Listen to this Post
The Transmission Control Protocol (TCP) handshake is a fundamental process used to establish a reliable connection between two devices over a network. It ensures both sides are ready to communicate and agree on initial sequence numbers for data transfer.
TCP uses a three-step process to initiate a connection, known as the three-way handshake:
🔷 Step 1 ➤ The client sends a SYN (synchronize) message to the server, indicating it wants to start a connection and suggesting an initial sequence number.
🔷 Step 2 ➤ The server responds with a SYN-ACK (synchronize-acknowledge) message. It acknowledges the client’s SYN request and sends its own SYN request with its initial sequence number.
🔷 Step 3 ➤ The client sends an ACK (acknowledge) message back to the server, confirming the receipt of the SYN-ACK. At this point, the connection is established, and both parties can begin to talk.
Importance of the Handshake:
This process ensures that both the client and server agree on the starting sequence numbers and that the connection is reliable. It helps prevent data loss and supports communication.
Why Should You Care?
- Impact on Application Performance: The handshake adds an additional round trip before the application layer starts, impacting latency.
- Cold-Start Challenges: In mobile and global networks, this process significantly affects cold-start API calls, influencing response times.
- Timeouts & Error Recovery: The handshake shapes how timeouts, retries, and error handling are implemented.
- Session Management: It plays a key role in how proxies and load balancers handle sessions, particularly in high-traffic systems.
- Legacy & Cloud Systems: TCP’s behavior defines the baseline performance, whether you’re working with traditional or cloud-native infrastructure.
Even with the rise of new technologies, the TCP handshake remains a fundamental process in network communication.
You Should Know:
Practical TCP Handshake Analysis with Linux Commands
1. Capturing TCP Handshake with `tcpdump`
To observe the three-way handshake in real-time, use:
sudo tcpdump -i eth0 'tcp[bash] & (tcp-syn|tcp-ack) != 0'
This filters SYN and ACK packets, showing the handshake process.
2. Simulating a TCP Connection with `nc` (Netcat)
nc -v <target_ip> <port>
This initiates a TCP connection, triggering the handshake.
3. Checking Active TCP Connections
ss -tulnp
Displays all active TCP connections, including their state (ESTABLISHED, SYN-SENT, etc.).
- Forcing a SYN Flood Attack (For Security Testing)
sudo hping3 -S --flood -p 80 <target_ip>
(Use responsibly—only in controlled environments.)
5. Adjusting TCP Timeout Settings
sysctl -w net.ipv4.tcp_syn_retries=3
Modifies the number of SYN retransmissions before timeout.
6. Testing Latency Impact of Handshake
ping <target_ip> Measures basic latency
curl -o /dev/null -s -w "TCP Handshake Time: %{time_connect}\n" http://<target_ip>
Shows the time taken for the TCP handshake.
7. Analyzing Handshake with Wireshark
wireshark -k -i eth0 -Y "tcp.flags.syn==1 or tcp.flags.ack==1"
Visualizes the SYN, SYN-ACK, and ACK packets.
What Undercode Say:
The TCP three-way handshake is a cornerstone of reliable networking, but its overhead can impact performance in latency-sensitive applications. Understanding its mechanics helps in optimizing web servers, load balancers, and cloud infrastructure.
Additional Useful Commands:
- Check TCP Window Size:
cat /proc/sys/net/ipv4/tcp_window_scaling
- Enable/Disable TCP Fast Open (TFO):
sysctl -w net.ipv4.tcp_fastopen=3
- Monitor TCP Retransmissions:
netstat -s | grep retransmit
- Set Maximum SYN Backlog:
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
Prediction:
As networks evolve with QUIC and HTTP/3, the traditional TCP handshake may see optimizations, but its core principles will remain critical in network troubleshooting and security analysis.
Expected Output:
A deep technical breakdown of the TCP three-way handshake, practical Linux commands for analysis, and performance considerations for modern networking.
References:
Reported By: Ninadurann What – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
