TCP 3-way Handshake Process

TCP (Transmission Control Protocol) is “a Connection Oriented Transport Layer (Layer4) protocol for reliable communication between network devices”

TCPv4 was published in RFC-793 in 1981 and is still the current version. TCP is a connection oriented full-featured transport layer protocol that provides all the functions needed by a typical application for the reliable transportation of data across an internetwork. TCP is a host-to-host protocol. TCP provides reliable communication with a mechanism called Positive Acknowledgement with Re-transmission(PAR) employing the 3-way Handshake.

 

3-way Handshake Process

TCP uses a process called 3-way Handshake for reliable communication. In 3-way Handshake process, three TCP segments are exchanged between the sender and the receiver to establish a reliable connection. These are called SYN, SYN-ACK and ACK.

TCP 3-way handshake process - ATech Waqas Karim

Step1 (SYN): In the first step, client wants to establish a connection with server, so it sends a segment with SYN (Synchronize Sequence Number). This informs server that client is likely to start communication and with what sequence number it starts segments with.

Step2 (SYN + ACK): In the second step, Server responds to the client request with SYN-ACK signal bits set. Acknowledgement(ACK) signifies the response of segment it received and SYN signifies with what sequence number it is likely to start the segments with.

Step3 (ACK): In the last step, client acknowledges the response of server by ACK message. Status on both sides change to ESTABLISHED and both get ready to start the actual data transfer.

The steps 1 and 2 establish the connection parameter (seq nos.) for one direction and it is acknowledged. The steps 2 and 3 establish the connection parameter (seq nos.) for the other direction and it is acknowledged. After the whole process, a full-duplex communication is established. ISN (Initial Sequence Numbers) are randomly selected while establishing connections between client and server. Below is the simplified view of TCP 3-way handshake process:

Any device using this 3-way Handshake process resends the data unit until it receives an acknowledgement. Transport Layer checks the data with checksum functionality for Error Detection at the receiver side. If the data unit received at the receiver’s end is damaged, then receiver discards the segment. So, the sender has to resend the data unit for which positive acknowledgement is not received.

TCP allows one side/device to establish a connection. The other side/device may either accept the connection or refuse it. The device that is establishing/requesting the connection is called client and the side waiting for a connection is called server. TCP uses virtual ports to create a virtual end-to-end connection that can reuse the physical connections between two computers. TCP is encapsulated within the data field of IP datagrams and TCP encapsulates higher level protocol data such as Network Mgmt (SNM), HTTP (web), SMTP (email) and many other protocols.

 

TCP Open Call Types

TCP identifies two types of OPEN calls which are Active OPEN and Passive OPEN calls as in below:

  1. Active OPEN: In an Active Open call a device using TCP takes the active role and initiates the connection by sending a TCP SYN message to start the connection. The Device in Active OPEN state is called Client
  2. Passive OPEN: In passive OPEN state, device is waiting for an active OPEN from other. It does not generate any TCP message segment. The Device in Passive OPEN state is called Server

 

TCP Message Types

There are four types of message that control transitions between states during TCP 3-way Handshake process. SYNchronize and ACKnowledge messages are indicated by a either the SYN bit, or the ACK bit inside the TCP header, and the SYN-ACK message has both the SYN and the ACK bits turned on (set to 1) in the TCP header.

TCP/IP Model

 

TCP States

There are 6 types of TCP states during the 3-way handshake process which are called CLOSED, LISTEN, SYN-SENT, SYN-ACK SENT, SYN RCVD and ESTABLISHED. Below table lists the detail of each state:

TCP/IP Model

After the Three-way handshake, the connection is open and the participant computers start sending data using the agreed sequence and acknowledge numbers

 

TCP Complete Data Transfer Process

TCP Data Transfer process completes in three phases as in below:

Phase1: In first Phase, Three-way handshake is completed so that sender & receiver can know each other & build the trust relationship.

Phase2: After the first phase, the connection is opened and the participant devices start sending data using the agreed sequence and acknowledge numbers that they have agreed upon in phase1

Phase3: Once all Data transfer is completed, the connection is terminated using the FIN flags from both sides.

This whole setup and teardown of a TCP socket connection is part of what qualifies TCP a reliable protocol. TCP also acknowledges that data is successfully received and guarantees the data is reassembled in the correct order. Below is the detailed overview of TCP processes showing all three Phases.

TCP 3-way handshake process - ATech Waqas Karim

 

TCP 3-way Handshake Example with Packet Tracer

Below is a Wireshark capture which shows detailed packets exchanges that happen between a Client and Server during TCP handshake, Data Transfer & Connection Termination phases:

TCP 3-way handshake process - ATech Waqas Karim

 

Written by 

Waqas Karim is a seasoned Network Expert … Geek. He is the founder of ATech. ATech was started for learning & sharing. Over time the platform has grown to include other resources which continue to attract fellow networkers. Today it sees upward trend of a hundred thousand visitors per month, scattered all over the globe. His specialty is networking, but his interest & expertise spans from traditional IT to Network Security including Programming, Virtualization, Service Provider & so on... no matter the badge on the box. He is CCIE Certified (CCIE#56732) in addition to below badges: Telecom Engineer (BE) + CCIE-RS (CCIE#56732) + Huawei Certified (HW#706632) + MBA Microsoft Certified MCITP, MCSE#109*26, CCNP-Sec, CCNP-SP, CCNA-DC, CompTIA Security+, Nokia NRS-I, JNCIA, ITIL Certified (ITIL#*6373), CEH (Certified Ethical Hacker).

avatar
  Subscribe  
Notify of