The TCP three-way handshake isn’t just about establishing a connection; it’s a sophisticated negotiation that guarantees reliable data transfer by ensuring both sides are ready and agree on initial sequence numbers.
Let’s watch it happen. Imagine a client (192.168.1.100) wanting to connect to a web server (10.0.0.5) on port 80.
Client (192.168.1.100) -> Server (10.0.0.5:80)
[SYN] Seq=1000
The client sends a SYN (Synchronize) packet. This packet signals its intent to initiate a connection and carries an initial sequence number (here, 1000). This sequence number is crucial; it’s the client’s starting point for all data it will send.
Server (10.0.0.5:80) -> Client (192.168.1.100)
[SYN-ACK] Seq=5000 Ack=1001
The server receives the SYN. If it’s willing to accept the connection, it responds with a SYN-ACK packet. This packet does two things:
- SYN: It also carries its own initial sequence number (5000).
- ACK: It acknowledges the client’s SYN by incrementing the client’s sequence number by one (1000 + 1 = 1001). This tells the client, "I got your SYN, and I’m ready to start talking from sequence number 1001."
Client (192.168.1.100) -> Server (10.0.0.5:80)
[ACK] Seq=1001 Ack=5001
Finally, the client receives the SYN-ACK. It sends back an ACK packet.
- ACK: It acknowledges the server’s SYN by incrementing the server’s sequence number by one (5000 + 1 = 5001). This tells the server, "I got your SYN-ACK, and I’m ready to start talking from sequence number 5001."
At this point, the connection is established. Both sides have agreed on their initial sequence numbers and have confirmed that the other side is ready.
This three-way handshake is the foundation for TCP’s reliability. The sequence numbers allow for ordered delivery and retransmission of lost packets. If a packet is lost during the handshake, the sender will eventually time out and resend it, ensuring the handshake completes successfully.
The connection state on both client and server transitions from CLOSED to SYN_SENT (client) and LISTEN to SYN_RECEIVED (server) after the first SYN, then to ESTABLISHED for both after the final ACK. This state management is vital for tracking the progress of the connection and handling potential issues.
What most people don’t realize is that the Seq and Ack numbers in these initial packets aren’t just arbitrary; they are derived from a random number generator for security reasons. This initial random sequence number (ISN) makes it harder for attackers to predict the sequence numbers of subsequent packets, a technique known as a TCP sequence number prediction attack. Without this randomization, an attacker could potentially inject spoofed packets into an established connection.
Once the handshake is complete, the actual data transfer begins, with subsequent packets using these established sequence and acknowledgment numbers to maintain order and ensure delivery.
The next thing you’ll encounter is how TCP handles data transfer, including flow control and congestion control, using these very sequence and acknowledgment numbers.