Understanding TCP Three‑Way Handshake and Four‑Way Termination

In the first part of the "Network Communication Protocol" series we introduced the origin of network protocols and the TCP/IP layered model; this article builds on that foundation by focusing on reliable connections and describing the concrete implementation of the three‑way handshake and the four‑step (effectively three‑step) termination.

For a client host A to access resources on a server host B, four prerequisites are required: both hosts must have an IP address, the client must have a client‑side port number, and the server must have a server‑side port number.

Reliability of the data channel is achieved by TCP’s acknowledgment and retransmission mechanisms, which are demonstrated through the handshake and termination procedures.

Three‑Way Handshake

1. First step: Client A sends a SYN packet with a randomly generated sequence number (seq) to server B.

2. Second step: Server B replies with a SYN‑ACK packet; its own random sequence number is placed in the SYN field, and the ACK field contains the received seq+1, confirming receipt of the client’s request.

Server B acknowledges the client’s SYN.

Server B indicates the next expected sequence number for the client.

3. Third step: Client A sends an ACK packet back to B; the ACK’s seq is the value from the second step, and its ack field is the server’s original seq+1.

Packet captures using Wireshark illustrate each of these three messages, confirming the exact flow of SYN, SYN‑ACK, and ACK packets.

These three steps are optimal: fewer steps cannot guarantee mutual acknowledgment, while more steps would waste resources.

Four‑Way Termination

1. First step: After sending all data, client A initiates closure with a FIN packet (seq = x).

2. Second step: Server B acknowledges the FIN with an ACK (seq = Y, ack = x+1) but may still have data to send.

3. Third step: Once B finishes sending its remaining data, it sends a FIN+ACK (seq = y, ack = x+1).

4. Fourth step: Client A acknowledges with a final ACK (seq = x+1, ack = y+1), completing the termination.

Packet‑capture screenshots show the termination exchange; an optimization may merge the second and third steps when B has no more data, effectively reducing the process to three packets.

The article concludes by summarizing TCP’s connection establishment and termination mechanisms and hints that the next installment will explore ICMP, ping, and traceroute as examples of control‑message protocols.