TCP 3-Way Handshake Explained with Wireshark Captures

TCP (Transmission Control Protocol) is a connection-oriented protocol that ensures reliable communication between peer over a network.

Before data can be exchanged, TCP establishes a connection between the client and server using a three-way handshake:

  • SYN (Synchronize): Client sends a SYN packet to initiate communication. It includes an initial sequence number (X).
  • SYN-ACK (Synchronize-Acknowledge): Server responds with both a SYN and ACK, confirming receipt and sending its own sequence number (Y).
  • ACK (Acknowledge): Client acknowledges receipt, sending ACK = Y+1, finalizing the handshake.


Let’s better look at an example in a diagram along with a wireshark capture for illustration:



1- SYN

  • The client initiates the connection by sending a SYN (synchronize) packet to the server.
  • The client is basically telling the server, “I want to establish a connection. My initial sequence number is 0.”


2- SYN, ACK

  • The server acknowledges the client’s request and sends back a SYN-ACK (synchronize-acknowledge) packet.
  • The server is basically responding: “I received your SYN. My sequence number is 0, and I’m acknowledging your sequence is 1.”


3- ACK

  • The client receives the SYN, ACK and sends an ACK (acknowledge) packet to establish the connection.
  • In other words, the client telling, “I received your SYN-ACK. Let’s start communicating!”


Once this handshake is completed, we can say that TCP session is now Established and both parties can start exchanging data.

Bilel Ameur

Enthusiastic Network Engineer specializing in Cisco ACI, passionate about solving challenges. A lifelong learner who loves gaining and sharing knowledge. Profile: https://www.linkedin.com/in/bilel-ameur-71116b2b5
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x