Bird
Raised Fist0
Interview Prepcomputer-networkseasyAmazonGoogleMicrosoftFlipkartSwiggyRazorpay

TCP Three-Way Handshake - SYN, SYN-ACK, ACK & Connection Teardown

Choose your preparation mode3 modes available
SolutionTrace

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Steps
setup

Initialize / Setup

Initialize client and server nodes in idle state with no packets sent yet. The network link between them is inactive.

💡 Starting with a clean slate helps visualize the entire handshake and teardown process from the beginning.
Line:pass # No code needed for setup
💡 The network is ready but no communication has started yet.
📊
TCP Three-Way Handshake - SYN, SYN-ACK, ACK & Connection Teardown - Watch the Algorithm Execute, Step by Step
Watching each packet flow and state change visually helps you understand the purpose and sequence of TCP handshake and teardown without needing to memorize protocol details.
Step 1/10
·Active fillAnswer cell
Initialized client and server nodes; network links inactive.
Hop: 0
Client
Server
Client sent SYN packet to server to initiate connection.
Hop: 1
Client
Server
📦Packet
fromclient
toserver
🔌 protocolTCP
🚩 flagsSYN
srcclient_ip:12345
dstserver_ip:80
flagsSYN
SYN: client→server
Server processed SYN and sent SYN-ACK to client.
Hop: 2
Client
Server
📦Packet
fromserver
toclient
🔌 protocolTCP
🚩 flagsSYN, ACK
srcserver_ip:80
dstclient_ip:12345
flagsSYN, ACK
SYN: client→server
SYN-ACK: server→client
Client sent ACK to server, completing handshake.
Hop: 3
Client
Server
📦Packet
fromclient
toserver
🔌 protocolTCP
🚩 flagsACK
srcclient_ip:12345
dstserver_ip:80
flagsACK
SYN: client→server
SYN-ACK: server→client
ACK: client→server
Server received ACK; connection established.
Hop: 4
Client
Server
SYN: client→server
SYN-ACK: server→client
ACK: client→server
Client sent FIN to server to start connection teardown.
Hop: 5
Client
Server
📦Packet
fromclient
toserver
🔌 protocolTCP
🚩 flagsFIN
srcclient_ip:12345
dstserver_ip:80
flagsFIN
SYN-ACK: server→client
ACK: client→server
FIN: client→server
Server acknowledged FIN with ACK.
Hop: 6
Client
Server
📦Packet
fromserver
toclient
🔌 protocolTCP
🚩 flagsACK
srcserver_ip:80
dstclient_ip:12345
flagsACK
ACK: client→server
FIN: client→server
ACK: server→client
Server sent FIN to client to complete teardown.
Hop: 7
Client
Server
📦Packet
fromserver
toclient
🔌 protocolTCP
🚩 flagsFIN
srcserver_ip:80
dstclient_ip:12345
flagsFIN
FIN: client→server
ACK: server→client
FIN: server→client
Client sent final ACK to server, closing connection.
Hop: 8
Client
Server
📦Packet
fromclient
toserver
🔌 protocolTCP
🚩 flagsACK
srcclient_ip:12345
dstserver_ip:80
flagsACK
ACK: server→client
FIN: server→client
ACK: client→server
Connection fully closed; client and server idle.
Hop: 9
Client
Server
ACK: server→client
FIN: server→client
ACK: client→server

Key Takeaways

The TCP three-way handshake ensures both client and server agree on connection parameters before data transfer.

This handshake is hard to grasp from code alone because it involves asynchronous packet exchanges and state changes.

Connection teardown is a four-step process involving FIN and ACK packets from both sides to close the connection gracefully.

Visualizing the packet flow clarifies why both sides must exchange FIN and ACK packets.

Node states and packet flags clearly indicate the current phase of the connection lifecycle at each step.

Seeing states change from idle to sending and processing helps understand protocol state machines beyond static code.

Practice

(1/5)
1. In which scenario would you most likely use CIDR notation instead of traditional classful addressing?
easy
A. When you want to efficiently allocate IP addresses to networks of varying sizes without wasting addresses
B. When you want to separate the network and host portions strictly by the first octet
C. When you need to allocate IP addresses in fixed blocks of Class A, B, or C sizes
D. When you want to assign IP addresses only within Class C networks

Solution

  1. Step 1: Understand classful addressing limitations

    Classful addressing allocates IP blocks in fixed sizes (Class A, B, C), often wasting many IP addresses.

  2. Step 2: Recognize CIDR's flexibility

    CIDR allows variable-length subnet masks, enabling allocation of IP blocks tailored to network size, reducing waste.

  3. Step 3: Evaluate options

    When you need to allocate IP addresses in fixed blocks of Class A, B, or C sizes describes classful allocation, not CIDR. When you want to separate the network and host portions strictly by the first octet is about classful fixed boundaries. When you want to assign IP addresses only within Class C networks restricts to Class C, which CIDR overcomes.

  4. Final Answer:

    Option A -> Option A

  5. Quick Check:

    CIDR is used for efficient IP allocation across variable network sizes [OK]
Hint: CIDR = flexible IP blocks, classful = fixed blocks
Common Mistakes:
  • Believing CIDR only applies to Class C networks
  • Thinking CIDR is just a different notation without functional difference
  • Assuming classful addressing is still standard for IP allocation
2. Trace the sequence of steps when an IPv6 packet is sent over an IPv4-only network using tunneling. What happens to the packet headers during this process?
easy
A. The IPv6 packet is converted into an IPv4 packet using NAT64 before transmission
B. The IPv6 header is replaced by an IPv4 header, and the packet is routed as IPv4
C. The IPv6 packet is fragmented into IPv4 packets and reassembled at the destination
D. The IPv6 packet is encapsulated inside an IPv4 header, which is then routed over the IPv4 network

Solution

  1. Step 1: Understand tunneling

    Tunneling encapsulates the entire IPv6 packet inside an IPv4 packet to traverse IPv4 infrastructure.

  2. Step 2: Analyze options

    The IPv6 packet is encapsulated inside an IPv4 header, which is then routed over the IPv4 network correctly describes encapsulation with an IPv4 header. The IPv6 header is replaced by an IPv4 header, and the packet is routed as IPv4 incorrectly states header replacement, which loses IPv6 info. The IPv6 packet is fragmented into IPv4 packets and reassembled at the destination is incorrect; fragmentation does not convert protocols. The IPv6 packet is converted into an IPv4 packet using NAT64 before transmission describes NAT64, a different technique.

  3. Final Answer:

    Option D -> Option D

  4. Quick Check:

    Tunneling wraps IPv6 packets inside IPv4 headers for transport.
Hint: Tunneling = IPv6 packet inside IPv4 header [OK]
Common Mistakes:
  • Confusing tunneling with header replacement
  • Mixing up NAT64 with tunneling
  • Assuming fragmentation converts protocols
3. In which OSI layer would you most likely implement encryption to secure data before transmission?
easy
A. Presentation Layer
B. Transport Layer
C. Application Layer
D. Network Layer

Solution

  1. Step 1: Understand the role of the Presentation Layer

    The Presentation Layer is responsible for data translation, encryption, and compression before passing data to the Session Layer.

  2. Step 2: Why not other layers?

    Application Layer handles user interface and application services, Transport Layer manages end-to-end communication and reliability, Network Layer handles routing and addressing but not encryption.

  3. Final Answer:

    Option A -> Option A

  4. Quick Check:

    Encryption is a Presentation Layer function [OK]
Hint: Encryption and data formatting happen at the Presentation Layer [OK]
Common Mistakes:
  • Assuming encryption is done at the Application Layer
  • Confusing Transport Layer's reliability with security
  • Thinking Network Layer handles encryption
4. Why is it generally discouraged to use POST for operations that are intended to be idempotent, such as updating a user profile repeatedly with the same data?
medium
A. Because POST requests are cached by default, leading to stale data issues.
B. Because POST always deletes the resource before updating it.
C. Because POST cannot carry a request body, limiting update capabilities.
D. Because POST is not idempotent, repeated identical requests may cause unintended side effects.

Solution

  1. Step 1: Recall idempotency definition

    An idempotent method produces the same result no matter how many times it is repeated.

  2. Step 2: Analyze POST properties

    POST is not idempotent; repeated identical POSTs can create multiple resources or side effects.

  3. Step 3: Evaluate options

    Because POST is not idempotent, repeated identical requests may cause unintended side effects correctly identifies the non-idempotent nature of POST. Others are factually incorrect.

  4. Final Answer:

    Option D -> Option D

  5. Quick Check:

    POST is not idempotent, so using it for idempotent operations risks unintended consequences.
Hint: POST ≠ idempotent; PUT and DELETE are idempotent
Common Mistakes:
  • Thinking POST is cached by default (it is not)
  • Believing POST cannot carry a body (it can)
  • Assuming POST deletes resources before updating
5. Which of the following statements about the scalability and overhead trade-offs between Distance Vector and Link State routing is TRUE?
medium
A. Distance Vector routing scales better in large networks because it floods link state advertisements less frequently
B. Distance Vector routing has lower convergence time but higher memory usage compared to Link State
C. Link State routing requires more memory and CPU but scales better due to faster convergence and less routing loops
D. Link State routing uses less bandwidth overall because it only sends updates when topology changes

Solution

  1. Step 1: Understand resource usage

    Link State routing stores the entire network topology, requiring more memory and CPU for Dijkstra's algorithm.

  2. Step 2: Analyze scalability and convergence

    Link State converges faster and avoids routing loops better, making it more scalable despite higher resource use.

  3. Step 3: Evaluate options

    Distance Vector routing scales better in large networks because it floods link state advertisements less frequently is false because Distance Vector does not flood link state advertisements at all. Distance Vector routing has lower convergence time but higher memory usage compared to Link State is false because Distance Vector generally has slower convergence and lower memory usage. Link State routing uses less bandwidth overall because it only sends updates when topology changes is misleading; Link State floods updates on topology changes, which can be bandwidth intensive.

  4. Final Answer:

    Option C -> Option C

  5. Quick Check:

    Link State trades higher resource use for better scalability and convergence.
Hint: More CPU/memory but faster convergence -> Link State scales better
Common Mistakes:
  • Assuming Distance Vector floods updates like Link State
  • Confusing convergence time and memory usage
  • Believing Link State sends fewer updates overall