The TCP Handshake
TCP is not only needy, but it's also a very formal protocol. Before TCP can begin the process of sending data across the network, TCP relies on a "handshake" to set up the conversation between point A and point B. This handshake makes TCP "connection oriented," which means that a connection must be created between the end-stations before TCP communication can proceed.


This handshake is often referred to as the "three way handshake" because of the three frames that pass back and forth:


The First Frame – The initial synchronize (SYN) frame is sent from the station initiating the conversation to the destination station. The SYN frame includes initial sequence numbers and the port that will be used for the conversation, as well as other initialization parameters.

The Second Frame – The destination station receives the SYN frame. If everything is in agreement, it sends an acknowledgement to the SYN (called an ACK) and its own SYN parameters.

The Third Frame – The original station receives the ACK to its original SYN, as well as the SYN from the destination device. Assuming everything is in order, the source station sends an ACK to the destination station's SYN.

This handshake occurs every time a TCP session is established. It's this three-way handshake that allows nmap to gather so much information about the ports on a device.