TCP Three-Way Handshake

The TCP three-way handshake is the process by which two devices establish a reliable connection before transmitting data, exchanging SYN, SYN-ACK, and ACK packets to synchronize sequence numbers.

What It Really Means

TCP (Transmission Control Protocol) provides reliable, ordered delivery of data between applications. Before any data can flow, both sides must agree on initial parameters — specifically, sequence numbers that track which bytes have been sent and received. The three-way handshake establishes this agreement.

Why three packets instead of two? Because both sides need to confirm they can both send and receive. The client proves it can send (SYN) and receive (ACK of SYN-ACK). The server proves it can receive (SYN-ACK in response to SYN) and send (SYN-ACK reaches client). Two packets would only confirm one direction.

This handshake adds one round-trip time (RTT) of latency before any data transfers. For a client in New York connecting to a server in London (RTT ~75ms), the handshake alone takes 75ms. This is why connection reuse (HTTP keep-alive, connection pooling) matters so much for performance.

How It Works in Practice

The Three Steps

Connection States

Latency Impact

A new HTTPS connection requires multiple round trips before data flows:

Implementation

Monitoring TCP connections:

TCP tuning for high-connection servers:

TCP Fast Open (TFO):

Trade-offs

Why TCP vs UDP:

• TCP: Reliable delivery, ordered, connection-oriented. Use for HTTP, database connections, file transfers.
• UDP: Best-effort delivery, no handshake, connectionless. Use for real-time video, gaming, DNS queries.

Connection reuse strategies:

• HTTP/1.1 Keep-Alive: Reuse TCP connection for multiple requests (sequential)
• HTTP/2 Multiplexing: Multiple concurrent requests on one connection
• Connection Pooling: Pre-established connections for database queries

Handshake overhead matters when:

• High-latency networks (cross-continent: 100-300ms RTT)
• Microservice architectures with many inter-service calls
• Mobile networks with high latency and packet loss
• APIs serving many small requests (each request's handshake overhead dominates)

Common Misconceptions

• "The handshake is always exactly 3 packets" — The initial handshake is 3 packets, but TCP also has a 4-packet connection teardown (FIN, ACK, FIN, ACK). TCP Fast Open can combine data with the SYN packet.
• "TCP guarantees delivery" — TCP guarantees delivery or notification of failure. If the network is permanently down, TCP will eventually timeout and report the failure to the application.
• "Keep-alive eliminates all handshake overhead" — Keep-alive connections can be closed by servers, proxies, or load balancers after an idle timeout. Applications must handle reconnection gracefully.
• "TIME_WAIT is a problem to fix" — TIME_WAIT exists to prevent delayed packets from a closed connection being misinterpreted as belonging to a new connection on the same port. It is a feature, not a bug. Only tune it if you understand the consequences.

How This Appears in Interviews

1. "Why does TCP use a three-way handshake instead of two?" — Both sides need to prove they can send and receive. Two packets only verify one direction.
2. "What happens when you type a URL?" — DNS resolution, TCP handshake, TLS handshake, HTTP request.
3. "How do you reduce latency for API calls between services?" — Connection reuse, connection pooling, TCP Fast Open, gRPC with HTTP/2.
4. "Your server has thousands of TIME_WAIT connections" — Explain what TIME_WAIT means, why it is normal for high-traffic servers, and when to tune tcp_fin_timeout.

Related Concepts

• TLS/SSL Handshake — encrypted layer on top of TCP
• HTTP/2 Multiplexing — eliminates multiple TCP connections per domain
• WebSocket Protocol — upgrades a TCP connection for bidirectional communication
• Connection Pooling — reuse TCP connections to avoid handshake overhead
• What Happens When You Type a URL — TCP handshake in the full request lifecycle
• System Design Interview Guide
• Algoroq Pricing — access all concept deep-dives