TCP 3-Way Handshake

TCP (Transmission Control Protocol) is a relatively complex protocol standard that defines how to establish and maintain a network conversation to exchange data. TCP works with Internet Protocol (IP) to define how computers send package to each other.

TCP is connection-oriented protocols, which means connections must be established before any data is sent. This post aims to explain how to examine TCP handshake to understand TCP 3-way handshake.


· Install Wireshark to your Personal Computer.

· Download sample TCP dump file . We will use http.pcap file at this post.

The sample capture contains a simple http request and response. You can open http.pcap file with Wireshark. Double click http.pcap file then you should get same screen as added below.

TCP uses a process, which called 3-Way Handshake to exchange information. The goal of this exchange task is that both sides need to be aware of the lowest parameters, which they will use to transmit data.

TCP 3-Way Handshake process can be visualize with this diagram.


1- The Client Computer initiates a connection to the server via a package with only the SYN flag set.

2- The server replies this request with package that both the ACK and the SYN flag set.

3- Finally, client responds back to server with a single ACK package.

If all these steps are completed without error then a TCP connection established between client and server.

After 3-Way Handshake process finishes, connection is ready for data transfer. For more detail about requests, you can right click request then select Follow -> TCP Stream. The traffic which comes from client is shown in red and server in blue.

Tagged In:

I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Turk Telekom. I provide hardware and software support for the IT Infrastructure and Operations tasks.

205 Total Posts
Follow Me