TCP 3-Way Handshake Explained with Wireshark Captures
TCP (Transmission Control Protocol) is a connection-oriented protocol that ensures reliable communication between peer over a network.
Before data can be exchanged, TCP establishes a connection between the client and server using a three-way handshake:
- SYN (Synchronize): Client sends a SYN packet to initiate communication. It includes an initial sequence number (X).
- SYN-ACK (Synchronize-Acknowledge): Server responds with both a SYN and ACK, confirming receipt and sending its own sequence number (Y).
- ACK (Acknowledge): Client acknowledges receipt, sending ACK = Y+1, finalizing the handshake.
Let’s better look at an example in a diagram along with a wireshark capture for illustration:

Contents
1- SYN
- The client initiates the connection by sending a SYN (synchronize) packet to the server.
- The client is basically telling the server, “I want to establish a connection. My initial sequence number is 0.”

2- SYN, ACK
- The server acknowledges the client’s request and sends back a SYN-ACK (synchronize-acknowledge) packet.
- The server is basically responding: “I received your SYN. My sequence number is 0, and I’m acknowledging your sequence is 1.”

3- ACK
- The client receives the SYN, ACK and sends an ACK (acknowledge) packet to establish the connection.
- In other words, the client telling, “I received your SYN-ACK. Let’s start communicating!”

Once this handshake is completed, we can say that TCP session is now Established and both parties can start exchanging data.