TCP
TCP stands for transmission control protocol. It is a connection-oriented layer 4 protocol. By connection-oriented we mean a connection is needed to be established between the sender and receiver before the actual transfer of data. This connection is created in TCP through 3-way handshake.
After receiving the segment, receiver sends an acknowledgement to the sender to inform whether data segment has reached its destination safely or not. This makes TCP a reliable protocol as it guarantees the delivery of segments to its correct destination.
TCP is a byte stream protocol. Application layer sends data to the transport layer continuously without any limitation. TCP divides the data into sections where each section is a collection of bytes. It then creates segments by adding a TCP header to the data section.
Segment = TCP header + Data section
TCP Header
Source Port and Destination Port: A port is a logical communication endpoint on a machine. The main purpose of a port is session muliplexing. Source port on a client is used to track a session on a machine and destination port is used to identify upper layer protocol. As port is a 16 bit field so the value varies from 0 to 65535. The ports from 0 to 1023 are known as well known ports, ports from 1024 to 49151 are known as registered ports and ports from 49152 to 65535 are known as private ports.
Sequence Number: Sequence number is a 32 bit field. In TCP each data byte of the segment is assigned a unique value known as sequence number. The sequence number field contains sequence number of first data byte of the segment except when SYN is present. If SYN is present the sequence number is the initial sequence number (ISN).
Acknowledgment number: Acknowledgment number is a 32 bit field. Acknowledgment number field contains sequence number of the data byte that receiver expects to receive next from the sender.
Header length: Header length is a 4 bit field. It contains information about the length of TCP header. Header length is used to indicate from where the actual data begins. The length of TCP header always lies in the range between 20 bytes to 60 bytes. But the range of values that can be represented by header length field is 0 to 15. So to overcome this, scaling factor of 4 is used.
Header length (Bytes) = Header length field value x 4
Because of scaling factor usage, the value in header length field is always ≥5.
Window Size: Window size is a 16 bit field. It represents amount of data (in bytes) which the host can handle. In other words it specifies how many bytes the receiver is willing to receive. Window size is used for flow control. Window size also represents amount of data (in bytes) the sender can send without waiting for an acknowledgement from receiver.
Checksum: Checksum is a 16 bit field used for error control. It verifies the integrity of data in the TCP payload. For TCP checksum calculation tcp header, tcp data and pseudo IP header are used.
Pseudo IP header is used only for checksum calculation. It is not transmitted across the network.
While computing checksum, the checksum field itself is replaced with zeroes.
Urgent pointer: Urgent pointer is a 16 bit field. It indicates upto which byte, starting from the first byte of current segment, the data is urgent in the segment. This field is considered valid only if the URG flag is set to 1.
TCP Flags:
1: SYN (Synchronization) Flag: This flag is used in connection establishment in 3-way handshake process between the two hosts. Only the first packet from sender as well as receiver should have this flag set.
2: ACK (Acknowledgement) Flag: This flag is used to acknowledge the successful receipt of packets. The flag is set if the acknowledgement number field contains a valid acknowledgement number. For all TCP segments except request segment (first segment sent for connection establishment during three way handshake ), ACK bit is set to 1.
3: URG (Urgent) Flag: This flag along with urgent pointer is used to indicate that certain amount of data within the current segment is urgent (most important/highest priority traffic).
4: PSH (Push) Flag: This flag is used to tell the receiver to process the segments as they are received instead of buffering them.
When the segment arrives at the receiving end, it is temporarily queued in the TCP buffer (a special area in the memory) before passed to the application layer. The data queued in the incoming buffer will remain there until other segments of the data arrive and once this is complete, the data is passed to the application layer.
While this procedure works well in most cases, there are a lot of instances where this queueing of data is undesirable because any delay during queuing can cause problems to the waiting application. In those scenarios PSH flag is used to tell the receiver to process the segments as they are received instead of buffering them.
5: FIN (Finish) Flag: This flag is used to terminate the connection gracefully e.g. when there is no more data from the sender to send then this flag is used for connection termination.
6: RST (Reset) Flag: This flag is used to terminate the connection forcefully.
7: ECE (ECN [Explicit Congestion Notification]Echo): ECE is used to signal the sender to reduce the transmission rate. This flag is usually set by intermediate devices such as routers when they face high volumes of data that could cause congestion.
8: CWR (Congestion Window Reduced): The CWR flag is set by the sender to acknowledge that it received a TCP segment with the ECE flag set. When this flag is set, the sending node will begin sending data in accordance to the slow-start algorithm once again.
9: NS (Nonce Sum): experimental
Wireshark Capture
