Part 8 – TCP Connection Establishment and Termination

TCP Connection Establishment and Termination

Table Of Contents
  1. TCP Connection Establishment and Termination
  2. Resources

Introduction

Welcome to Part 8 of the Network Fundamentals study notes! If you haven’t already, we recommend watching the video first.

In Part 7, we saw that TCP is connection-oriented — it builds and tracks a connection before sending data. In this part, we look at exactly how that works. We’ll walk through the three-way handshake used to open a connection, and the messages used to close it — both gracefully and abruptly.

TCP Flags

TCP uses flags in its header to communicate the purpose of a segment. Flags are individual bits that can be turned on or off. The key ones for connection management are:

  • SYN (Synchronise) – used to initiate a connection
  • ACK (Acknowledge) – confirms receipt of a previous segment
  • FIN (Finished) – signals the intent to close a connection
  • RST (Reset) – abruptly terminates a connection due to an error

The Three-Way Handshake

Before any data is exchanged, TCP performs a three-way handshake to establish a connection. Here’s how it works:

Step 1 – SYN

The client sends a TCP segment to the server with the SYN flag set. This segment carries no payload — just headers. It tells the server: “I want to start a new connection and I need us to agree on a few things.”

The segment includes:

  • The source port (random, chosen by the client) and the destination port (a well-known number, like 80 for HTTP)
  • An Initial Sequence Number (ISN) — a randomly chosen value that both sides will use to track the order of segments. The random starting value is deliberate, partly for security reasons.
  • A window size value — we’ll cover this in Part 9

Step 2 – SYN-ACK

If the server has an application listening on the requested port, it agrees to the connection. It replies with a segment that has both the SYN and ACK flags set.

In this segment:

  • The source and destination ports are swapped — the server is now responding, so it sends from port 80 to the client’s random port
  • The sequence number is incremented by one — this is the next message in the conversation
  • The ACK flag confirms the server received the client’s SYN

By setting both SYN and ACK, the server is saying: “I’ve seen your request, and I agree to the connection.”

Step 3 – ACK

The client completes the handshake by sending a segment with the ACK flag set and the sequence number incremented again. This confirms to the server that the client received its SYN-ACK.

At this point, the connection is established and data can flow in both directions. The three messages — SYN, SYN-ACK, ACK — are why this is called the three-way handshake.

Closing a Connection

A connection can be closed in two ways: gracefully or abruptly. Either the client or server can initiate the close.

Graceful Close (FIN)

When a connection finishes normally — for example, a file transfer completes — the graceful close uses four messages:

  1. The device that wants to close sends a segment with the FIN and ACK flags set
  2. The other device replies with an ACK
  3. That same device then sends its own FIN-ACK
  4. The original sender responds with a final ACK

Why does it take four messages instead of two? The first pair announces and acknowledges the intention to close. The responding device then needs to notify its application that the connection is closing — and the application might need a moment to wrap up what it’s doing. Only when the application is ready does the second pair of messages go out to fully close the connection. Those two pairs give the application time to respond gracefully before the connection disappears.

Abrupt Close (RST)

When something goes wrong, TCP uses a RST (Reset) segment. There’s no graceful exchange — the connection is dropped immediately with no acknowledgements and no waiting for the application.

A common example is when a client tries to connect to a port that has no application listening. The server sends back a RST before the handshake can even complete.

Reset messages are useful during troubleshooting. If you’re capturing network traffic and you see RST segments, it’s a strong indicator that something is wrong — a closed port, a dropped connection, or a misconfiguration somewhere.

Resources

Test your knowledge with the Introduction to Networking quizzes.