TCP - Three-way handshake


When a [TCP](/tcp) session is being established, the initiating host sends a TCP segment with the SYN flag set to 1, and waits for a response.  This is the first step in the [TCP 3-way handshake](/tcp-three-way-handshake).

Such a host will wait for a certain amount of time called the SYN timeout without a response, before considering the attempt a failure.  The SYN timeout depends upon the operating system of the device in question, as well as the application that is using that TCP session. There is a SYN timeout that is configured on each type of device.

For example, a Linux device will use a hardcoded retransmission timeout setting, where it will attempt to establish the connection every one second. It will continue to do so until the application trying to establish that session will choose to stop, and to consider the attempt failed.

Windows uses a dynamic TCP timeout which can be configured in the registry. The initial timeout is 3 seconds, but it doubles each time a SYN attempt fails. It has a maximum number of retransmissions of 5 before the attempt is considered a failure.

These behaviors can typically be adjusted by the application performing the connection, and should be adjusted to fit the needs of that application. An email client will operate differently than a web browser for example.

Links:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc739819(v=ws.10)?redirectedfrom=MSDN

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reducing_the_tcp_delayed_ack_timeout

TCP SYN timeout

Spanning Tree Protocol (STP)

Spine and leaf architecture - connections to leaf switches

Spine and leaf architecture - connections to spine switches

Spine and leaf architecture - reducing latency

Split-horizon

StackWise Virtual

Stackwise election process

Stackwise user priority

Subscriber templating

Summarization

Supernetting

Switch configuring a routed port

Switch high availability options

Switch protected port limitations

Switch protected port

Switching - CEF

Switching - Media Access Control (MAC) addresses

Switching - Process switching

Switching - backplane

Switching - cut through

Switching - fast switching

Switching - show cable-diagnostics

Switching - store and forward

Switching - switch fabric

Switching - switched virtual interface (SVI)

Switching - switchport autostate command

Switching

Switchport - IEEE 802.1q

Switchport - ISL

Switchport access

Switchport modes

Switchport trunk configuration ignores access commands

Switchport trunk encapsulation

Switchport trunk

Symmetric Digital Subscriber Line (SDSL)

Syslog - terminal monitor

Syslog relay or proxy

Syslog severity levels

TCP - Congestion control

TCP - Header

TCP - SEQ and ACK values

TCP - Slow start

TCP - Urgent pointer field

TCP - Window Size Scaling

TCP - factors affecting segment size

TCP - role of checksum field

TCP MSS and window size

TCP RST flag

TCP header options

TCP phantom byte

TCP-IP model

TFTP

Tcl Shell

Telnet

Time to live

Traceroute - Interpreting output

Traceroute asterisk and !H responses

Traceroute

Transparent Cisco IOS Firewall use cases

Transport Layer port number

Troubleshooting - using Telnet to test transport layer ports

Troubleshooting a slow network

Troubleshooting high CPU and memory usage on a switch

UDP - Header

UDP - Maximum Datagram Size

Unicast Reverse Path Forwarding (uRPF)

Unicast traffic

Unknown unicast traffic

Upgrade your R&S skills to modern networking

VACL - Changes to ACL are active immediately

VLAN - Extended Range

VLAN - Native VLAN best practices

VLAN - Native VLAN on a router on a stick

VLAN - Private VLAN

VLAN - VLAN IDs 0 and 4095

VLAN Access Lists

VLAN Mapping

VLAN SVI status

VLAN Tag

VLAN control frames

VLAN

VLANs - 802.1Q tunneling (QinQ)

VLANs - Dynamic VLAN membership (VMPS)

VLANs - QinQ and CDP

VLANs - Vlans allowed and active in management domain

VLANs - when a tagged frame arrives on an access port

VLANs SVI

VPN - IKEv2 peer address of 0.0.0.0 0.0.0.0

VPN - crypto keepalive

VPN - default gateway for site to site VPN

VPN - default gateway of VPN client

VPN - split tunneling

VPN DVTI tunnel source

VRF - Definition mode

VRF - VPNv4 address

TCP SYN timeout

Links to this page: