StudyG Logo
Study G
Concept Breakdowns

TCP Three-Way Handshake Connection Establishment

These flashcards cover the TCP three-way handshake — the process establishing reliable connections between two hosts before data transfer begins. Critical for CompTIA Network+, CCNA, and networking courses, this mechanism trips up students who confuse SYN, SYN-ACK, and ACK sequence numbers or misunderstand TCP's stateful design. Each card reinforces exact flag sequences, port state transitions, and the role of ISN randomization, so you can answer exam questions confidently without second-guessing the order.

Interactive Deck

5 Cards
1
Front

What three flags does the TCP handshake use?

Click to reveal
1
Back

The handshake uses SYN (synchronize), SYN-ACK (synchronize-acknowledge), and ACK (acknowledge) flags.

  • SYN: client initiates, sends its Initial Sequence Number (ISN)
  • SYN-ACK: server acknowledges client ISN and sends its own ISN
  • ACK: client acknowledges server ISN; connection is established
2
Front

What is an Initial Sequence Number (ISN)?

Click to reveal
2
Back

An ISN is a randomly generated 32-bit number each side chooses at handshake start to track byte order.

Random ISNs prevent TCP sequence prediction attacks — an attacker cannot guess the sequence number and hijack the session.

3
Front

What port states change during the three-way handshake?

Click to reveal
3
Back
  • Client socket moves: CLOSED → SYN_SENT → ESTABLISHED
  • Server socket moves: LISTEN → SYN_RECEIVED → ESTABLISHED

Both sides must reach ESTABLISHED before application data flows.

4
Locked

Why does TCP use three steps instead of two?

5
Locked

What happens if the SYN-ACK is never received by the client?

Master this topic effortlessly.

Study G helps you master any topic effortlessly using proven learning algorithms and smart review timing

Download Study G

Frequently Asked Questions

What is the TCP three-way handshake?

The three-way handshake is the process TCP uses to establish a reliable connection before data transfer. The client sends a SYN, the server replies with SYN-ACK, and the client completes the exchange with an ACK. Only then do both sides consider the connection open.

What is the difference between TCP and UDP connection setup?

TCP uses a three-way handshake to establish a stateful, reliable connection before sending data. UDP has no handshake — it sends datagrams immediately with no guarantee of delivery or order.

  • Use TCP for: web browsing, email, file transfers
  • Use UDP for: video streaming, DNS lookups, online gaming

How does a SYN flood attack exploit the three-way handshake?

An attacker sends thousands of SYN packets with spoofed source IPs. The server allocates resources and replies with SYN-ACK but never receives the final ACK, filling its SYN backlog queue until it cannot accept legitimate connections. Mitigated using SYN cookies, which avoid allocating resources until the ACK arrives.

Why does TCP randomize the Initial Sequence Number?

Random ISNs prevent TCP sequence prediction attacks where an attacker could forge packets with a guessed sequence number to inject data or reset connections. RFC 6528 requires ISNs be cryptographically unpredictable.