Open in app

Sign in

Write

Sign in

TCP 3-Way Handshake

Shehani Fernando
5 min readJul 6, 2022

--

TCP is Transmission Control Protocol that helps to establish reliable, secure connections between devices. Instead of OSI, the current Internet is built on the simpler TCP/IP concept. The transport layer of the TCP/IP model uses TCP and UDP Protocols.

Fig 1. OSI and TCP/IP Model

We will be discussed in more detail about TCP 3-way handshake process in this article and demonstrate this process using a simple node js client-server application and trace that application using Wireshark. Before we dig into the TCP 3-way handshake process, let’s get some fundamental idea about some of the elements of the TCP Header. Getting to know these elements is worth it because these elements are used when explaining the TCP 3-way handshake process.

TCP Header

Fig 2. TCP Header

Sequence Number -The first bit of the data is given a random 32-bit (in the range of 0 to (232 -1)) called the sequence number. A sequence number is typically only used once in a single connection. Some other random sequence numbers may be utilized for further data transmission over the same connection.

Acknowledgment Number -It is the next sequence number that is expected by the acknowledgment sending device from the sender.

Window Size -It is known as buffer size. It can receive data up to the buffer capacity.

SYN Flag -SYN refers to synchronization. This can be referred to as a request to establish a connection.

ACK Flag -ACK refers to acknowledgment. This sends as a response to SYN.

FIN Flag -FIN refers to finished. This sends when we want to terminate the connection after completing the data transmission.

TCP 3-Way Handshake Process

Fig 3. TCP 3-WAY Handshake Process
  1. First requests client send a flag that sync is enabled. Seq =0 which means this is the first message. A sequence number can be any random number in a real-world scenario.
  2. Now the server sees this message. Then the server responds with the acknowledgment (ACK=1). While acknowledging server sends its SYN packet. The server sends the SYN that the Seq =0.
  3. Now the client has to acknowledge the sequence. Every time someone sends an SYN request the other party has to respond. At this point, this communication is established between client and server.
  4. The server is sending a window update to the client. When client and server communicate, they are communicating window size. Window size is how many bytes you can send before filling the buffer. If the buffer gets filled, the client or server will send a buffer-filled flag saying to the other side that the buffer is filled and do not send messages. Once your application consumes the buffer, then the buffer gets some space. When it gets a space, it sends a window update call saying now you can send messages. The window update length is zero. Therefore acknowledgment(ACK) is not increased.
  5. The server sends a message saying “Hello Client” to the client and then disconnects.
  6. The client acknowledged the message sent by the server. The message length is 12. Therefore, now the ACK number is increasing.

ACK Number = Current ACK Number + Lenght of the number of bytes

The new ACK number is now 13.

7. The Server is sending FIN Flag to the client saying that it is going to terminate the connection. Now SEQ number is 13 because ACK is 13 in the previous request. As I explained, before ACK Number is the next sequence number expected by the acknowledgment sending device from the sender.

8. The client identified the FIN message and send an acknowledgment saying that it is okay to close the connection.

9. Then the client also sends its FIN message to close the connection.

10. As the final step of this process server acknowledge the client's FIN message.

Simple Client- Server Application

Step 1. Create node project
Step 2. After that run, the command npm install in the terminal.
Step3. Create server.js file

var net = require('net');var port = 4281;var host ='127.0.0.1'var server = net.createServer((socket)=>{socket.on('end',() =>{console.log('Server: Client Disconnected');});});server.on('connection', (socket)=>{console.log('connected from: ${socket.remoteAddress}:${socket.remotePort}');socket.write('hello client');socket.end();});server.on('error', (err)=>{throw err;});server.listen(port,host);

Step 4. Create a client.js file

var net = require('net');var port = 4281;var host ='127.0.0.1'var client = new net.Socket();client.connect(port, host, ()=>{console.log(`Connected to Server : ${host} on ${port}`);});client.on('data', (data)=>{console.log(`Recieved : ${data}`);});client.on('close', ()=>{console.log(`Client : Disconnected from Server`);});

Step 5. Run the server and client files and open the Wireshark. Then it will show your application traffic as shown in the figure 4.

FIg 4. Loopback application(client-server application)traffic

Step 6. Double-click on it. Then you can see the network traffic in more detail.

Fig 6. LoopBack Application Traffic

Step 7. Then filter port 4281 as shown in figure 8. You can visible there is now no traffic.

Fig 8. port 4281 traffic.

Step 8. Then stop the server and client. Again start the server.js file. There is no traffic yet.

Step 9. Start the client.js file. You can see the results after we start the client.js file as shown in the figure 9. The traffic is started.

Fig9. LoopBack interface after starting the client.js file.

Results

You can clearly see the TCP 3-way handshake process’s all the steps that I explained at the beginning of this article in this figure 10 and figure 11.

Fig 10. Loopback Application packet tracing
Fig 11. Transmission protocol of Loopback application

References

https://www.youtube.com/watch?v=UpUd5zEUUgI

https://afteracademy.com/blog/what-is-a-tcp-3-way-handshake-process

Tcp 3 Way Handshake
Syn
Ack
Nodejs
Wireshark

--

--

Shehani Fernando

Written by Shehani Fernando

19 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams