TCP handshake
TCP opens a connection via a three-way handshake: SYN, SYN-ACK, ACK. The animation renders each stage as a visually distinct chip shape (triangle / hex / square) so you can tell at a glance which packet is on the wire right now.
Animation
Engineering pitfalls
SYN flood — half-open connections
Without SYN cookies, an attacker can exhaust the listening socket's backlog by sending SYN without ever finishing the handshake. Enable SYN cookies in kernel sysctl on public-facing hosts.
MSS clamping for tunnel-overhead
If your path includes IPSec or PPPoE, the standard 1460 MSS is too large after encapsulation. Set MSS-clamping on the tunnel interface or you'll see packet drop with PMTU=blackhole.
TIME_WAIT exhaustion under high churn
Closing a TCP connection puts the local side into TIME_WAIT for 2×MSL (~4 minutes). High-connection-rate apps exhaust the local port range. Tune `tcp_tw_reuse` carefully — `tcp_tw_recycle` is deprecated and unsafe.
References
Primary sources
- RFC 9293 — Transmission Control Protocol (TCP) (current TCP spec, supersedes RFC 793).
- RFC 6528 — Defending against Sequence Number Attacks.
- RFC 7413 — TCP Fast Open.