Header-Image_2083x875

The TCP Three-Way Handshake Explained  

10/02/2023
5 minutes

The Transmission Control Protocol/Internet Protocol (TCP/IP) is the most widely used internet connectivity protocol for enabling communication of data between computers across a computer network.  

TCP/IP, paired with Hypertext Transfer Protocol (HTTP), has revolutionized the way we do everyday things, allowing for information to be passed nearly instantaneously around the world. The internet as we know it (mostly in web browsers) is possible via the network connection created by something called the TCP three-way handshake. We go over how it all works in-depth in our free course Introduction to IT, but here’s an overview of the basics (which you’ll need to know if you want to get into web development).

Learn something new for free

Layers of TCP/IP 

The TCP/IP model is a four-layer protocol stack supporting computer networking and connections. It is an internet protocol that standardizes how data is processed, transmitted, and received.  
 
The model is divided into the following layers, each performing specific duties: 

  • Application layer: Interacts with software applications, allocates resources, and synchronizes communication.   
  • Transport layer: Transports data from the source to the receiver (and back, if necessary) and ensures the correct sequence of transmissions. 
  • Internet layer: Routes data packets between the different addresses on a computer network. 
  • Network Access layer: Explains how data should be transmitted throughout the network. 

The Transport layer is an interface for network applications that allows for error checking, flow control, and verification of communications. Data from an application program interface (at the Application layer) passes to the Transport layer and then to the Transmission Control Protocol (TCP). The protocol creates the connection between a client and server via the three-way handshake. 

  • A client is a computer requesting services from another computer on a network.  
  • A server is a computer offering services to other computers on a network. 

TCP Segments 

The Transmission Control Protocol (TCP) is a reliable connection-oriented protocol. A connection-oriented protocol begins, maintains/monitors, and ends a connection between two computers. 

TCP processes data via Stream-oriented Processing, which means that it accepts a byte of data at a time and formats it into segments. A segment is a data package encapsulating the entire Application layer message. If the data message arrives out of order, TCP can resequence the data to restore to the original order. 

A TCP connection is full-duplex, meaning data can flow independently in each direction (from client to server). The sending machine records status information to ensure delivery. Every data package sent across the network receives an acknowledgment from the receiving computer. A data segment is formatted into 13 distinct parts, as illustrated below.  
 

Source Port (16-bit) Port number of the application on the sending machine 
Destination Port (16-bit) Port number of the application on the receiving machine 
Sequence Number (32-bit) The byte number of the first byte of data in the TCP packet sent 
Acknowledgment Number (32-bit)  Acknowledges a received segment – the value +1 of the number the receiving computer expects to receive.  
Data Offset (4-bit) Tells receiving machine where the data begins 
Reserved (6-bit) Reserved for future development  
Control flags (1-bit each)  URG Urgent pointer field  ACK Acknowledgment  PSH Push all data to the receiving application  RST Reset connection  SYN Synchronization request (used to open a connection) FIN A sending computer has no more data to transmit (used to close connection)  
Window (16-bit)  The range of sequence numbers beyond the last acknowledged sequence number that the sending machine can transmit without further acknowledgment. (control flow) 
Checksum (16-bit) Checks for corruption in the datagram 
Urgent Pointer (16-bit) Urgent information point in sequence number  
Options Optional settings  
Padding Ensures 32-bit boundary 
Data Additional data being transmitted with the segment 

What is a TCP three-way handshake?  

A TCP connection is a graceful connection-oriented protocol to establish, maintain/monitor, and terminate network connections reliably between two computers. It’s accomplished by a sequence/acknowledgment system where the client and server synchronize their sequence numbers. A network connection is made between client and server in three steps (a.k.a. handshakes).  

Establishing a connection  

Step 1 

The client sends a segment to the server that includes: 

  • A SYN number to open the connection. 
  • An ACK number with information acknowledging a connection. 
  • The client’s ISN (initial sequence number).  

The SYN is a synchronization request, and the ACK states the current value of the acknowledgment sequence. If a connection is being made for the first time, then ACK starts at 0.  

Step 2  

The server receives the client’s segment. In response, the server acknowledges the client’s ISN by sending back an ACK with 1 added to its value. Additionally, a SYN request is sent from the server, along with its own ISN, back to the client. 

Step 3 

The client receives the server’s request for synchronization and responds with a segment that contains an ACK to acknowledge receipt of the server’s ISN, and the connection is established.  

Connection 

Once the TCP three-way handshake is made, the data segment is then passed to the Internet layer. At this layer, IP provides logical-addressing info, encloses data into a datagram, and provides routing to support delivery across the interconnected network. Finally, at the Network Access layer, which provides an interface, a datagram is received and formatted into a frame. The frame is then converted into a bitstream that is transmitted over the network.    

Terminating a connection 

Step 1 

The client sends a segment containing a FIN value set to 1. The client application then enters fin-wait state, which allows it to continue to receive and process segments in the queue. However, no additional data is transmitted.  

Step 2 

Then, the server sends ACK back to the client, which acknowledges receipt of the FIN, and sends any remaining segments.  

Step 3 

The server notifies the local application that a FIN segment has been received and then transmits FIN to the client, signaling the connection’s close. 

Step 4 

Once received, the client sends ACK to the server, acknowledging receipt of FIN, and gracefully closing the connection. 

In the context of the Web, the “clients” are web browsers that connect to web servers and present data in a predetermined format. The web server communicates using HTTP. After a TCP connection is made, the browser uses HTTP commands to request a web page URL, which ultimately results in what we see on the screen made with HTML/CSS and JavaScript.  

Want to learn more about how the web works? Check out our web development and IT courses for more info.

Related courses

6 courses

Related articles

4 articles