Bird
Raised Fist0
Interview Prepcomputer-networkseasyAmazonGoogleMicrosoftFlipkartSwiggyRazorpay

TCP Three-Way Handshake - SYN, SYN-ACK, ACK & Connection Teardown

Choose your preparation mode3 modes available
SolutionTrace

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
🎯
TCP Three-Way Handshake - SYN, SYN-ACK, ACK & Connection Teardown
easyNETWORKSAmazonGoogleMicrosoft

Imagine you want to call a friend but need to make sure they are ready to talk before you start the conversation. TCP’s three-way handshake is like that initial call setup ensuring both sides are ready.

💡 Beginners often confuse the handshake as just sending SYN packets or think connection teardown is symmetrical like setup, missing the four-step process and the purpose of each packet. Think of the handshake as a polite phone call setup, and teardown as hanging up carefully so both parties know the call ended.
📋
Interview Question

Explain the TCP three-way handshake process including SYN, SYN-ACK, and ACK packets, and describe how TCP connection teardown works.

Purpose of TCP three-way handshake for reliable connection establishmentRoles of SYN, SYN-ACK, and ACK packets in handshakeFour-step TCP connection termination process
💡
Scenario & Trace
ScenarioA client wants to establish a TCP connection with a web server to load a webpage.
1. Client sends SYN to server to request connection. 2. Server responds with SYN-ACK to acknowledge and synchronize. 3. Client sends ACK to confirm connection established. 4. Data transfer begins. 5. When done, client sends FIN to initiate teardown. 6. Server replies with ACK, then sends its own FIN. 7. Client sends final ACK, connection closes.
  • What if SYN packet is lost during handshake → retransmission and timeout handling
  • What if one side crashes after sending SYN-ACK but before receiving ACK → half-open connection scenario
  • What if FIN packet is lost during connection teardown → retransmission and connection timeout
⚠️
Common Mistakes
Thinking the handshake is just a SYN and SYN-ACK exchange

Interviewer doubts your understanding of the ACK’s role in confirming connection establishment

Explain the three steps clearly and emphasize the final ACK from client confirms the connection

Assuming connection teardown is symmetrical and uses three steps like setup

Interviewer suspects you don’t know about the four-step FIN/ACK exchange and half-close states

Describe the four-way handshake and explain why both sides must close independently

Ignoring the role of sequence numbers in handshake synchronization

Interviewer thinks you lack understanding of TCP reliability and ordering

Mention initial sequence numbers and how acknowledgments confirm synchronization

Not considering packet loss and retransmission during handshake and teardown

Interviewer doubts your knowledge of TCP’s robustness and timeout mechanisms

Explain retransmission timers and how TCP handles lost SYN, ACK, or FIN packets

🧠
Basic Definition - What It Is
💡 This level covers the fundamental purpose and sequence of the handshake and teardown without deep internals. It’s like knowing the main steps of a phone call setup and hang-up without the technical details.

Intuition

TCP uses a three-step message exchange to establish a reliable connection before data transfer.

Explanation

TCP is a connection-oriented protocol that requires both client and server to agree on connection parameters before exchanging data. The three-way handshake involves the client sending a SYN packet to initiate, the server replying with SYN-ACK to acknowledge and synchronize, and the client sending an ACK to confirm. This ensures both sides are ready and synchronized. Connection teardown is done via a four-step process where FIN and ACK packets are exchanged to gracefully close the connection.

Memory Hook

💡 Think of it as a polite phone call: 'Hello?' (SYN), 'Hello, I hear you!' (SYN-ACK), 'Great, let's talk!' (ACK), and hanging up politely with goodbye signals (FIN/ACK).

Illustrative Code

# No code needed for basic definition approach
# This approach focuses on conceptual understanding
pass

Interview Questions

What are the three packets involved in TCP connection setup?
  • SYN from client
  • SYN-ACK from server
  • ACK from client
Depth Level
Interview Time30 seconds
Depthbasic

Covers the basic handshake steps and purpose; sufficient for quick screening questions. No algorithmic complexity applies as this is conceptual.

Interview Target: Minimum floor - never go below this

Knowing only this lets you pass initial screening but won't impress in detailed interviews.

🧠
Mechanism Depth - How It Works
💡 This level explains the internal mechanisms, packet flags, sequence numbers, and connection teardown details expected in product company interviews. Think of it as understanding the secret handshake and the exact steps to close the call cleanly.

Intuition

TCP handshake synchronizes sequence numbers and confirms readiness, while teardown ensures both sides close connection gracefully to avoid resource leaks.

Explanation

The three-way handshake starts with the client sending a SYN packet with an initial sequence number (ISN). The server responds with a SYN-ACK packet containing its own ISN and acknowledging the client's ISN+1. The client then sends an ACK acknowledging the server's ISN+1. This exchange synchronizes sequence numbers and confirms both sides are ready. For connection teardown, TCP uses a four-way handshake: one side sends FIN to indicate no more data, the other side acknowledges with ACK, then sends its own FIN, and finally the first side sends an ACK. This ensures both sides have finished sending data and the connection closes cleanly. Retransmissions handle lost packets, and TCP timers manage connection states.

Memory Hook

💡 Imagine two people exchanging secret handshake steps to start a dance (synchronize), then carefully stepping off the floor one by one to avoid collisions (teardown).

Illustrative Code

# No code needed for mechanism depth approach
# This approach focuses on detailed conceptual understanding
pass

Interview Questions

What role do sequence numbers play in the TCP handshake?
  • Initial sequence numbers synchronize sender and receiver
  • Acknowledgments confirm receipt
  • Prevents old duplicate packets from causing confusion
Explain the four steps in TCP connection teardown.
  • FIN from initiator
  • ACK from receiver
  • FIN from receiver
  • ACK from initiator
Depth Level
Interview Time2-3 minutes
Depthintermediate

Demonstrates understanding of TCP internals, sequence numbers, flags, and teardown process; suitable for FAANG on-sites. No algorithmic complexity applies as this is conceptual.

Interview Target: Target level for FAANG on-sites

Mastering this level distinguishes you from most candidates and shows readiness for system design and networking roles.

📊
Explanation Depth Levels
💡 Choose your explanation depth based on interview stage and company expectations.
LevelInterview TimeSuitable ForRisk
Basic Definition30sScreening call or quick conceptual questionsToo shallow for on-site or system design interviews
Mechanism Depth2-3 minutesOn-site interviews at FAANG and top tech companiesRequires solid understanding; missing details here can cost you
💼
Interview Strategy
💡 Use this guide to structure your explanation clearly and confidently before every networking mock interview.

How to Present

Start with a concise definition of the TCP three-way handshake and its purpose.Give a relatable analogy or example to make it memorable.Explain the detailed mechanism including packet types and sequence numbers.Describe the connection teardown process and mention common edge cases.

Time Allocation

Definition: 30s → Example: 1min → Mechanism: 2min → Edge cases: 30s. Total ~4min

What the Interviewer Tests

Interviewer checks if you understand why handshake is needed, how synchronization happens, and how TCP ensures reliable connection setup and teardown.

Common Follow-ups

  • What happens if a SYN packet is lost? → Retransmission and timeout mechanisms.
  • Why is the connection teardown a four-way handshake instead of three? → Half-close states and independent closing.
💡 These follow-ups test your grasp on TCP reliability and connection state management.
🔍
Pattern Recognition

When to Use

Interviewers ask about this when discussing TCP, connection establishment, or reliable communication protocols.

Signature Phrases

Explain the TCP three-way handshakeWhat happens when a TCP connection is established?Describe TCP connection teardown

NOT This Pattern When

Similar Problems

Practice

(1/5)
1. When a link failure occurs in a network running Distance Vector routing, what sequence of events typically happens before all routers have updated their routing tables?
easy
A. Routers immediately flood the network with link state advertisements, then recompute shortest paths
B. Routers notify neighbors of the failure, update their tables, and neighbors propagate updates iteratively until convergence
C. Routers wait for a periodic timer to expire before sending updates, causing immediate global convergence
D. Routers use a centralized controller to recompute routes and push updates to all routers

Solution

  1. Step 1: Identify Distance Vector update mechanism

    Distance Vector routers share routing information only with neighbors and rely on iterative updates.

  2. Step 2: Trace the failure propagation

    When a link fails, a router detects it and updates its routing table, then sends updates to neighbors. Neighbors update their tables and propagate changes further, iteratively converging.

  3. Step 3: Analyze options

    Routers immediately flood the network with link state advertisements, then recompute shortest paths describes Link State behavior, not Distance Vector. Routers wait for a periodic timer to expire before sending updates, causing immediate global convergence is incorrect because updates are sent immediately upon detecting changes, not only on timers, and convergence is not immediate. Routers use a centralized controller to recompute routes and push updates to all routers is incorrect because Distance Vector is decentralized.

  4. Final Answer:

    Option B -> Option B

  5. Quick Check:

    Distance Vector uses neighbor-to-neighbor iterative updates after failure detection.
Hint: Distance Vector updates propagate hop-by-hop, not flooded globally
Common Mistakes:
  • Confusing Distance Vector with Link State flooding
  • Assuming immediate global updates without iteration
  • Thinking Distance Vector uses centralized control
2. Which of the following statements about the TLS certificate chain is INCORRECT?
medium
A. The certificate chain is transmitted encrypted during the TLS handshake to protect privacy
B. The client must trust the root CA certificate to validate the entire chain
C. The certificate chain includes the server certificate and intermediate CA certificates up to a trusted root CA
D. If any certificate in the chain is invalid or expired, the client should reject the connection

Solution

  1. Step 1: Understand certificate chain transmission

    The certificate chain is sent in plaintext during the handshake because encryption is not established yet.

  2. Step 2: Evaluate each statement

    A: Correct, chain includes server and intermediate certificates.
    B: Correct, client must trust root CA.
    C: Incorrect, chain is sent unencrypted.
    D: Correct, invalid certificates cause rejection.

  3. Final Answer:

    Option A -> Option A

  4. Quick Check:

    Certificate chain is sent before encryption is established, so it cannot be encrypted.
Hint: Certificate chain is public info sent before encryption
Common Mistakes:
  • Assuming certificate chain is encrypted during handshake
  • Confusing trust anchor with intermediate certificates
  • Ignoring certificate expiration impact
3. Which of the following statements about subnet masks is INCORRECT?
medium
A. A subnet mask separates the network and host portions of an IP address by masking bits
B. The subnet mask must always be contiguous ones followed by zeros in binary
C. Changing the subnet mask does not affect the total number of IP addresses in the network
D. Subnet masks can be represented in dotted decimal or CIDR notation

Solution

  1. Step 1: Review subnet mask function

    Subnet masks define network and host bits, affecting subnet size and number of IP addresses.

  2. Step 2: Analyze each statement

    A subnet mask separates the network and host portions of an IP address by masking bits is true; subnet masks separate network and host bits. The subnet mask must always be contiguous ones followed by zeros in binary is true; subnet masks must be contiguous ones then zeros. Subnet masks can be represented in dotted decimal or CIDR notation is true; subnet masks can be in dotted decimal or CIDR.

  3. Step 3: Identify incorrect statement

    Changing the subnet mask does not affect the total number of IP addresses in the network is false; changing subnet mask changes subnet size and total IP addresses available.

  4. Final Answer:

    Option C -> Option C

  5. Quick Check:

    Subnet mask directly impacts number of IP addresses in a subnet [OK]
Hint: Subnet mask length controls subnet size and IP count
Common Mistakes:
  • Believing subnet masks can have non-contiguous bits
  • Thinking subnet mask changes don't affect IP count
  • Confusing subnet mask notation formats
4. Which of the following best explains why TCP's sliding window flow control alone cannot prevent network congestion?
medium
A. Because sliding window increases window size exponentially regardless of network state
B. Because sliding window only limits sender based on receiver buffer, not network capacity
C. Because sliding window retransmits lost packets too slowly
D. Because sliding window requires explicit congestion notification from routers

Solution

  1. Step 1: Understand sliding window's limitation

    Sliding window controls flow based on receiver's buffer availability, not network congestion.

  2. Step 2: Differentiate from congestion control

    Congestion control algorithms like AIMD adjust sending rate based on network feedback to avoid congestion.

  3. Step 3: Reject exponential increase and retransmission speed options

    Sliding window does not inherently increase window exponentially; retransmission speed is unrelated to flow control.

  4. Step 4: Clarify explicit congestion notification role

    Explicit congestion notification is optional and unrelated to sliding window's basic operation.

  5. Final Answer:

    Option B -> Option B

  6. Quick Check:

    Sliding window limits sender by receiver buffer, not network capacity.
Hint: Flow control = receiver buffer limit; congestion control = network capacity limit.
Common Mistakes:
  • Assuming sliding window adapts to network congestion
  • Confusing flow control with retransmission mechanisms
  • Believing sliding window depends on router signals
5. Which of the following statements about TCP congestion control using AIMD is INCORRECT?
medium
A. AIMD guarantees zero packet loss in all network conditions
B. Multiplicative decrease halves the congestion window upon detecting packet loss
C. Additive increase means the congestion window grows by a fixed amount each RTT
D. AIMD balances efficient bandwidth use with network stability

Solution

  1. Step 1: Verify additive increase meaning

    Congestion window increases by a fixed increment per RTT, which is correct.

  2. Step 2: Confirm multiplicative decrease behavior

    On loss detection, TCP halves the congestion window, consistent with multiplicative decrease.

  3. Step 3: Assess AIMD guarantees

    AIMD does not guarantee zero packet loss; it aims to reduce loss by controlling sending rate.

  4. Step 4: Understand AIMD's balance goal

    AIMD is designed to balance throughput and network stability, which is true.

  5. Final Answer:

    Option A -> Option A

  6. Quick Check:

    AIMD reduces but does not eliminate packet loss.
Hint: AIMD controls congestion but cannot prevent all packet loss.
Common Mistakes:
  • Believing AIMD eliminates all packet loss
  • Misunderstanding additive increase as exponential growth
  • Confusing multiplicative decrease with complete stop