TCP (Transmission Control Protocol) RFC 793

TCP header have minimum size of 20 bytes and maximum of 60 bytes. TCP is used only for unicast communication. Multicast is not supported by TCP.

|          Source Port          |        Destination Port       |
|             16 bit            |             16 bit            |
|                         Sequence Number                       |
|                              32 bit                           |
|                       Acknowledgment Number                   |
|                              32 bit                           |
| Data  |          |U|A|P|R|S|F|                                |
|Offset | Reserved |R|C|S|S|Y|I|            Window              |
|       |          |G|K|H|T|N|N|                                |
|4 bits |  6 bits  |  6 bits   |            16 bit              |
|            Checksum          |          Urgent Pointer        |
|             16 bits          |             16 bits            |
|            Options           |          Padding               |
|        variable length       |                                |
|                            data                               |

Data offset: This field represents from where the data start i.e what is the size of TCP header. This value specified in data offset is in bytes and multiplying this value with 32 and the dividing the result by 8 give header length in bytes.  OR Multiply by 4 as (32/8=4 ) will give the header size.

For example if the value in Data offset is 5. Then TCP header will be: (5*32)/8=20 bytes

Window: The window size defines the amount of data a host can send to receiver without getting any acknowledgement.  For example there are two Hosts A, B. If host B advertise window size of 4000 bytes to host a then it means that Host A can send 4000 bytes of data without waiting for acknowledgement. Once Host A sends 4000 bytes of data it should wait for acknowledgement of the sent data.

Checksum: During checksum calculation TCP makes all value of checksum as zero. First of all TCP generates a pseudo random header. The pseudo header contain source ip, destination ip, reserved bits (8 bits all are kept 0), protocol, Length of segment (TCP header+data).

Now TCP generate a checksum of pseudo header (96 bit) + all field of segment (TCP header+data)

Cumulative Acknowledgment: When a device gets an Ack it means that all bytes up to number N have already been received successfully.Ack field contain next sequence number that sender of Ack is expecting ie it will be Seq+1. There is a feature in TCP called as selecting acknowledgement which allows non continuous acknowledgement. Once TCP sends a segment it sets its timer and if the timer expires and TCP doesn’t get Ack for the data that it has sent it will retransmit considering that sent data is lost.

TCP can accept data of any size from application and then can chunk into pieces as required. TCP collect data to be sent from applications and creates a segment to be transmitted.

Why we need sequence number?

TCP gather data from application store them and then forward to IP layer. So TCP should have something to identify the data to verify if the data is delivered or not.This identification is done by the help of sequence number.

TCP sliding window:

TCP states:


CLOSED  Closed is the starting point of a connection. It represent no connection at all or connection is destroyed.
LISTEN  In this state process is waiting for a connection from a remote process.

  • If the process received a SYN it sends SYN+ACK and moves to SYN-RCVD state.
SYN_SENT  Process have sent a SYN and is waiting for a matching SYN.

  • If a SYN+ACK is received the process moves to established state.
  • If SYN is received  process sends Ack and move to SYN-RCVD state.
SYN_RCVD  The process have received a matching reply for the SYN that it has sent and now it is waiting for ACK of the SYN that it have sent.

  • If ACK is received process moves to EASTABLISHED state.
ESTABLISHED  This represents full established connection and its a steady state. data can be transferred in this state.

  • If process wants to terminate the connection it sends a FIN message and moves to FIN_WAIT_1.
  • If remote process wants to close the connection it sends a FIN message. Once the local process receives the FIN it acknowledges the FIN by sending a ACK and move to CLOSE_WAIT.
CLOSE_WAIT  The process have received a FIN message from other process and it sends ACK for that process and moves from ESTABLISHED to CLOSE_WAIT.

  • If the local process is ready to close the connection it also sends a FIN message and moves to LAST_ACK.
LAST_ACK  The process have received a FIN from other side it have acknowledged the FIN that it have received and have also sent its own FIN to remove process.

  • If ACK of the FIN that local process have sent is received it closes the connection and moves to CLOSED state.
FIN_WAIT_1  The local process want to terminate the connection so it sends a FIN message to remote process and move to FIN_WAIT_1 from established.

  • If ACK of the FIN is received then process move to FIN_WAIT_2.
  • If a FIN is received then process send ACK of the FIN that it have sent and moves to CLOSING state.
FIN_WAIT_2 The local process is waiting for the remote process to terminate the connection.

  • If a FIN is received an ACK is sent and process moves to TIME_WAIT state.
 TIME_WAIT  The local process have sent a FIN and have received ACK for that FIN. The remote process have sent a FIN and local process have sent ACK of this FIN. Now the local process is waiting for some time for the ACK that is has sent in response for the FIN that it have received to be received by remote process once the timer expires then it moves to CLOSED state.

TCB(Transmission control block):
TCP maintain information about a connection and this information is stored in a data structure called as TCB. TCB is maintained by both client and server. TCB hold lots of information and following is important info that TCB holds:

  1. State
  2. process
  3. Local IP
  4. Local Port
  5. Remote IP
  6. Remote Port
  7. Interface
  8. Local Window
  9. Remote Window
  10. Sending sequence number
  11. Receiving sequence number
  12. Sending Ack number
  13. Round trip time
  14. Buffer size
  15. Buffer pointer
  16. Timeout values

Connection establishment:
Device before transferring data should establish a connection. Data can be transferred in full duplex mode.
TCP three way handshake:
Connection establishment process is called 3 way handshake.
Server will send a request to tell to TCP that it is ready to accept connection from client and move its state to LISTENING.This request is called as passive open.
Client sends a request to its TCP to initiate a connection to server. This request is called as active open.


  1. Client sends a SYN segment along with a ISN(Initial sequence number). The SYN segment can contain some TCP options as well. A syn segment consumes sequence number. Window size of client is defined in this segments.
  2. Server sends SYN+ACK to client. SYN and ACK flags are set in the same segment. Server selects its ISN and fill it in segment.  Server will also specify its window size. A a SYN is sent so a sequence number is consumed. Server will increase the sequence number of client by 1 and put it in ACK No. field.
  3. Client sends the ACK of the SYN+ACK that it have received. The Seq No will be kept x+1 (sequence number is incremented by 1 from x because of the SYN). Client will take the Sequence number of the server and increment it by 1 and add it to ACK No field. Client will also specify its window size. ACK does not occupy sequence number space

TCP flags:

Push Flag:

Whenever TCP connection is established a TCB is allocated for the connection and that TCB have internal buffer and TCP keeps data in internal buffer. Once the buffer is full it will send the data out. At receiver side also TCP have internal buffer and it sends data to receiving application once the buffer is full.

Problem with TCP buffering the data: We know that TCP buffers the data in internal buffer and when that buffer get full then TCP sends that data to application. But imagine a situation at receiver/sender side where some data is stacked in a buffer but the buffer is not completely full and there is no data left to send/arrive now TCP will not push that data to application and keep on waiting this situation can be resolved by PSH flag.
For some application storing the data in buffer and then sending will not be acceptable. For example telnet. In telnet whatever we type should be sent immediately to server TCP should not buffer the data.

To deal with such situation we have PUSH flag in tcp header. Whenever application need to send data immediately to server it sends data with PUSH flag set. When sender TCP gets a data with psh flag it take all data in buffer and send it. When server receive the data with PUSH flag TCP will take all the data that it have received and whatever it have in the buffer and send that data to application without waiting for buffer to get filled.

In HTTP when client/server doesn’t have anything to send then client/server sends packet with PSH flag set.


Urgent flag:

TCP send data on FIFO bases. TCP treat all data as equal. If we want to prioritize some data we can use urgent flag. Lets say you have some data in buffer  with normal operation tcp will process the data with FIFO. But if you want to process some data before any other data Urgent pointer can be used.

Urgent pointer tells to the receiver to process some data specified by urgent pointer first before other data. We can say when URG flag is set then the receiving machine will not wait till all queued data is process instead it will take the urgent data and sent it to application before any other data in buffer.

For example when user is doing some kind of file transfer then if the user want to abort the connection in between then urgent pointer can be used. Source user application can set the tcp URG pointer and send the tcp segment to receiver once the receiver receive the segment it process the data specified by urgent pointer before any other data in buffer. Sender will send the segment with URG pointer only when the TCP buffer is filled. But receiver will process the data as soon as he receive the data. So If you want to push the data immediately from sender we can use PSH + URG flag.

TCP options:

SACK(Selective acknowledgment):

TCP uses a cumulative acknowledgment scheme. TCP acknowledges only that last consecutive segments. If some packet loses then sender doesn’t get to know that which packet have been lost and it retransmit all packet from last ACK packet again, receiver might receive the packet which are already delivered successfully.

Selective Acknowledgment (SACK) is a TCP option in which receiver can inform the sender about all segments that have arrived successfully, so the sender needs to  retransmit only the segments that have actually been lost.

If a peer support SACK or not is determined in TCP three way handshake. If a peer supports SACK then during three way handshake SACK permitted option is sent in SYN, SYN+Ack.


TCP Sack-Permitted Option: SACK permitted option is of 2 bytes and is sent in SYN, SYN+ACK message.

Kind: 4
| Kind=4  | Length=2|

TCP SACK option:

Kind: 5

Length: Variable
                          | Kind=5 | Length |
| Starting Seq number of received segment   |
|   Last seq number of received segment     |
/            . . .                          /
| Starting Seq number of received segment   |
|   Last seq number of received segment     |

Understand SACK with example:

Lets say there are two hosts Host A, B. Host A is client and Host B is server.  Host B sends following segment to host A
Segment A (1-10)
Segment B (11-20)
Segment C (21-30)
Segment D (31-40)

But Host A receives only segment A,B,D. Host A will sent a ACK with ACK number as 21 and in SACK it will mention 31-40. Now when host B will receive this ACK it will understand that host A have received data till 20 and it has also received data from 31 to 40

Window scale:  Window scale is a TCP option. Maximum window size a host can send to a receiver is 65535 (largest number possible for a 16 bit integer ) With the help of window scale we can increase the window size.  Window scale value is send with SYN packet.

For Example window size advertised is 256 and window scale advertised is 8 so the total window size would be (2^8) * 256=65536

MSS(Maximum segment size): MSS specifies the maximum amount of data that a host can accept or process in a single segment of TCP.  MSS excludes TCP header size. Minimum MTU is 576. Minimum MSS is 536.

Understanding TCP Seq number and Ack number with example:

Client sends a syn packet with a seq number of “2370319030” Ack no of “0” as this a first packet of TCP three way handshake.


Server sends its first packet with seq number of “2803589839” and Ack of “2370319031” Note here Ack number is increased by 1 indicating client that its syn is received and please send next packet.


Now client will send a seq number of “2370319031” Ack of “2803589840”.
Note here seq is increased by 1 as syn packet consumes a seq number and Ack is also increased by 1 indicating server that its syn is received and it needs next packet with seq of “2803589840”



This entry was posted in Protocol, TCP and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s