TCP Three-way handshake - 101

Overview

The Transmission Control Protocol (TCP) is a protocol used for transmitting data between network-enabled devices. The TCP 3-way handshake is a process used to establish a reliable connection between two devices.

Imagine you want to send a message to your friend on the other side of a river. Your friend is waiting on the other side with a paper and pen, ready to write down your message.

But there's a problem - you can't just yell your message across the river, because the river is too loud and noisy. You need to find a way to make sure your friend can hear you clearly and you can be sure that your friend is ready to receive your message.

So what do you do? You come up with a system called the "3-way handshake" to make sure your message gets through.

Here's how it works (Explain like I'm 10)

  1. You shout across the river to your friend, "Hey, are you there? Can you hear me?"
  2. Your friend shouts back, "Yes, I'm here! I can hear you!"
  3. You shout back, "Great! I'm about to send you a message. Are you ready to receive it?"
  4. Your friend shouts back, "Yes, I'm ready! Send me your message!"

Now you can send your message across the river, knowing that your friend is ready and waiting to receive it. And your friend can write down your message, knowing that you've confirmed that they're ready to receive it.

That's basically what the TCP 3-way handshake does. It's a way for two systems to establish a reliable connection with each other and make sure that they're both ready to send and receive data. By doing this handshake, they can avoid errors and make sure that the data is transmitted correctly.

In this blog post, we will go through the TCP 3-way handshake process and its three steps: SYN, SYN-ACK, and ACK.

To demonstrate with an example, I have captured the traffic between the client PC and a web server (example.net/93.184.216.34) using Wireshark.

SYN

The first step in the TCP 3-way handshake is the SYN (Synchronize) packet. This packet is sent by the client to the server to initiate a connection. The SYN packet contains a random sequence number that is used to synchronize the sequence numbers between the two devices. This sequence number is used to ensure that the data is received in the correct order.

The client 10.44.124.5 wants to initiate a connection to the server 93.184.216.34. So, the client sends a packet with a SYN bit set. SYN flag announces an attempt to open a connection.

If you look at the TCP header, the source port is randomly selected by Windows and the destination is well-known port 80. The length of the data is zero because this is an SYN packet and no data is transmitted in this stage.

If you look at the sequence number, the value is set to zero by Wireshark. The actual value would be a 32-bit randomly selected number which we humans will find hard to keep up with.

From the screenshot below, you can see the actual SEQ number from the client is 1932704549

SYN-ACK

The second step in the TCP 3-way handshake is the SYN-ACK (Synchronize-Acknowledge) packet. This packet is sent by the server to the client to acknowledge the request and to confirm that it is ready to establish a connection.

The SYN-ACK packet contains the same sequence number as the SYN packet and also includes an acknowledgement number that is one greater than the sequence number in the SYN packet.

ACK

The final step in the TCP 3-way handshake is the ACK (Acknowledge) packet. This packet is sent by the client to the server to confirm that it has received the SYN-ACK packet. The ACK packet contains the acknowledgement number that was sent in the SYN-ACK packet, which is one greater than the sequence number in the SYN packet.

Once the ACK packet is received by the server, the connection is established and both devices can start transmitting data. The sequence and acknowledgement numbers are used to ensure that the data is received in the correct order and to detect any lost or duplicate packets.

Closing Thoughts

In summary, the TCP 3-way handshake is a process used to establish a reliable connection between two devices. The three steps in the handshake are SYN, SYN-ACK, and ACK. The sequence and acknowledgement numbers are used to synchronize the sequence numbers between the two devices and to ensure that the data is received in the correct order.