What Is a TCP Handshake?

The TCP (Transmission Control Protocol) handshake — also called the three-way handshake — is the process used to establish a reliable connection between a client and a server before any data is sent. It ensures both sides are ready to communicate and agree on parameters like sequence numbers.

The Three Steps

SYN — The client sends a SYN (synchronize) packet to the server, indicating it wants to establish a connection and sharing its initial sequence number.
SYN-ACK — The server responds with a SYN-ACK (synchronize-acknowledge) packet, acknowledging the client's SYN and sharing its own sequence number.
ACK — The client sends an ACK (acknowledge) packet confirming receipt of the server's SYN-ACK. The connection is now established.

Why This Matters for Performance

Every TCP connection requires this handshake before a single byte of application data can be sent. For HTTPS, a TLS handshake then occurs on top, adding further round trips. This is why connection overhead matters for web performance:

HTTP/1.1 opens a new TCP connection per request (or uses persistent connections with limits)
HTTP/2 multiplexes multiple requests over one connection — one handshake for many requests
HTTP/3 (QUIC) uses UDP and combines the transport and crypto handshake, reducing connection setup to one round trip

TCP Handshake and Security: SYN Flood Attacks

A SYN flood is a DDoS attack that exploits the handshake. The attacker sends thousands of SYN packets with spoofed source IPs. The server sends SYN-ACK replies and waits for the final ACK — which never comes. The server's connection table fills up, preventing legitimate connections. SYN cookies are a common mitigation that avoids storing per-connection state during the handshake.

The Three Steps

Why This Matters for Performance

TCP Handshake and Security: SYN Flood Attacks

People Also Ask

Related Questions

What Is Latency in Internet?

What Is a CDN (Content Delivery Network)?

What Is HTTPS and Why Does It Matter?