Sticky Banner Visual Mobile 3

Spring deal: Get a free upgrade for 3 months on annual offers.

Spring deal: Free upgrade on annual offers. Claim now!

Claim Now!
  • Glossary
  • What is a TCP handshake? | ExpressVPN Glossary

Expressvpn Glossary

TCP handshake

TCP handshake

What is a TCP handshake?

Transmission Control Protocol (TCP) is a set of rules that computers follow to send data reliably over a network. It makes sure information arrives in the correct order and isn’t lost along the way. Most of the internet relies on TCP to function.

A TCP handshake is a brief setup process that happens before any data is sent. During this step, two devices confirm that they can reach each other and are ready to communicate.

How a TCP handshake works

To start a TCP connection, two devices exchange a three-step set of messages to make sure they can communicate reliably. The device that initiates the connection is called the client, and the device that responds and provides the service or information the client requests is called the server.

This process is called the TCP handshake, also known as a three-way handshake for the three messages it uses:

  • Synchronize (SYN): The client sends a SYN message to the server, indicating it wants to start a connection.
  • Synchronize-acknowledge (SYN-ACK): The server replies with a SYN-ACK message to acknowledge the client’s request and indicate that it’s ready to connect.
  • Acknowledge (ACK): The client sends a final ACK message to confirm the server’s response. Once this message is received, the connection is established, and data can be sent.How the TCP three-way handshake works.

Why the TCP handshake is important

The TCP handshake is essential for making network connections work smoothly (including the internet). Here’s what it does:

  • Prevents data loss: The handshake confirms that both devices are ready to send and receive data, reducing the chance that messages are lost when the connection starts.
  • Synchronizes sequence numbers: Data is often sent in small pieces that may take different paths and arrive out of order. During the TCP handshake, both devices agree on sequence numbers that determine the order of these pieces, so they can be reassembled correctly at the destination.
  • Manages network flow: The handshake helps devices coordinate how much data can be sent at once, preventing the network from becoming overloaded and keeping communication smooth.

Common issues and network risks

TCP handshakes can be disrupted due to misconfigurations or poor connections. They can also be exploited in various ways by cybercriminals. Here are the most common problems that occur:

  • SYN flood attacks: Attackers can send a large number of fake connection requests (SYN messages) to a server, overwhelming it and preventing legitimate users from connecting.
  • Misconfigured firewalls: If a firewall is accidentally set to block legitimate handshake messages, connections may fail or be delayed.
  • Packet loss or latency: Network problems can cause handshake messages to be lost or delayed, which can interrupt connection attempts and slow down communication.
  • SYN/ACK scanning: Attackers can send fake SYN or ACK messages to see how a network responds. These responses can reveal which systems, services, or firewall rules are in place, potentially exposing vulnerabilities.

Further reading

FAQ

What happens after the TCP handshake?

After the Transmission Control Protocol (TCP) handshake ensures that both devices are ready and have agreed on how to communicate, data exchange begins. This could be something like a web browser loading a webpage, sending an email, or downloading a file.

Why is it called a three-way handshake?

A Transmission Control Protocol (TCP) handshake is also called a three-way handshake because it uses three messages. These are exchanged to establish an agreement between the client and the server on how they will communicate. First, the client sends a synchronize (SYN) message, then the server responds with synchronize-acknowledge (SYN-ACK), and finally the client replies with acknowledge (ACK).

Can a TCP handshake fail?

Yes, a Transmission Control Protocol (TCP) handshake can fail if messages are lost, delayed, or blocked. This can happen due to network issues like packet loss or latency, misconfigured firewalls, or intentional attacks such as SYN floods.

What is a SYN flood attack?

A SYN flood attack is when an attacker overwhelms a server with many fake connection requests, or synchronize (SYN) messages. This essentially creates a “traffic jam” that prevents legitimate connection requests from going through.

Does HTTPS rely on the TCP handshake?

Yes, HTTPS relies on the Transmission Control Protocol (TCP) handshake. HTTPS is just the secure version of HTTP, where the data is encrypted before it’s sent over the network. In other words, it still functions like HTTP underneath, and HTTP uses TCP.
Get Started