Using the output of protocol analysis software, such as Wireshark outputs, you can examine the operation of the TCP 3-way handshake:
Step 1: The initiating client requests a client-to-server communication session with the server.
A TCP client begins the three-way handshake by sending a segment with the synchronize sequence number (SYN) control flag set, indicating an initial value in the sequence number field in the header. This initial value for the sequence number, known as the initial sequence number (ISN), is randomly chosen and is used to begin tracking the flow of data from the client to the server for this session. The ISN in the header of each segment is increased by one for each byte of data sent from the client to the server as the data conversation continues.
As shown in the figure, output from a protocol analyzer shows the SYN control flag and the relative sequence number.
The SYN control flag is set and the relative sequence number is at 0. Although the protocol analyzer in the graphic indicates the relative values for the sequence and acknowledgement numbers, the true values are 32-bit binary numbers. The figure shows the four bytes represented in hexadecimal.