TCP header have minimum size of 20 bytes and maximum of 60 bytes. TCP is used only for unicast communication. Multicast is not supported by TCP.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | | 16 bit | 16 bit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | | 32 bit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | | 32 bit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | |Offset | Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | |4 bits | 6 bits | 6 bits | 16 bit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | | 16 bits | 16 bits | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | | variable length | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Data offset: This field represents from where the data start i.e what is the size of TCP header. This value specified in data offset is in bytes and multiplying this value with 32 and the dividing the result by 8 give header length in bytes. OR Multiply by 4 as (32/8=4 ) will give the header size.
For example if the value in Data offset is 5. Then TCP header will be: (5*32)/8=20 bytes
Cumulative Acknowledgment: When a device gets an Ack it means that all bytes up to number N have already been received successfully.Ack field contain next sequence number that sender of Ack is expecting ie it will be Seq+1. There is a feature in TCP called as selecting acknowledgement which allows non continuous acknowledgement. Once TCP sends a segment it sets its timer and if the timer expires and TCP doesn’t get Ack for the data that it has sent it will retransmit considering that sent data is lost.
TCP can accept data of any size from application and then can chunk into pieces as required. TCP collect data to be sent from applications and creates a segment to be transmitted.
Why we need sequence number?
TCP gather data from application store them and then forward to IP layer. So TCP should have something to identify the data to verify if the data is delivered or not.This identification is done by the help of sequence number.
TCP sliding window:
|CLOSED||Closed is the starting point of a connection. It represent no connection at all or connection is destroyed.|
|LISTEN|| In this state process is waiting for a connection from a remote process.
|SYN_SENT|| Process have sent a SYN and is waiting for a matching SYN.
|SYN_RCVD|| The process have received a matching reply for the SYN that it has sent and now it is waiting for ACK of the SYN that it have sent.
|ESTABLISHED|| This represents full established connection and its a steady state. data can be transferred in this state.
|CLOSE_WAIT|| The process have received a FIN message from other process and it sends ACK for that process and moves from ESTABLISHED to CLOSE_WAIT.
|LAST_ACK|| The process have received a FIN from other side it have acknowledged the FIN that it have received and have also sent its own FIN to remove process.
|FIN_WAIT_1|| The local process want to terminate the connection so it sends a FIN message to remote process and move to FIN_WAIT_1 from established.
|FIN_WAIT_2||The local process is waiting for the remote process to terminate the connection.
|TIME_WAIT||The local process have sent a FIN and have received ACK for that FIN. The remote process have sent a FIN and local process have sent ACK of this FIN. Now the local process is waiting for some time for the ACK that is has sent in response for the FIN that it have received to be received by remote process once the timer expires then it moves to CLOSED state.|
TCB(Transmission control block):
TCP maintain information about a connection and this information is stored in a data structure called as TCB. TCB is maintained by both client and server. TCB hold lots of information and following is important info that TCB holds:
- Local IP
- Local Port
- Remote IP
- Remote Port
- Local Window
- Remote Window
- Sending sequence number
- Receiving sequence number
- Sending Ack number
- Round trip time
- Buffer size
- Buffer pointer
- Timeout values
Device before transferring data should establish a connection. Data can be transferred in full duplex mode.
TCP three way handshake:
Connection establishment process is called 3 way handshake.
Server will send a request to tell to TCP that it is ready to accept connection from client and move its state to LISTENING.This request is called as passive open.
Client sends a request to its TCP to initiate a connection to server. This request is called as active open.
- Client sends a SYN segment along with a ISN(Initial sequence number). The SYN segment can contain some TCP options as well. A syn segment consumes sequence number. Window size is not defined in this segments mostly it is defined in Ack segments.
- Server sends SYN+ACK to client. SYN and ACK flags are set in the same segment. Server selects its ISN and fill it in segment. Server will also specify its window size. A a SYN is sent so a sequence number is consumed. Server will increase the sequence number of client by 1 and put it in ACK No. field.
- Client sends the ACK of the SYN+ACK that it have received. The Seq No will be kept x+1 (sequence number is incremented by 1 from x because of the SYN). Client will take the Sequence number of the server and increment it by 1 and add it to ACK No field. Client will also specify its window size. ACK does not occupy sequence number space
Whenever TCP connection is established a TCB is allocated for the connection and that TCB have internal buffer and TCP keeps data in internal buffer. Once the buffer is full it will send the data out. At receiver side also TCP have internal buffer and it sends date to receiving application once the buffer is full.
But for some application storing the data in buffer and then sending will not work. For example telnet. In telnet whatever we type should be sent immediately to server TCP should not buffer the data.
To deal with such situation we have PUSH flag in tcp header. Whenever application need to send data immediately to server it sends data with PUSH flag set. When TCP receive the data with PUSH flag TCP will take all the data that it have received from application and whatever it have in the buffer and send that data to server without waiting for buffer to get filled.
TCP send data on FIFO bases. TCP treat all data as equal. If we want to prioritize some data we can use urgent flag. Lets say you have some data in buffer with normal operation tcp will process the data with FIFO. But if you want to process some data before any other data Urgent pointer can be used.
Urgent pointer tells to the receiver to process some data specified by urgent pointer first before other data.
For example when user is doing some kind of file transfer then if the user want to abort the connection in between then urgent pointer can be used. Source user application can set the tcp URG pointer and send the tcp segment to receiver once the receiver receive the segment it process the data specified by urgent pointer before any other data in buffer. Sender will send the segment with URG pointer only when the TCP buffer is filled. But receiver will process the data as soon as he receive the data. So If you want to push the data immediately from sender we can use PSH + URG flag.
TCP uses a cumulative acknowledgment scheme in which received segments that are not at the left edge of the receive window are not acknowledged.If some packet loses then sender doesn’t get to know that which packet have been lost and it retransmit all packet from last ACK packet again, receiver might receive the packet which are already delivered successfully.
Selective Acknowledgment (SACK) is a TCP option in which receiver can inform the sender about all segments that have arrived successfully, so the sender need retransmit only the segments that have actually been lost.
If a peer support SACK or not is determined in TCP three way handshake. If a peer supports SACK then during three way handshake SACK permitted option is sent in SYN, SYN+Ack.
TCP Sack-Permitted Option:
Kind: 4 +---------+---------+ | Kind=4 | Length=2| +---------+---------+
TCP SACK option:
Kind: 5 Length: Variable +--------+--------+ | Kind=5 | Length | +--------+--------+--------+--------+ | Left Edge of 1st Block | +--------+--------+--------+--------+ | Right Edge of 1st Block | +--------+--------+--------+--------+ / . . . / +--------+--------+--------+--------+ | Left Edge of nth Block | +--------+--------+--------+--------+ | Right Edge of nth Block | +--------+--------+--------+--------+
Understanding TCP Seq number and Ack number with example:
Client sends a syn packet with a seq number of “2370319030” Ack no of “0” as this a first packet of TCP three way handshake.
Server sends its first packet with seq number of “2803589839” and Ack of “2370319031” Note here Ack number is increased by 1 indicating client that its syn is received and please send next packet.
Now client will send a seq number of “2370319031” Ack of “2803589840”.
Note here seq is increased by 1 as syn packet consumes a seq number and Ack is also increased by 1 indicating server that its syn is received and it needs next packet with seq of “2803589840”