TCP Three Way Handshake
tcpprotocolnetworking

TCP Three Way Handshake

Understand the TCP Three Way Handshake to ensure reliable connections between clients and servers.

lalatendu.swain
lalatendu.swainSeptember 10, 2024 · 4 min read

Introduction

The TCP Three Way Handshake is a crucial process in the Transmission Control Protocol (TCP) that establishes a reliable connection between a client and a server. This handshake is essential for ensuring that both parties are prepared to communicate effectively and that the parameters for the connection are set. Understanding the Three Way Handshake is vital for network engineers, system administrators, and developers working with TCP/IP networks, as it lays the foundation for all subsequent data transmission.

What Is the TCP Three Way Handshake?

The TCP Three Way Handshake is a method used by TCP to establish a connection before any data is transmitted between a client and a server. This process involves a series of messages exchanged to confirm that both parties are ready to communicate, ensuring that data can be sent and received reliably. The handshake is integral to TCP's ability to provide a reliable, ordered, and error-checked delivery of data.

How It Works

The Three Way Handshake consists of three primary steps that establish a connection:

  1. SYN (Synchronize): The client initiates the connection by sending a SYN packet to the server. This packet contains a randomly generated sequence number, which is essential for tracking the data packets that will be exchanged.

  2. SYN-ACK (Synchronize-Acknowledge): The server responds with a SYN-ACK packet. This packet acknowledges the receipt of the client's SYN request and includes its own SYN with a unique sequence number.

  3. ACK (Acknowledge): Finally, the client sends an ACK packet back to the server, confirming the receipt of the server's SYN-ACK. This completes the handshake and establishes a connection.

Visual Representation

To illustrate the process, consider the following diagram:

Client                      Server
   | -- SYN (seq=100) -->    |
   | <--- SYN-ACK (seq=200, ack=101) |
   | -- ACK (ack=201) -->    |

Prerequisites

Before you can observe or analyze the TCP Three Way Handshake, ensure you have the following:

  • A computer with a Linux-based operating system (e.g., Ubuntu, CentOS)
  • Access to a terminal or command line interface
  • Installation of packet capture tools such as tcpdump or Wireshark
  • Basic knowledge of network concepts and TCP/IP

Installation & Setup

To set up the necessary tools, follow these steps:

Installing Tcpdump

# For Debian/Ubuntu-based systems
sudo apt-get update
sudo apt-get install tcpdump

Installing Wireshark

# For Debian/Ubuntu-based systems
sudo apt-get install wireshark

Step-by-Step Guide

Here’s how to observe the TCP Three Way Handshake in action:

  1. Initiate the Handshake: Open a terminal and use telnet or curl to connect to a web server.

    telnet example.com 80

  2. Monitor the Packets: In another terminal, start capturing packets on the specified interface.

    sudo tcpdump -i eth0 tcp port 80

  3. Observe the Response: Look for the server's SYN-ACK reply in the packet capture.

  4. Complete the Handshake: After receiving the SYN-ACK, the client will send an ACK back to the server, completing the handshake.

  5. Analyze the Capture: Stop the packet capture and analyze the packets to see the SYN, SYN-ACK, and ACK messages.

Real-World Examples

Example 1: Using Tcpdump

To capture the TCP handshake for a connection to a web server, run the following command:

sudo tcpdump -i eth0 tcp port 80

This command will display the packets exchanged during the handshake.

Example 2: Using Wireshark

  1. Launch Wireshark and start capturing traffic on your network interface.
  2. Use the filter tcp to focus on TCP packets.
  3. Initiate a connection to a web server by entering a URL in your browser.
  4. Look for packets marked with SYN, SYN-ACK, and ACK flags to analyze the handshake.

Best Practices

  • Always use tools like tcpdump or Wireshark in a controlled environment to avoid capturing sensitive data.
  • Filter your packet captures to reduce noise and focus on relevant traffic.
  • Regularly update your packet analysis tools to ensure compatibility with the latest protocols.
  • Document your findings during packet captures for future reference and analysis.
  • Use secure connections (e.g., HTTPS) to protect data during transmission.

Common Issues & Fixes

Issue Cause Fix
Handshake not completing Firewall blocking packets Check firewall rules and allow TCP traffic
SYN packets not reaching server Network misconfiguration or down server Verify network settings and server status
Delayed ACKs Network latency Investigate network performance issues

Key Takeaways

  • The TCP Three Way Handshake is essential for establishing reliable connections in TCP/IP networks.
  • It consists of three steps: SYN, SYN-ACK, and ACK.
  • Understanding this handshake is crucial for troubleshooting network issues.
  • Tools like tcpdump and Wireshark are invaluable for observing and analyzing the handshake.
  • Proper setup and monitoring can help ensure effective communication between clients and servers.

Responses

Sign in to leave a response.

Loading…

— More from lalatendu.swain

The Code Auditor That Never Sleeps: What Anthropic's Glasswing Project Tells Us About the Next Decade of Cybersecurity

10 min read

Understanding Zero Trust: The Future of Cybersecurity Frameworks

9 min read

The Day I Stopped Fighting My Tools

4 min read

Ensuring Proper Tagging of AWS AMIs and Snapshots in Your Automation Scripts

3 min read