TCP (Transmission Control Protocol) is a relatively complex protocol standard that defines how to establish and maintain a network conversation to exchange data. TCP works with Internet Protocol (IP) to define how computers send package to each other.
TCP is connection-oriented protocols, which means connections must be established before any data is sent. This post aims to explain how to examine TCP handshake to understand TCP 3-way handshake.
· Install Wireshark to your Personal Computer.
TCP uses a process, which called 3-Way Handshake to exchange information. The goal of this exchange task is that both sides need to be aware of the lowest parameters, which they will use to transmit data.
TCP 3-Way Handshake process can be visualize with this diagram.
1- The Client Computer initiates a connection to the server via a package with only the SYN flag set.
2- The server replies this request with package that both the ACK and the SYN flag set.
3- Finally, client responds back to server with a single ACK package.
If all these steps are completed without error then a TCP connection established between client and server.
After 3-Way Handshake process finishes, connection is ready for data transfer. For more detail about requests, you can right click request then select Follow -> TCP Stream. The traffic which comes from client is shown in red and server in blue.