TCP (Transmission Control Protocol) is a reliable transport layer protocol that establishes a connection before sending data and it waits for a positive acknowledgment from the receiver.
TCP is basically used where we want a guarantee of data delivery. It utilizes timeouts and retransmission to ensure error-free and sequenced data delivery.
In our previous blog, we gave a brief explanation of IP Headers and in this blog, we’ll have a closer look at each and every field of TCP header.
As shown in the figure above, the TCP header is 20 bytes in size excluding the Options field. The options field can be 0-40 bytes.
Now let’s start going through the header fields one by one.
This field is 16 bits, and it indicates the ports number of the application which is sending the data segment (source).
This field is also of 16 bits, and it holds the port number of the application in which the host is receiving the data.
The size of this field is 32 bits. For a better understanding, we can divide it into two parts, Initial Sequence number and Relative Sequence Number. The initial sequence number is a random sequence number that is sent by the sender in its SYN packet. Every operating system has its own algorithms to generate the initial sequence number for a new connection.
The relative Sequence number is used by protocol analyzers like Wireshark to make the easier understandable for the administrators. The relative Sequence number starts with 0 (SYN packet).
32 bits of this field in the TCP header holds the acknowledge number, which is sent by the receiver as an acknowledgment of the received packet. It defines the next sequence number of the packet that the receiver is expecting to receive. It can be calculated by incrementing the sequence number of the last received packet by packet size+1.
Acknowledgment Number = Sequence Number of last received packet + Size of last received packet + 1.
This 4-bit field shows the length of the TCP header in 4 Byte words that means if the value in this field is 5 then the header length will be 5*4 = 20 Bytes.
Header length can be 20-60 bytes. So, the value in this field will always be between 5-15.
3 Bits in the TCP header are reserved for the future.
There are 9 1-bit flag bits that are used to control connection flow control, establishment, termination, abortion, etc.
NS: ECN (Explicit Congestion Notification) Nonce Sum flag is still an experimental flag that is used to help to provide protection against accidental malicious concealment of packets from the sender.
CWR: Congestion Window Reduce flag is set by the sender to show that it received a TCP segment with the ECE flag set and had replied in the congestion control mechanism.
ECE: ECN-Echo flag is used to echo back the congestion indication (i.e., telling the sender to reduce the amount of data/information it sends).
URG: Urgent flag is set when the data should be treated on priority, and it should not wait in the buffer to be processed. This segment will be processed immediately.
ACK: The acknowledgment flag is set in the acknowledgment segment.
PSH: Push flag is set when the segment should be processed immediately without waiting to fill the entire TCP segment.
RST: Reset flag is set to immediately terminate the session. It is set when there is something wrong with the TCP connection.
SYN: Synchronisation flag is set in the SYN packet (i.e., in SYN from connection initiator and in SYN+ACK from the receiver).
FIN: Finish flag is set to gracefully terminate the connection. It is full-duplex that means both parties will send a FIN flag to terminate the connection.
16-bit of this field indicates how many bytes the recipient is willing to receive. It is used so the receiver can indicate to the sender that it would like to accept more data than what it is at this time receiving. It does so by indicating the number of bytes ahead of the sequence number in the acknowledgment number field.
The 16 bits of this field are used for a checksum to check if the TCP header is OK or not.
The urgent Pointer field is used when the URG flag bit has been set, the urgent pointer is used to specify where the urgent data finishes.
This field is optional and can be anywhere between 0 and 320 bits.
A sample of the TCP header can be seen in the above picture.
This concludes the explanation of each field in the TCP header. Packet-level understanding is very helpful for everyone while troubleshooting issues in an IT environment. If you are struggling with operational issues coming into your environment or thinking to deploy any Campus Network, Data Center. Zindagi Technologies can help you here.
Zindagi Technologies Pvt Ltd is the best IT consultancy and professional services organization based out of New Delhi, India. We’re experts in designing and deploying large-scale data centers, service provider networks, campus networks and provide 24*7 operational services. Give us a call at +91 97739 73971.
Network Consultant Engineer