A three-way handshake (also called a TCP handshake) is a three-step process used to establish a reliable connection between a client and a server over a network. This protocol ensures both sides synchronize their data tracking numbers and agree on connection parameters before any actual information is exchanged. It is the foundation of nearly all web activity, including how a browser connects to a web server to load a page.
What is a Three-Way Handshake?
The three-way handshake is the method used by the Transmission Control Protocol (TCP) to initiate a communication session. TCP is a connection-oriented protocol, meaning it requires a confirmed link between two points before data can move.
The handshake was first described in [May 1974 by Vint Cerf and Bob Kahn] (Wikipedia), who later [received the Turing Award in 2004] (Wikipedia) for their work on the protocol suite.
Why Three-Way Handshake Matters
This process is essential for maintaining the integrity of internet communications. Without it, data could be lost or delivered out of order without the system realizing there was an error.
- Reliability: It ensures that every packet of data is accounted for and received in the correct sequence.
- Parameter Negotiation: Devices use the handshake to agree on how much data can be sent at once (Maximum Segment Size or MSS).
- Security: It acts as a gatekeeper, preventing hackers from establishing unauthorized connections to vulnerable systems by requiring a specific exchange of sequence numbers.
- Synchronization: Both the client and the server must synchronize their initial sequence numbers (ISN) to track the flow of data bytes.
How Three-Way Handshake Works
The process follows a specific sequence of three signals: Synchronize (SYN), Synchronize-Acknowledge (SYN-ACK), and Acknowledge (ACK).
- SYN (Synchronize): The client (initiating computer) sends a SYN packet to the server. This packet contains an arbitrary Initial Sequence Number (e.g., 100). It effectively asks the server, "Are you open for a connection?"
- SYN-ACK (Synchronize-Acknowledge): If the server has open ports, it replies with a SYN-ACK packet. This packet includes the server's own random sequence number (e.g., 200) and an Acknowledgment (ACK) number, which is the client's sequence number plus one (e.g., 101).
- ACK (Acknowledge): The client sends a final ACK packet back to the server. The sequence number is the client's previous number plus one (101), and the acknowledgment number is the server's sequence number plus one (201).
Once this final step is completed, a full-duplex communication line is established, and the devices begin transferring data.
Best Practices
- Implement Window Scaling: Use the [TCP window scale option defined in RFC 1323] (Wikipedia) to increase maximum window sizes for high-bandwidth networks.
- Configure MSS Correctly: Set the Maximum Segment Size small enough to avoid IP fragmentation, which can cause packet loss and retransmissions.
- Use TCP Fast Open (TFO): To reduce latency, use [TCP Fast Open (RFC 7413, 2014)] (Wikipedia). It allows data to be sent within the initial SYN packets, skipping a full handshake for repeat connections.
- Enable Selective Acknowledgments (SACK): This allows a receiver to inform the sender about specifically received segments. SACK has been measured to provide [throughput gains of up to 45%] (Wikipedia).
Common Mistakes
Mistake: Neglecting SYN Flood protection. Fix: Implement SYN cookies or similar cryptographic puzzles to prevent attackers from consuming server resources with bogus connection requests.
Mistake: Disabling Timestamps in some environments. Fix: Ensure TCP timestamps are enabled to protect against wrapped sequence numbers (PAWS), though note that [timestamp adoption has stagnated at approximately 40%] (Wikipedia) due to certain server configurations.
Mistake: Ignoring "Silly Window Syndrome." Fix: Use Nagle's Algorithm to group small messages into larger packets, preventing the inefficient use of bandwidth.
Examples
Example Scenario: Web Browsing
When a user types a URL into a browser, the browser (active client) initiates a three-way handshake with the website's server. Only after the ACK is received does the server begin streaming the HTML and CSS files to the browser.
Example Scenario: Connection Termination
While the handshake opens a connection, a separate process closes it. A "four-way handshake" occurs when one device sends a FIN (Finish) packet, the other ACKs it, then the second device sends its own FIN packet, followed by a final ACK from the first device.
TCP vs. UDP
| Feature | TCP (Handshake Required) | UDP (No Handshake) |
|---|---|---|
| Reliability | Guaranteed delivery | Best effort (no guarantee) |
| Order | Delivered in sequence | May be out of order |
| Speed | Slower (latency from handshake) | Faster (instant transmission) |
| Use Case | Web pages, Email, File transfer | Streaming video, VoIP, Gaming |
FAQ
What is the purpose of the sequence numbers?
Sequence numbers allow both devices to track how much data has been sent and received. They enable the receiver to reassemble data packets in the correct order if they arrive out of sequence and help the sender identify which packets were lost based on the acknowledgment numbers received.
Can a connection be established without three steps?
While the standard requires three steps, extensions like TCP Fast Open (TFO) allow data to be included in the SYN packet. This effectively speeds up the process for subsequent connections between the same two endpoints, reducing the latency typically caused by the round-trip handshake.
What happens if the final ACK is lost?
If the server does not receive the final ACK, the connection is not fully established. If the data transfer starts and the acknowledgment is missing, the sender will eventually trigger a time-out and retransmit the unacknowledged data.
Why is it called a "handshake"?
It is a metaphorical term for two devices "agreeing" to talk. Much like two people shaking hands to acknowledge an introduction, the computers use these three packets to confirm they are ready, willing, and synchronized for a conversation.
Who invented the three-way handshake?
The protocol's specifications were first published in [RFC 675 in December 1974] (Wikipedia). Vint Cerf, Yogen Dalal, and Carl Sunshine authored the document, which contained the first use of the term "internet" as shorthand for internetwork.
