TCP is a standard that describes how to establish and maintain a network connection through which application programs can exchange data. TCP works with the Internet Protocol, which describes how computers send data packets to each other. TCP provides a connection-oriented communication that starts with a handshake between two devices. Data is sent with proper sequence and acknowledgment to ensure delivery.
TCP uses a technique that is called a three-way handshake to establish a reliable connection. There is flag exchange between source and destination and this is performed in three steps—SYN, SYN-ACK, and ACK.
1. The client sends a SYN (synchronize) flag to the server, which has a random sequence number.
2. The server sends back a SYN-ACK flag, containing a random sequence number of its own and an ACK number acknowledging the client’s sequence number.
3. The client sends an ACK number to the server, acknowledging the server’s sequence number.
4. The sequence numbers on both ends are synchronized. Both ends can now send and receive data independently.
•Source Port – This field has a 16-bit value that defines the source port of application or process for the traffic.
•Destination Port – This field also has a 16-bit value that defines the destination port of application or process for the traffic
•Sequence Number -This field has a 32-bit value and a number that uniquely identifies the TCP segment sequence. The sequence number provides an identifier that tells TCP receivers to identify which parts of a traffic stream are missing.
•Acknowledgment Number- The Acknowledgment Number field also has a 32-bit value and indicates the next desired sequence number from the other side of the traffic.
•Data Offset – This tells the length of the TCP header. In actuality, it is defined header length in 4-byte words or 32-bit words, if the value is 5 in the Data Offset field then it indicates that the TCP header is 20 bytes long. It covers the min size of the header is 5 words and the max is 15 words so calculates the min size of 20 bytes and a max of 60 bytes and allows up to 40 bytes of options in the header.
• TCP’s flow control is a process to ensure the sender is not sending more data to the receiver than it can handle.
• For every ack flag the receiver tells its current receive window size.
• The receive window is the free space in the receive buffer.
• TCP uses a sliding window protocol to make sure it has never more bytes in traffic than the window told by the receiver.
• If the window size is 0, TCP stops transmitting data and starts the persist timer.
• It periodically sends a small WindowProbe message to the receiver to check if it starts receiving the data again.
•When it receives a non-zero window size, it resumes the communication.
Windowing – Sliding windows, a technique is also well known as windowing, is used by the TCP as a process of controlling the flow of the packet between two hosts. TCP requires all transmitted data to be acknowledged by the receiving host. Sliding windows is a process by which multiple packets of data can be sent with a single acknowledgment.
SYN: If this flag is on, it means there is a value in the sequence number field. Synchronize/exchanging sequence numbers – handshake process. This is a sign of a host attempting to establish a TCP connection by exchanging the starting sequence number values.
ACK: If this flag is on, it means there is value in the acknowledgment number field. This is basically an acknowledgment of the SYN flag sent by sender and receiver. If this is missing from the process, then the data stream cannot continue to be sent.
PSH (Push): Bypass buffering and pass data straight to the upper layer.
There are two ‘TCP buffer’ areas. One TCP buffer collects outgoing data so that the window has a decent size. The other is on the incoming side to receive data and pass it up in an ordered fashion. The PSH flag indicates that this TCP segment should not be held in the outgoing or incoming buffers. An application that is very single-packet driven (such as character-at-a-time telnet) may set the PSH flag on every packet making TCP act in a ping-pong (packet out, ACK in, packet out, ACK in, etc.).
URG (Urgent): This helps the receiving TCP to forward the urgent data to a separate channel to the application. This permits the application to process the data out of the band.
If you have pushed data, the receiving end will wait for all of the data first and will see the PSH flag is set. Then it forwards the data to the application. This means you have to wait for the receiver to get all of the data before forwarding it and processing a new one. If the URG flag is set, this is like the sender saying “You do not need to wait for all of the data before sending them. Go ahead and prioritize sending urgent data.
The common protocol that used the URG flag is FTP, where you set the URG flag if you wanted to send a command during a transfer to interrupt the process. If the server was busy sending data and not listening for new commands, but if we set the URG flag the server was interrupted by the special signal.
FIN (Finish): A FIN says no more data from the sender. The user sends a FIN and waits until its own FIN is acknowledged otherwise it deletes the connection. If an ACK is not received, after the user timeout the connection is aborted and the user is informed.
RST (Reset): A RST indicates resetting the connection. It must be sent when a segment arrives which apparently is not intended for the current connection.
Example of FIN and RST.
FIN says, “I finished talking to you, but I’ll still listen to everything you have to say until you’re done” (Wait for an ACK)
RST says, “There is no conversation. I am resetting the connection!”
Explicit Congestion Notification (ECN): It is an expansion of the TCP/IP and is defined in RFC 3168 (2001). ECN enables end-to-end notification of network congestion without dropping packets. ECN is an optional feature that can be used between two ECN-enabled endpoints when supported by the underlying network infrastructure as well.
The TCP CWR and ECE flags use together with two flags in the IP header (ECT and CE) to advertise congestion senders on the network avoiding packet boxes and re-transmissions.
Before the advent of explicit congestion notification [ECN], the primary feedback mechanism available was packet drop. While recovery of packet drops would be handled by the transport layer or higher, it could result in latency derived from re-transmission timeouts [RTO]. If a latency-sensitive application is used, this delay could have adverse implications for the experience. Some mechanism is needed to notify the sender and receiver of the congestion.
Add two-bit marks to the reserved field of the TCP header: bit 8 (CWR – Reduced Congestion Window) and bit 9 (ECE – ECN-Echo). Finally, two flags were changed in the IP header in the differentiated services field: bit 14 (transport with ECT-ECN capability) and 15 (CE – Congestion experienced).
Both client and server must support ECN, the sender sends SYN packet with the ECE and CWR flags set, and the receiver returns the SYN-ACK with only the ECE flag set.
ECE Flag (ECN-Echo) – Indicates that the TCP peer supports ECN during the 3-way handshake and notifies the sender of congestion.
CWR flag: The sending host sets the congestion reduced window flag (CWR) to indicate that it received a TCP segment with the ECE flag set.
Host A needs to send TCP data to Host B.
To confirm that both client and server support ECN or not, the sender sends a SYN packet with the ECE and CWR flags set in the TCP header, and the receiver returns the SYN-ACK with only the ECE flag set.
Host A sends segments 1 through 5.
Segment 2 is forwarded by an ECN capable router that is experiencing congestion, the router detects congestion, instead of discarding packets destined for a receiver, it marks them with the CE flag in the IP header and delivers the packet to receiver Host B .
When Host B receives this segment, it sends ACK with the ECE flag set.
When Host A receives the first ACK with the ECE flag set, it slows down and sends its next segment (Segment 6) with the CWR flag set.
Upon receiving Segment 6 with the CWR flag set, Host B sends subsequent ACKs with the ECE flag disabled.
NS (experimental) – The Nonce Sum flag is still an experimental flag used to help protect against the accidental malicious shelter of sender packets.
Checksum: The TCP / IP checksum is used to detect data corruption over a TCP or IPv4 connection. If a bit is reversed, a byte is corrupted, or some other failure occurs in a packet, then the receiver of that broken packet is very likely to notice the problem due to a checksum mismatch. This provides an end-to-end guarantee that the data flow is correct.
Urgent Pointer Field – This field has only significant if the URG pointer is set. If the URG pointer is set, the receiver should examine this field to see where to search/read first in the packet.
Options field include below:
MSS: The maximum segment size is used to define the maximum segment to be used during a connection between two hosts. You can only see this option used during the SYN and SYN-ACK exchange of the three-way handshake. The MSS TCP option is 4 bytes (32 bits) long.
Window scaling: Window scaling is essentially an extension of the window size indicator. Because the largest possible value in the window size indicator is only 216 or 65,535 bytes (64 kb), it was clear that a larger field was required to increase the value to a huge concert. Thus, Window Scaling was born.
The Window Scale option can have a maximum size of 30 bits, which includes the original 16-bit window size field described in the previous section. So that’s 16 (original window field) + 14 (TCP Options ‘Window Scaling’) = 30 bits total.
Selective Acknowledgment (S-Ack) – Used to selectively acknowledge packets in case of missing segments.
Timestamp: Another aspect of TCP flow control and reliability services is the round trip delivery times that a virtual circuit is experiencing. The round-trip delivery time will accurately determine how long TCP will wait before trying to re-transmit a segment that has not been recognized.
No Operations (NOP): The TCP option NOP stands for “No Option” and is used to separate the different options used within the TCP Options field. It is also used to provide bit padding in case of a short length of other options fields.