TCP provides a reliable, ordered byte stream over the unreliable, unordered packet delivery of IP. To do that, each side numbers the bytes it sends with a sequence number, and the receiver acknowledges the highest contiguous byte it has received. Before any data flows, the two ends must agree on where their numbering begins. The mechanism that accomplishes this is the three-way handshake, specified in RFC 793, the Transmission Control Protocol standard published by USC’s Information Sciences Institute in September 1981.
The exchange uses three TCP segments. The initiating host, typically a client, sends a segment with the SYN (synchronize) control bit set and its chosen initial sequence number. The responding host replies with a single segment that both acknowledges the client’s SYN and carries its own SYN with its own initial sequence number; this combined message is the SYN-ACK. Finally the client sends an ACK acknowledging the server’s SYN. After this third message, both sides have exchanged and acknowledged initial sequence numbers, and the connection is established. RFC 793 explains that “the synchronization requires each side to send it’s own initial sequence number and to receive a confirmation of it in acknowledgment from the other side.”
The reason there are three messages rather than four is that the middle two steps are combined. The specification notes that “because steps 2 and 3 can be combined in a single message this is called the three way (or three message) handshake.” Conceptually the protocol needs four actions - each side sends a SYN and each side acknowledges the other’s SYN - but the server’s acknowledgment and its own SYN travel together, collapsing the exchange to three packets.
The handshake is not merely bookkeeping; it exists to keep old packets from corrupting new connections. RFC 793 states that “the principle reason for the three-way handshake is to prevent old duplicate connection initiations from causing confusion.” On a network where packets can be delayed and arrive out of order long after they were sent, a stale connection request could otherwise be mistaken for a fresh one. By requiring each side to confirm a freshly chosen sequence number, the handshake ensures both ends are talking about the same, current connection.
The three-way handshake is one of the most familiar patterns in all of networking, visible in any packet capture of a new connection and central to how firewalls, load balancers, and intrusion detection systems reason about traffic. It is also the feature that gives TCP its setup cost: a connection cannot send useful data until a full round trip has completed. That latency is exactly what protocols built on UDP, such as QUIC, work to reduce, and it is part of why connectionless UDP remains attractive for applications that cannot afford the handshake’s delay.