TCP-HANDSHAKE stress test

Mimics complete TCP handshakes with realistic TTLs so the flood reads as genuine connections, validating defenses that pass simple SYN floods.

Run TCP-HANDSHAKE test → All methods

600k pps

packet rate

How it works

This method drives a chained sequence that imitates full TCP connection setup rather than lone SYN packets, using lifelike packet attributes such as a believable TTL. Because each flow looks like a legitimate client completing a handshake, it slips past filters that only score isolated or malformed SYNs and instead loads the server's real connection and application acceptance path. Use it to confirm your mitigation can tell a real client from a well-formed imitation at scale.

Parameters

rate600k ppsConnections established per second

concurrency1k-100kSimultaneous half or fully open flows

ttl32-64Realistic time-to-live to mimic real clients

duration10-600 sLength of the handshake run

Run it from the CLI

retro-cli

$ retro run tcp-handshake --target 203.0.113.45 --port 443 --duration 120

TCP-HANDSHAKE FAQ

Why is this harder to mitigate than a plain SYN flood?+

Plain SYN floods rarely complete the handshake, so they are easy to filter. This method finishes the handshake with realistic packet traits, so it has to be judged on behavior rather than shape.