What is a TCP 3-Way Handshake ?

Hello guys! Welcome back to another blog on computer networking. In this blog, we will discuss TCP 3-way handshake.

I still remember the time when I was giving interviews for Wintel administrator jobs. One common question related to networking topics was often asked: Explain the working of the 3-way handshake. Believe me, I couldn’t even explain the first step when it was first asked. However, as I always recommend to all my students and friends going for interviews, no matter how the interview goes, take a pen and paper and write down all the questions that were asked just after the interview session. After a few interviews, you’ll find that you have a full-fledged question bank.

Sorry, it seems I went off-topic. So, after that particular interview, I learned about the 3-way handshake again. It has become one of my favorite discussions, not just in networking concepts, but also in the client-server model, be it in your cybersecurity training or CompTIA. It is a part of discussions in many fields of IT.

Let’s start by talking about a few concepts:

What is a computer Network?

Networking is a way of connecting two or more devices to establish communication between devices and allow them to share or exchange data. Computer networking primarily provides communication and collaboration facilities among the connected devices.

There are many networking devices and mediums that helps you to establish the communication between devices such as routers, switch, hubs, bridge, modem, NIC etc.

What is TCP protocol?

Let me start with the word protocol, A protocol is basically the set of rules to govern any particular process, therefore (Transmission Control Protocol) TCP is nothing but the set of rules and procedures to govern the communication between two devices.

It establishes the end-to-end connection between two devices, i.e., a receiver and a sender.
It is a secure, reliable, and connection-oriented protocol to help devices and applications exchange messages.
It is specifically designed to send the packets of messages and ensure they get delivered to the receiver’s end.

What is a Server and a Client?

A server is a computer that serves the requests coming from the client’s computer, and a client is a computer that requests a service from a server. The client is also called a workstation sometimes.

Is that a server or a client?

Here, an interesting question emerges: how can you say that a computer kept in your office is a server or a client machine? The answer is “it depends”. Many people think servers would look like a rack-mounted device, but it is unnecessary. What really differentiates a server and a workstation or a client is the operating system installed on that machine and what role it plays over the network.

If that system has Windows Server 2023 installed on it, you can say that it is a server; if it has Windows 10 or Windows 11 installed, it might be a client. However, one more thing to note is that computers with Windows 10 or 11 can also be a nondedicated server if you share your local printer with another network.

In a nutshell, DO NOT assume a computer’s role by simply looking at it instead inspect and understand what is installed on it and its role on the network.

What is TCP 3-way handshake?

Why handshake – To establish communication by exchanging information.

A three-way handshake is used in a TCP/IP network to connect a local host/client and server. The three-way handshake is a TCP/IP networking methodology to establish a secure and reliable connection between a client and a server before data transmission.
It is designed in such a way that it allows both communicating ends server and client to initiate and negotiate the parameters of TCP connection at the same time before the data like HTTP and SSH is transmitted.

Why is the TCP 3-way handshake important?

TCP 3-way handshake is so robust that it has become the default method of establishing connections and sharing data among devices over the network.

3-way handshake is a complete package with error checking, retransmission of missing and corrupt data, and many other features like having the capability of preserving performance even on connections that are not reliable.
It is reliable as it verifies that the server and client are synchronized and ready to start communication. This minimizes the probability of data loss and errors at the time of transmission.
At every step of this process, there is a step of acknowledgment that allows it to detect any issues in the connection setup.
Suppose any step of the handshake faces a delay or failure. In that case, TCP initiates timeout and retransmission mechanisms that ensure a reliable connection.

The Process of TCP 3-Way Handshake for Connection Establishment

The process starts when the client requests a communication session with a server by following three steps.

Step 1: A connection between the server and client is established by exchanging message SYN -Synchronization Sequence Number.

In the first step, the client initiates the process by sending a SYN message to the server, utilizing the server’s IP address to request an initial connection.

The SYN message contains a random sequence number.

Step 2: The server acknowledges receipt of the SYN packet from the client end.

Upon receiving the SYN request, the server analyzes it and decides whether to allow the connection, allocating necessary resources to the client, including a network port.
This step is known as acknowledgment or SYN-ACK, the server sends this message with a random sequence number with an ACK number acknowledging the client sequence random number.

Step 3: The client node acknowledges the SYN/ACK received from the server by responding with an ACK packet.

In the third and final step, the client acknowledges the handshake through an ACK message.
Often, this acknowledgment is immediate and is prompted by a request for content such as an HTML page, image, or any API call.
The sequence numbers are synchronized at this step, and now the client and server can send and receive the data.

That’s all from me today. Don’t forget to check out the key takeaways. See you in the next blog, and happy learning!

TCP (Transmission Control Protocol) is a set of communication rules between devices. It is essential for establishing secure and reliable connections and ensuring the delivery of packets of messages between sender and receiver.

The classification of a computer as a server or client depends on its installed operating system and its role in the network.

The TCP 3-way handshake is robust, providing a default method for establishing connections and sharing data. It includes error checking, retransmission mechanisms, and synchronization of sequence numbers, minimizing the probability of data loss and errors.

The client initiates by sending a SYN message. The server responds with a SYN-ACK, acknowledging the client’s request. The client acknowledges the handshake with an ACK, synchronizing sequence numbers for bidirectional data transmission.

Computer networking is a way of connecting devices for communication and data exchange. Essential devices include routers, switches, hubs, bridges, modems, and NICs.

What is a TCP 3-Way Handshake ?