TCP (Transmission Control Protocol) RFC 793

TCP header have minimum size of 20 bytes and maximum of 60 bytes. TCP is used only for unicast communication. Multicast is not supported by TCP.

|          Source Port          |        Destination Port       |
|             16 bit            |             16 bit            |
|                         Sequence Number                       |
|                              32 bit                           |
|                       Acknowledgment Number                   |
|                              32 bit                           |
| Data  |          |U|A|P|R|S|F|                                |
|Offset | Reserved |R|C|S|S|Y|I|            Window              |
|       |          |G|K|H|T|N|N|                                |
|4 bits |  6 bits  |  6 bits   |            16 bit              |
|            Checksum          |          Urgent Pointer        |
|             16 bits          |             16 bits            |
|            Options           |          Padding               |
|        variable length       |                                |
|                            data                               |

Data offset: This field represents from where the data start i.e what is the size of TCP header. This value specified in data offset is in bytes and multiplying this value with 32 and the dividing the result by 8 give header length in bytes.  OR Multiply by 4 as (32/8=4 ) will give the header size.

For example if the value in Data offset is 5. Then TCP header will be: (5*32)/8=20 bytes

Cumulative Acknowledgment: When a device gets an Ack it means that all bytes up to number N have already been received successfully.Ack field contain next sequence number that sender of Ack is expecting ie it will be Seq+1. There is a feature in TCP called as selecting acknowledgement which allows non continuous acknowledgement. Once TCP sends a segment it sets its timer and if the timer expires and TCP doesn’t get Ack for the data that it has sent it will retransmit considering that sent data is lost.

TCP can accept data of any size from application and then can chunk into pieces as required. TCP collect data to be sent from applications and creates a segment to be transmitted.

Why we need sequence number?

TCP gather data from application store them and then forward to IP layer. So TCP should have something to identify the data to verify if the data is delivered or not.This identification is done by the help of sequence number.

TCP sliding window:

TCP states:


CLOSED  Closed is the starting point of a connection. It represent no connection at all or connection is destroyed.
LISTEN  In this state process is waiting for a connection from a remote process.

  • If the process received a SYN it sends SYN+ACK and moves to SYN-RCVD state.
SYN_SENT  Process have sent a SYN and is waiting for a matching SYN.

  • If a SYN+ACK is received the process moves to established state.
  • If SYN is received  process sends Ack and move to SYN-RCVD state.
SYN_RCVD  The process have received a matching reply for the SYN that it has sent and now it is waiting for ACK of the SYN that it have sent.

  • If ACK is received process moves to EASTABLISHED state.
ESTABLISHED  This represents full established connection and its a steady state. data can be transferred in this state.

  • If process wants to terminate the connection it sends a FIN message and moves to FIN_WAIT_1.
  • If remote process wants to close the connection it sends a FIN message. Once the local process receives the FIN it acknowledges the FIN by sending a ACK and move to CLOSE_WAIT.
CLOSE_WAIT  The process have received a FIN message from other process and it sends ACK for that process and moves from ESTABLISHED to CLOSE_WAIT.

  • If the local process is ready to close the connection it also sends a FIN message and moves to LAST_ACK.
LAST_ACK  The process have received a FIN from other side it have acknowledged the FIN that it have received and have also sent its own FIN to remove process.

  • If ACK of the FIN that local process have sent is received it closes the connection and moves to CLOSED state.
FIN_WAIT_1  The local process want to terminate the connection so it sends a FIN message to remote process and move to FIN_WAIT_1 from established.

  • If ACK of the FIN is received then process move to FIN_WAIT_2.
  • If a FIN is received then process send ACK of the FIN that it have sent and moves to CLOSING state.
FIN_WAIT_2 The local process is waiting for the remote process to terminate the connection.

  • If a FIN is received an ACK is sent and process moves to TIME_WAIT state.
 TIME_WAIT  The local process have sent a FIN and have received ACK for that FIN. The remote process have sent a FIN and local process have sent ACK of this FIN. Now the local process is waiting for some time for the ACK that is has sent in response for the FIN that it have received to be received by remote process once the timer expires then it moves to CLOSED state.

TCB(Transmission control block):
TCP maintain information about a connection and this information is stored in a data structure called as TCB. TCB is maintained by both client and server. TCB hold lots of information and following is important info that TCB holds:

  1. State
  2. process
  3. Local IP
  4. Local Port
  5. Remote IP
  6. Remote Port
  7. Interface
  8. Local Window
  9. Remote Window
  10. Sending sequence number
  11. Receiving sequence number
  12. Sending Ack number
  13. Round trip time
  14. Buffer size
  15. Buffer pointer
  16. Timeout values

Connection establishment:
Device before transferring data should establish a connection. Data can be transferred in full duplex mode.
TCP three way handshake:
Connection establishment process is called 3 way handshake.
Server will send a request to tell to TCP that it is ready to accept connection from client and move its state to LISTENING.This request is called as passive open.
Client sends a request to its TCP to initiate a connection to server. This request is called as active open.


  1. Client sends a SYN segment along with a ISN(Initial sequence number). The SYN segment can contain some TCP options as well. A syn segment consumes sequence number. Window size is not defined in this segments mostly it is defined in Ack segments.
  2. Server sends SYN+ACK to client. SYN and ACK flags are set in the same segment. Server selects its ISN and fill it in segment.  Server will also specify its window size. A a SYN is sent so a sequence number is consumed. Server will increase the sequence number of client by 1 and put it in ACK No. field.
  3. Client sends the ACK of the SYN+ACK that it have received. The Seq No will be kept x+1 (sequence number is incremented by 1 from x because of the SYN). Client will take the Sequence number of the server and increment it by 1 and add it to ACK No field. Client will also specify its window size. ACK does not occupy sequence number space

TCP flags:

Push Flag:

Whenever TCP connection is established a TCB is allocated for the connection and that TCB have internal buffer and TCP keeps data in internal buffer. Once the buffer is full it will send the data out. At receiver side also TCP have internal buffer and it sends date to receiving application once the buffer is full.
But for some application storing the data in buffer and then sending will not work. For example telnet. In telnet whatever we type should be sent immediately to server TCP should not buffer the data.

To deal with such situation we have PUSH flag in tcp header. Whenever application need to send data immediately to server it sends data with PUSH flag set. When TCP receive the data with PUSH flag TCP will take all the data that it have received from application and whatever it have in the buffer and send that data to server without waiting for buffer to get filled.


Urgent flag:

TCP send data on FIFO bases. TCP treat all data as equal. If we want to prioritize some data we can use urgent flag. Lets say you have some data in buffer  with normal operation tcp will process the data with FIFO. But if you want to process some data before any other data Urgent pointer can be used.

Urgent pointer tells to the receiver to process some data specified by urgent pointer first before other data.

For example when user is doing some kind of file transfer then if the user want to abort the connection in between then urgent pointer can be used. Source user application can set the tcp URG pointer and send the tcp segment to receiver once the receiver receive the segment it process the data specified by urgent pointer before any other data in buffer. Sender will send the segment with URG pointer only when the TCP buffer is filled. But receiver will process the data as soon as he receive the data. So If you want to push the data immediately from sender we can use PSH + URG flag.

TCP options:

SACK(Selective acknowledgment):

TCP uses a cumulative acknowledgment scheme in which received segments that are not at the left edge of the receive window are not acknowledged.If some packet loses then sender doesn’t get to know that which packet have been lost and it retransmit all packet from last ACK packet again, receiver might receive the packet which are already delivered successfully.

Selective Acknowledgment (SACK) is a TCP option in which receiver can inform the sender about all segments that have arrived successfully, so the sender need retransmit only the segments that have actually been lost.

If a peer support SACK or not is determined in TCP three way handshake. If a peer supports SACK then during three way handshake SACK permitted option is sent in SYN, SYN+Ack.


TCP Sack-Permitted Option:

Kind: 4
| Kind=4  | Length=2|

TCP SACK option:

Kind: 5

Length: Variable
                  | Kind=5 | Length |
|      Left Edge of 1st Block       |
|      Right Edge of 1st Block      |
/            . . .                  /
|      Left Edge of nth Block       |
|      Right Edge of nth Block      |

Understanding TCP Seq number and Ack number with example:

Client sends a syn packet with a seq number of “2370319030” Ack no of “0” as this a first packet of TCP three way handshake.


Server sends its first packet with seq number of “2803589839” and Ack of “2370319031” Note here Ack number is increased by 1 indicating client that its syn is received and please send next packet.


Now client will send a seq number of “2370319031” Ack of “2803589840”.
Note here seq is increased by 1 as syn packet consumes a seq number and Ack is also increased by 1 indicating server that its syn is received and it needs next packet with seq of “2803589840”



This entry was posted in TCP and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s