During the earlier years of the internet, Internet Protocol (IP) was the only protocol people used to connect to the internet. The problem with IP was that you could send a message and be unsure if the recipient would receive it or not. For this reason, TCP/IP was established.

TCP/IP ensures that all the data you send reaches its recipient. It does this by providing the client and server with a secure connection before sending data. This secure connection is established through a process known as a three-way handshake, also known as a TCP/IP handshake.

What Is a Three-Way Handshake?

Three-way handshake illustration
Image Credit: Fleshgrinder/Wikimedia

A three-way handshake (TCP/IP handshake) is the first three interactions between a client and a server trying to establish a TCP connection. These initial interactions are essential in making a secure connection. At this phase, both client and server will agree on parameters that they will use to check and verify incoming and outgoing packets of data. These parameters will be in the form of TCP segments.

What Is a TCP Segment?

In a TCP/IP connection, all data being sent must be cut and structured on what is known as TCP segments. These segments contain information like IP addresses, ports, flag bits, sequence numbers, acknowledgment numbers, and the optional data or payload.

The first three interactions (three-way handshake) will only contain TCP segment headers with no payload or attached data. Here is a sample of a TCP segment

TCP Segment diagram
Image Credit: Ere/Wikimedia

Note that the illustration above is only for TCP. A full TCP/IP segment requires both IP addresses from the sender and receiver on top of the TCP segment above.

Whenever you send a package to a person, you are required by the delivery service to fill out an information form and then attach it to the parcel before shipping. Similarly, TCP requires the sender to attach a segment head (information form) to the data (package) before it starts to send the segment (parcel) to the recipient.

Whenever a client communicates to a server, both parties will need to format their interactions in the form of a TCP segment. A TCP segment comprises a TCP segment head attached to the data you are trying to send. The sender will have to fill out the information the segment head requires.

For a three-way handshake, the sender will need to fill out the following:

  • Source Port: Identifies the port of the sender
  • Destination Port: Identifies the port of the receiver
  • Sequence Number: Indicates the segment sequence
  • Acknowledgment Number: Signifies a segment has been acknowledged by adding one to the given sequence number

Aside from filling out the segment head fields, the sender must also select a flag bit. There are six flag bits in total, but for a three-way handshake, you will only need the following two:

  1. SYN: Gives a sequence number. This sequence number will be used to count the sequence of all incoming segments for the rest of the interaction.
  2. ACK: Indicates that the receiver of the SYN number accepts the connection request by adding one (1) to the SYN number given.

Now that you know what a TCP segment is, let's see how it is used in a three-way handshake.

How a Three-Way Handshake Works

A three-way handshake is established when both client and host have exchanged info and acknowledged each other's sequence numbers. As the name implies, a three-way handshake is done in three steps.

First, the client sends a pure SYN segment indicating it wants a connection. Second, the server responds with a SYN-ACK segment which means it has acknowledged the request and is sending its own SYN number for the client to acknowledge. Third, the client sends an ACK segment to the server to notify it that the server's SYN number has been acknowledged and will be used for further connection.

A three-way handshake will look something like this:

Three-way handshake illustration
Asset Credit: Fleshgrinder/Wikimedia

Let's break it down and look at the segments so you know what exactly happens when client and server exchange and acknowledge sequence numbers.

Step 1: Client Sends a SYN Segment

Client sending SYN segment
Asset Credit: Fleshgrinder/Wikimedia

The client sends a request connection by sending a SYN segment to the server. The client uses the client's IP address to locate the server and send the TCP segment.

To reduce the complexity of the segment, let us ignore a few segment fields and concentrate on the bare necessities for a three-way handshake connection. This includes source port, destination port, sequence number, acknowledgment number, and what type of flag bit is used.

And with that, a SYN/request segment should look like this:

TCP SYN Segment
Image made by writer 

The client port is a random number between 49152 and 65536. This port range is the agreed-upon range that public devices can use dynamically to connect to the internet. Port ranges of 1024 to 49151 are private. They will have to be registered by an entity to use a port within the range specified. Port numbers below 1024 are ports reserved for various functions and internet protocols such as FTP (port 20), SMTP (port 25), DNS (port 53), and HTTP (port 80).

In real life, a sequence number is a random number. For the example, we used 0000000000 to make it easier to visualize.

Take note of the sequence number as we progress through the steps. Currently, it's 000000000. There is currently no acknowledgment number as there isn't something to acknowledge.

Step 2: Server Replies With a SYN-ACK Segment

Illustration of server sending SYN-ACK segment
Asset Credit: Fleshgrinder/Wikimedia

Once the server receives a SYN segment, it will respond by sending an ACK segment containing the acknowledgment number. The acknowledgment number will be the client's sequence number plus one (1).

TCP SYN and ACK Segment
Image made by the writer

Look at the source port. It shows that segment is from port 20, indicating it came from the server as a response.

Now, look at the acknowledgment number. It's 0000000001, which is the client's sequence number (0000000000) plus one (1). This is how a segment is tracked. Let's say the client received an ACK segment response where the acknowledgment number is 0000000002. This would indicate to the client that segment 0000000001 was missing and that the client will have to wait until it arrives so you don't experience packet loss.

As you can see, two flag bits are activated—SYN and ACK.

Aside from acknowledging the client's sequence number, the server will also send its own sequence number for the client to acknowledge the server's sequence number plus one (1). In our example, we used 1111111111 as the server's sequence number. Again, in the real world, this number is random.

Note that the client's and server's sequence numbers don't have to match. As long as both parties acknowledge each other's unique sequence number, the connection will be reliable.

Step 3: Client Replies With an ACK Segment

Illustration of client sending ACK segment
Asset Credit: Fleshgrinder/Wikimedia

Finally, the client acknowledges the server's sequence number.

TCP ACK Segment
Image made by writer

The final segment is an ACK segment from the client.

As you can the client will acknowledge the server's sequence number by responding with the server's sequence number (1111111111) plus one (1), which is 1111111112.

The client and the server will no longer send a sequence number since the start of the sequence has already been acknowledged. Both parties will, however, expect acknowledgment segments continuing sequence numbers plus one (1) and the number bytes throughout the interaction. In this case, the client is expecting the next server response to have an ACK of 0000000002 (if there is no attached data).

After which, the three-way handshake is established!

Understanding How Network Connections Work

Now that you have learned how a three-way handshake works, you will also have an easier time understanding how TCP works after the handshake. The client and server will begin sending data when the handshake is established. This time the full segment format will be used, plus the optional data or payload.

Data is usually segmented/cut into smaller pieces for easier transfers. Each data segment has its own segment head containing a sequence number and acknowledgment number. The reason for a sequence number is to know the sequence of the segments when they will eventually get reassembled. The acknowledgment numbers are there to verify with the sender that their segment has been received and that it matched the sequence of incoming segments.

Taking count of a sequence number and verifying them with an acknowledgment is how TCP can reliably transport huge chunks of data without any missing data packets.

And with that, you should have a pretty good idea of how TCP works.