TCP Flags For 3 Way Handshake

TCP uses a three-way handshake to establish a reliable connection. The connection is full-duplex, and both sides synchronize (SYN) and acknowledge (ACK) each other. The exchange of these flags is performed in three steps: SYN, SYN-ACK, ACK.

SYN and ACK TCP flags are used for TCP 3 way handshake to establish connections.

• SYN (Synchronize sequence number). This indicates that the segment

  contains an ISN. During the TCP connection establishment process, TCP

  sends a TCP segment with the SYN flag set. Each TCP peer acknowledges

  the receipt of the SYN flag by treating the SYN flag as if it were a

  single byte of data. The Acknowledgment Number field for the

  acknowledgment of the SYN segment is set to ISN + 1.

• ACK (Acknowledgment field is significant). This indicates that the

  Acknowledgment field contains the next byte expected on the

  connection. The ACK flag is always set, except for the first segment

  of a TCP connection establishment.

Reference:

• Understanding tcp flags
• Tcpdump: Filter Packets with Tcp Flags