In computing, a handshake is an exchange of information between devices that sets up the parameters of the conversation. Each side sends what is available and the two endpoints agree on the terms before any data is exchanged. The topic of the three-way handshake is outlined in detail in the original TCP RFC 793 found at https://tools.ietf.org/html/rfc793. The TCP handshake is as follows:

In most cases, the client initiates the conversation with a synchronization (SYN) packet, the server responds with a synchronization acknowledgment (SYN-ACK), and the client then completes the handshake with an acknowledgment (ACK). After the handshake is complete, the data exchange will follow.

For a closer look at the three-way handshake, go to http://tcpreplay.appneta.com/wiki/captures.html#bigflows-pcap. Once there, download bigflows.cap so you can follow along. Bigflows is a large capture that has many protocols and conversations. Bigflows  has 791,615 packets, as shown in the lower right-hand corner of the following screenshot:

Although you could technically work with the entire capture, in the next section, we will isolate a single stream and then create a smaller, more manageable file.