Cyber Security Interview Prep. Q2: "Three-Way Handshake"

Category: General IT

"What is the three-way handshake? What packets are sent and who is the sender and who is the recipient?"

My answer:

The three-way handshake is a process by which a client and server establish a communication channel between them. The client sends a SYN, the server sends a SYN-ACK and then the client sends an ACK. After these packets, the connection is established and data can begin to be transferred across the created TCP socket connection on whatever port this connection has been made on.

Client (SYN)---> Server

Client <---(SYN-ACK) Server

Client (ACK)---> Server

*Connection Established*

Interesting note: Nmap can somewhat abuses the handshake to scan for open ports on a server without fully establishing a connection by not sending the final ACK packet and instead sending a RST (Reset) packet. This is known as a "stealth scan".

If we wish to go into some more detail, the sending of data packets can be described in 3 parts-

1) First the client sends a SYN (Synchronisation) packet to the server on a port that it wishes to establish a connection on. This packet of data includes a random string of numbers.

2) If the server is listening on the port, it will receive the SYN packet. To acknowledge that it has received the SYN, it will add 1 to the value of the number found in the SYN packet and send this over as the ACK (acknowledgement). However the server will also wish to receive acknowledgement from the client for one of the server's own packets, so it will send its own SYN with the ACK we just mentioned. This is why we call the second step of the handshake the "SYN-ACK".

3) Client receives the ACK for the client's SYN packet and responds to the server's SYN in the same way; it will add one to the value found in the Server's SYN and send it back as an ACK.