Enhance your Career in Networking With IPinBits!!!​

TCP-3-way Handshake and Termination

TCP-3-way-handshake, Graceful termination


  • How is TCP 3-way handshake and graceful termination achieved, why it was necessary and how it is accomplished in day to day networks, Hosts or in protocols.
  • In world of IP communication specifically in terms of allocating resources, hosts decide a specific TCP window depending upon the end host capability and the underlaying bandwidth.
  • So, this is like a mutual understanding between two communicating devices, so they decide a window size, more on TCP window later on in this blog.

TCP-3 Way handshake, Graceful termination.

Let’s have a look at TCP-3 Way handshake and how the above scenario is overcome.

So, in the above diagram, let’s consider Host A wants to communicate with B.

  • First, we will take into consideration TCP-3-way-handshake, here hosts A sends the first packet, along with its TCP SYN and start with initial sequence number to keep a track of the order of packets, all the TCP flags are explained later in separate blog.
  • Host B receives this 1st 1/500 segment, here it will acknowledge the segment, that it received from Host A, stating that I received your 1/500 along with sync, now I am sending you my acknowledgement for the same along with my sync, Host B acknowledges this, by sending TCP-SYN and TCP-ACK flags.
  • Host A receives the acknowledgment and then send its own TCP-ACK saying thanks I received the acknowledgment; by sending its own acknowledgment for it. This is what TCP-3-way handshake is all about.

Please find the below Wireshark capture for the above explanation.

The session is from my laptop to https://www.cisco.com

Packet Capture:

  • As you can see in the below capture, host A 192.168.104 is sending data to host B
  • So, in this case, the host A 192.168.104 will send it TCP SYN to the host B ( as explained earlier, host B will receive it and acknowledge it, by sending its own TCP SYN and TCP ACK,
  • On receiving the acknowledgement from Host B, Host A sends it’s an own acknowledgement to confirm.
  • Wireshark capture is also attached with it, please go through it and if any doubts/queries related to articles please reach us out on the website or any social media account, we will assist you.

TCP-session Graceful termination.

Graceful session is established, but still there one thing left i.e. graceful termination and which is necessary and why it is necessary let have a look.

Let us again take the below example, why TCP termination in a graceful way is also necessary and if it’s not there then how the network would behave.

  • In the above diagram host, A, wants to communicate with Host B in same subnet, Host A has reserved resources and the data has been segmented to 500 individual segments which needs to be delivered to host B.
  • So here host A will start sending the segments on wire as 1/500 with headers and CRC checks.

Host A will establish TCP-3-way handshake and initiate the communications by setting the TCP-SYN flag which will also have sequence number. Host B received will verify CRC if ok, then acknowledge host A 2/500 since the communication is two and reliable. B will send its own SYN and ACK, Host A SYN.

To acknowledge the Host B’s reply A will finally send its own acknowledgement stating ok we are good to communicate, since we are able to acknowledge each other.

  • Now in similar way, host A will start sending the next frame to B as 2/500. Host B receives 2/500 and asks for 3/500.In the similar way all the frames will be delivered to host B.
  • Since host B received all the segments, it will re-form with the sequence number and gave it to the user, but here point to note is Host B didn’t acknowledge host A for the final segment 500/500, that it received the final segment.
  • Host A waits for stipulated time, then re-sends the last segment 500/500, there is no acknowledgement so this process goes on and on, the session isn’t terminated.
  • This is like TCP half open attack, since there was no way host A could have known that Host B received the final segment.
  • So, to terminate the session gracefully and avoid such situations, there is one more important flag called TCP-FIN which helps in terminating the session gracefully.
  • TCP-FIN and TCP-SYN are mutually exclusive and work in similar way but the difference is SYN is used to gracefully start a session with sequence number and the FIN is used to gracefully terminate the TCP session.
  • Lets take the below diagram, to understand how the session is terminated gracefully, Host A receives from the application that all the data transfer is finished now, we need to terminate the session gracefully.
  • So Host A sends the update by setting the TCP-FIN flag, to host B. Host B receives the TCP-FIN flag update, acknowledges it by sending its own TCP-ACK.
  • Host B will check with the application for which the data transfer was on-going and after application confirms, yes we have received the data and good to close the session, then Host B sends its own TCP-FIN, (its similar to TCP-SYN, but here there would be separate updates) saying that I also want to terminate the session gracefully.
  • Host A receives this TCP-FIN from Host B, closes the session by sending TCP-ACK to Host B the final confirmation. Host B receives this TCP-ACK from host A, so it also closes the session gracefully.

Related blog posts