Entity Tracking
- TCP Handshake: A three-step process used by the Transmission Control Protocol to establish a reliable connection between two hosts over an IP network.
- SYN (Synchronize): The first packet sent in the handshake, used by the initiator to suggest an initial sequence number.
- SYN-ACK (Synchronize-Acknowledgment): The second packet sent in the handshake, where the receiver confirms the initiator's request and sends its own sequence number.
- ACK (Acknowledgment): The final packet in the handshake that confirms the connection is established and data transfer can begin.
- Four-Way Handshake: A separate multi-step process used to independently close both sides of a full-duplex TCP connection.
- Transmission Control Protocol (TCP): A core internet protocol that provides reliable, ordered, and error-checked delivery of data streams.
- UDP (User Datagram Protocol): A connectionless transport protocol that prioritizes speed over reliability, omitting the handshake process.
A TCP handshake (also known as a three-way handshake or SYN-SYN-ACK) is the sequence of three messages used to set up a connection between a client and a server. This process ensures both parties are ready to exchange data and have agreed on starting parameters. For marketers and SEO experts, understanding this process is vital because it directly impacts initial page load latency.
What is a TCP handshake?
The handshake serves as the "active open" phase of a connection. It occurs after a DNS lookup and before the TLS handshake in secure HTTPS connections. During this phase, the two computers negotiate sequence numbers to ensure data arrives in the correct order and without errors.
TCP is connection-oriented, meaning a reliable path must be established before the browser can send an HTTP request. This contrasts with protocols like UDP, which send data immediately without a preliminary greeting.
Why the TCP handshake matters
The handshake is the foundation of web reliability, though it comes with a performance cost.
- Reliability: It ensures that if packets are lost or out of order, the protocol can detect the error and request a retransmission.
- Full-Duplex Communication: It establishes that both the sender and receiver can transmit and receive data simultaneously.
- SEO and UX Impact: The handshake requires a full round-trip of packets between the user and the server. This adds to the "Time To First Byte" (TTFB), as no page data can be sent until the handshake completes.
- Resource Management: Servers must listen (passive open) for requests, which requires memory. If connections aren't managed, a server may run out of available ports.
How the TCP handshake works
The process follows three distinct steps to ensure both sides are synchronized.
- SYN: The initiator (usually the browser) sends a SYNchronize packet to the host. This packet includes a random initial sequence number.
- SYN-ACK: The server receives the SYN and sends back a SYNchronize-ACKnowledgement. This packet acknowledges the client's sequence number (incremented by one) and includes the server's own random sequence number.
- ACK: The initiator receives the SYN-ACK and sends an ACKnowledge packet. Once the server receives this, the TCP socket connection is established, and the data transfer phase begins.
Ending a connection
TCP connections are full-duplex, so each side must be closed independently through a four-way handshake.
- The initiator sends a FIN (finish) packet.
- The other host responds with an ACK. At this stage, the connection is "half-closed," and the host can still finish sending remaining data.
- The other host sends its own FIN packet.
- The initiator sends a final ACK, and the connection is fully closed.
A connection can also be closed via a [three-way handshake if a host combines the FIN and ACK steps] (Wikipedia).
TCP vs UDP
| Feature | TCP | UDP |
|---|---|---|
| Connection Style | Connection-oriented (Handshake) | Connectionless (No Handshake) |
| Reliability | High (Retransmits lost data) | Low (Data may be lost) |
| Ordering | Guaranteed ordered delivery | No ordering guarantee |
| Speed | Slower due to latency and overhead | Faster, prioritized for real-time |
| Use Case | Webpages, Email, File transfers | Streaming, VoIP, Online games |
Best practices for performance
Minimize Round-Trips Every handshake adds one Round-Trip Time (RTT) of latency. For small data flows, this delay is highly significant. Reducing the physical distance between users and servers (via CDNs) lowers the RTT.
Implement TCP Fast Open (TFO) [TCP Fast Open (RFC 7413), published in 2014, allows data to be sent during the initial SYN packet] (Wikipedia). This effectively removes one RTT of latency during connection establishment by using a cryptographic "cookie."
Coordinate handshakes In secure connections, the TLS handshake cannot begin until the TCP handshake concludes. Using [TLS 1.3 can help reduce serial latency] (Wikipedia), though the initial TCP RTT remains a baseline requirement.
Common mistakes
Mistake: Neglecting to properly close connections. Fix: Ensure applications close unrequired connections to avoid "ephemeral port exhaustion," where the client runs out of resources to start new outgoing connections.
Mistake: Misconfiguring Max Segment Size (MSS) settings. Fix: Set the MSS small enough to avoid IP fragmentation, which leads to packet loss and excessive retransmissions.
Mistake: Relying on TCP for real-time data like voice. Fix: Use UDP for real-time applications where timely delivery is more important than 100% accuracy. TCP's retransmission logic can cause delays of several seconds.
FAQ
Does the TCP handshake happen for every image on a page? Modern web browsers attempt to mitigate this by opening parallel connections or using persistent connections. Without persistent connections, every single resource (images, scripts, CSS) would require its own handshake, significantly slowing down the site.
Can you skip the TCP handshake? Not within standard TCP. However, extensions like [TCP Fast Open can skip the handshake for successive connections using a cookie] (Wikipedia). This speeds up the opening of repeat connections between the same two endpoints.
What is a SYN flood? A SYN flood is a type of Denial of Service (DoS) attack. An attacker sends many SYN packets from spoofed IP addresses but never responds with the final ACK. This forces the server to use up resources keeping track of these "half-open" connections until it can no longer accept legitimate users.
Who created the TCP/IP standard? [Vint Cerf and Bob Kahn received the Turing Award in 2004 for their foundational work on the internet protocol suite] (Wikipedia). The protocol was standardized in [January 1980 as RFC 761] (Wikipedia).
