这是正常的TCP连接的三次握手过程。但是，为什么需要三次握手呢？如果只有二次握手又会有什么问题呢？

1、The principle reason for the three-way handshake is to prevent old duplicate connection initiations from causing confusion.这主要是为了防止已经失效的连接请求报文段突然又传送到了B，从而产生错误。具体看下面的场景：A发出连接请求报文段，但是该连接请求报文段因网络原因暂时滞留在某网络结点。A因为没有收到确认，于是重传一次连接请求报文段，这个重传的连接请求报文段被B接收到了，并且A也收到了确认，于是连接建立成功。它们传输完数据之后，释放连接。但是，此时第一个连接请求报文段奇迹般地又到达了B。本来这是一个早已失效的报文段，但是B误认为是A又发出的一个新的连接请求。于是向A发送确认报文段，同意建立连接。如果不采用三次握手，对B而言，当它发出确认报文段后，新的连接就建立了，但这并不是一个真实的连接，造成资源浪费。

2、如果从更深层次的角度去考虑，我们看看TCP的三次握手到底做了些什么事情。在TCP中，通讯双方都会使用序列号(sequence number)来记录自己已经发送了哪些数据。而且，接收方也会使用对方的序列号对自己已经收到的数据进行确认。从安全角度考虑，序列号不会从0开始，而是一个随机值。因为TCP是双向通讯的，双方都可以发送数据，所以双方都必须产生一个随机数来作为自己的初始序列号。当然，通讯双方也必须把自己的初始序列号告知对方，这样双方才能正常通讯。Alice和Bob之间的TCP通话是这样开始的：
Alice —-> Bob   // SYNchronize with my Initial Sequence Number of X
Alice <—- Bob   // I received your syn, I ACKnowledge that I am ready for [X+1]
Alice <—- Bob   // SYNchronize with my Initial Sequence Number of Y
Alice —-> Bob   // I received your syn, I ACKnowledge that I am ready for [Y+1]
Alice将自己的初始序列号告知Bob，Bob对其进行确认；Bob将自己的初始序列号告知Alice，Alice对其进行确认。实际上，为了提高效率，第2步和第3步是在同一个报文段中完成的。
Alice —-> Bob   // SYN
Alice <—- Bob   // SYN ACK
Alice —-> Bob   // ACK
所以，如果只有两次握手的话，所实现的只是Alice将自己的初始序列号告知了Bob，Bob也对其进行了确认。即只能Alice对Bob发送数据，但是Bob却不能对Alice发送数据。

3、下面的英文解释跟2是同样道理的。
To establish a connection, the three-way (or 3-step) handshake occurs:
(1) SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment’s sequence number to a random value A.
(2) SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number i.e. A+1, and the sequence number that the server chooses for the packet is another random number, B.
(3) ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A+1, and the acknowledgement number is set to one more than the received sequence number i.e. B+1.

At this point, both the client and server have received an acknowledgment of the connection. The steps 1, 2 establish the connection parameter (sequence number) for one direction and it is acknowledged. The steps 2, 3 establish the connection parameter (sequence number) for the other direction and it is acknowledged. With these, a full-duplex communication is established.

4、两次握手更容易遭受DoS攻击

Sender           Receiver
           SYN
------------------------> (Connection established at Receiver)

        SYN + ACK
<------------------------ (Connection established at Sender)

The above sequence of steps shows what should happen ideally. Now, how easy it is to make DoS attack. Simply, send a SYN packet to the Receiver and it would open a connection at Receiver. Sender need not even care about (SYN + ACK) packet coming back from Receiver.