How can you verify a successful TCP three-way handshake in a capture?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

How can you verify a successful TCP three-way handshake in a capture?

Explanation:
The key idea is recognizing how a TCP connection is established in a capture. A successful handshake shows three specific control packets in order between the same two endpoints: a SYN from the client, a SYN-ACK from the server, and an ACK from the client. This completes the handshake and marks the connection as established, after which data can begin to flow. If you see a long idle period after the initial SYN, the handshake never completed. Seeing a FIN after the SYN would indicate a closing attempt rather than an establishment. A DNS query before any traffic is unrelated to the TCP three-way handshake.

The key idea is recognizing how a TCP connection is established in a capture. A successful handshake shows three specific control packets in order between the same two endpoints: a SYN from the client, a SYN-ACK from the server, and an ACK from the client. This completes the handshake and marks the connection as established, after which data can begin to flow. If you see a long idle period after the initial SYN, the handshake never completed. Seeing a FIN after the SYN would indicate a closing attempt rather than an establishment. A DNS query before any traffic is unrelated to the TCP three-way handshake.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy