TCP Control Flags | Three-way Handshake | TCP Socket Status


As a protocol TCP establishes connections for sending long chains of segments of data. The way TCP establishes connection is through the use of different control flags in very specific order. In this article we will cover how TCP connection established and closed. Also the three-way handshaking, and socket status. Before going through these, lets first define the six TCP Control Flags. We will also discuss them in the order that they appear in TCP Header.

TCP Control Flags

URG (Urgent)

This is the first flag in TCP header. A value of one here indicates that the segment is urgent. It also indicates that the urgent pointer field has more data about this. This feature of TCP never had wide spreaded option, also not usually seen.

ACK | Acknowledgement Flag

This is the second control flag in TCP header. A value of one in ACK flag means that the acknowledgement number need to examine.

PSH | Short for Push | TCP Control Flags

PSH which is short for Push. The Push flag indicates, the transiting device wants the receiving device to push currently buffered data to the application on the receiving end as soon as possible. Here a buffer is a computing technique, where a certain amount of data held somewhere before sent somewhere else. The buffer has a lot of practical applications. In terms of TCP it helps to send large chunks of data efficiently.Hence by keeping some amount of data in buffer, TCP can deliver more meaningful chunks of data to the program waiting for it. But in some cases we might send very small amount information that we need the listening program to respond immediately. The PSH flag helps doing this.

RST | Reset

The fourth flag is RST, short for ReSeT. This RST flag indicates one of the side in TCP connection hasn’t been able to properly recover from a series of missing or malformed segments. It is similar for one of the partner in TCP connection to say, “Wait, I can’t put together what you mean, lets start over from scratch.”

SYN | Synchronize

The SYN flag in TCP header stands for Synchronize. The flag makes sure the receiving end knows to examine the sequence number field. This flag is necessary when first establishing a TCP connection.

FIN | Short for FINish

Finally the FIN flag in TCP header stands for FINish. When this flag is one, this means the transmitting computer doesn’t have any more data to send. So the connection is ready to close.

The Three-Way Handshake | How TCP connection established and Closed

Let consider Computer A wants to establish a TCP connection to Computer B. So PC A will be the transmitting Computer and PC B will the receiving computer.

TCP Control Flags | Three way Handshake | Socket Status | Networking

To start the process PC A sends the TCP segment to PC B with a SYN flag set. This is like PC A saying to PC B “Let’s establish a connection and look at my sequence number field to recognize where the conversation starts.” PC B then responds with a TCP segment, where both SYN and ACK flags are ON. This is also like PC B is saying “Sure, lets establish a connection and I acknowledge your sequence number.” Then PC A respond again with just ACK flag set on. Which is PC A is saying: “I acknowledge your acknowledgement,let’s start sending data.”

This process of exchanging SYN, SYN/ACK, and ACK happen every time a TCP connection begin to establish anywhere. This process of establishing TCP Connection refers to as Three-way Handshake. So a Handshake is a way for two devices to ensure that they’re speaking the same protocol. Also will be able to understand each other. So a TCP connection establishes when three-way handshake completed. Now PC A is free to send whatever data it wants to PC B, and vice versa.

Closing TCP Connection | The Four-way Handshake

A TCP connection after establishing can operate in Full Duplex mode. Because both sides of the TCP connection have sent SYN/ACK pairs to each other. So each segment sent in either direction should be responded to by TCP segment with the ACK field set ON. Hence the other side of TCP connection always knows what another side has received.

Now if one of the device involved in TCP connection ready to close the connection, then something refers to as four-way handshake happens. The computer ready to close the connection sends a FIN flag. This FIN flag other computer acknowledges with an ACK flag. Then if the other computer also ready to close the connection, (Which is almost always be the case) it will send the FIN flag. Finally the receiving PC will respond this wth an ACK flag.

TCP Control Flags | Three-way Handshake | Socket Status | Networking

Hypothetically, a TCP connection can stay open in Simplex mode with only one side closing the connection. But this is not the case that we encounter very often.

TCP Socket Status | End-point of TCP Connection

TCP socket is the instantiation of an end-point in a potential TCP connection. Instantiation means an original object or implementation of a definition. TCP Sockets require actual program to instantiate them. To contrast this with a port is that we can send traffic to any port we want, but the port will only response if a program opens socket on that port. There are lots of states exists in TCP socket. In this section of this article we will discuss about some main socket states in a TCP connection.

Socket State: LISTEN

This state of socket means A TCP socket is ready and listening for incoming connection. This status can be visible to server only.


Also a TCP Socket state which means a synchronization request has been sent, but the connection hasn’t been established yet. This status can be visible to client side only.


This means a Socket previously in a LISTEN state has received a SYN request, also sent a SYN/ACK back. This Socket status also visible to server side only.


This means A TCP connection is in working state, and both sides are free to send each other data. This status can be visible to both client and server side of a TCP connection.


This states that a FIN has been sent, but corresponding ACK from the other end not yet received.


This indicates the connection is CLOSE, but the application that opened the socket hasn’t released its hold on the socket yet.


Means TCP connection terminated, and no further communication is possible.

There are many other Socket states that exists. But any of the socket states and their names can vary from OS to OS. This is because socket exists outside of the scope of the definition TCP itself.

So we are at the end of our discussion on TCP control flags in TCP connection, as well as TCP Socket states. Next we will discuss about the Application Layer of TCP/IP Stack Model, also how all layers work together to establish a TCP connection.

Copy link
Powered by Social Snap