN packet to the server to request a connection.
- Flags: SYN = 1
- Sequence number: randomly generated (seq = x)
Step 2: SYN-ACK (Synchronize-Acknowledge)
After receiving the SYN, the server replies with a SYN-ACK packet.
- Flags: SYN = 1, ACK = 1
- Acknowledgment number: ack = x + 1
- Sequence number: randomly generated (seq = y)
Step 3: ACK (Acknowledgment)
After receiving the SYN-ACK, the client sends an ACK packet to confirm.
- Flags: ACK = 1
- Acknowledgment number: ack = y + 1
- Sequence number: seq = x + 1
Try it in ByteLens
You can open the TCP protocol visualizer and enter your own packets for analysis.
Summary
The three-way handshake makes TCP connections reliable. Through this process, the client and server confirm each other's send and receive capabilities and synchronize their initial sequence numbers. It is the core mechanism behind TCP's connection-oriented behavior and provides a dependable foundation for later data transfer.