The three-way handshake is performed when establishing TCP connection to a port on the system. The handshake establishing reliable TCP connection if successful. The process involves three steps. The principal of how it works based on different flags set inside the packet. Lets look at three steps that occurring during three-way handshake.

1. Host A sends a SYN packet to Host B as a request to establish a connection.
2. Host B responds with SYN-ACK as an acknowledgment of the request.
3. Host A responds with ACK and connection is established.


If all three steps complete without errors then the TCP connection is established successfully. As we mentioned before SYN and ACK are bits that set on or off in the header of TCP packet.
Lets review TCP flags.
1. SYN – initiates a connection between two hosts
2. ACK – acknowledges the receipt of a packet of information
3. URG – indicates that data in the packet is urgent and should be processed immediately
4. PSH – instructs the sending system to send all buffered data immediately
5. FIN – tells remote system no more information will be send
6. RST – resets a connection

Knowing how TCP three-way handshake works can be very helpful when using a packet crafter. You can use this knowledge to create custom packets with different flags set.

Few examples of how to use different flags.

hping3 -8 50-56 -s "target ip" -v 

Create a packet with FIN, URG, PSH on port 80

hping3 -F -P -U "target ip" -p 80