Wednesday, December 9, 2009

TCP Connections: The Three-Way Handshake

SkyHi @ Wednesday, December 09, 2009

The three-way handshake in Transmission Control Protocol (also called the three message handshake) is the method used to establish and tear down network connections. This handshaking technique is referred to as the 3-way handshake or as "SYN-SYN-ACK" (or more accurately SYN, SYN-ACK, ACK). The TCP handshaking mechanism is designed so that two computers attempting to communicate can negotiate the parameters of the network connection before beginning communication. This process is also designed so that both ends can initiate and negotiate separate connections at the same time.

3-Way Handshake Description

Below is a (very) simplified description of the TCP 3-way handshake process. Refer to the diagram on the right as you examine the list of events on the left.


Host A sends a TCP SYNchronize packet to Host B

Host B receives A's SYN

Host B sends a SYNchronize-ACKnowledgement

Host A receives B's SYN-ACK

Host A sends ACKnowledge

Host B receives ACK. TCP connection is ESTABLISHED.

three-way handshake

SYNchronize and ACKnowledge messages are indicated by a bit inside the TCP header of the segment.

TCP knows whether the network connection is opening, synchronizing or established by using the SYNchronize and ACKnowledge messages when establishing a network connection.

When the communication between two computers ends, another 3-way communication is performed to tear down the TCP connection. This setup and teardown of a TCP connection is part of what qualifies TCP a reliable protocol.

Note that UDP does not perform this 3-way handshake and for this reason, it is referred to as an unreliable protocol.

Protocols Encapsulated in TCP

Note that FTP, Telnet, HTTP, HTTPS, SMTP, POP3, IMAP, SSH and any other protocol that rides over TCP also has a three way handshake performed as connection is opened. HTTP web requests, SMTP emails, FTP file transfers all manage the messages they each send. TCP handles the transmission of those messages.

TCP rides on top of Internet Protocol (IP) which is why it is called TCP/IP (TCP over IP). TCP segments are passed inside the payload section of the IP packets. IP handles addressing and routing and gets the packets from one place to another, but TCP handles the actual communication between hosts.