Most Internet applications use TCP for the transport layer (layer 4 in the OSI model). It is a connection-oriented protocol which provides guaranteed, reliable delivery of data over an underlying, unreliable network. TCP data units are called segments – this includes the header and the data being encapsulated.
Guaranteed and ordered data transfer
Reliability through error recovery
TCP is connection oriented which means a connection is established between two hosts at the start of a communication and lasts for the duration of data transfer until it is torn down at the end. This means that although the underlying network at layer 3 may change (packets could take different routes), at layer 4 there is a continuous service provided for the application layer to use.
TCP connections use SYN and ACK flags in the TCP header to keep track of the lifecycle of the connection from the three-way handshake through to the closing of the connection.
TCP connections are established with a three-way handshake. A basic summary for a client / server TCP connection is:
The server is listening for new connections.
The client asks to connect. It sets the SYN flag to 1, the ACK flag to 0 and sends a random sequence number (x). This also includes information such as the port it wants to connect to and some properties of the connection.
If the server is listening on the chosen destination port, it accepts the connection.
The server then replies with the SYN flag set to 1 and the ACK flag set to 1. It sends back its own random sequence number (y) and an acknowledgement number which is (x + 1).
The client replies with SYN 0 and ACK1. It uses a sequence number of (x + 1) and an acknowledgement number of (y + 1).
If the server is not listening on the specified destination port then it will simply reply with the RST (reset) flag set.
Once the connection is established, both parties continue incrementing their sequence numbers when they send data and replying with acknowledgments when they receive data. Sequence numbers are increased by the number of bytes being sent. Acknowledgement numbers are based on the received sequence number and number of bytes received - it tells the sender what sequence number it's expecting next. This helps provide ordered and guaranteed communication as discussed below.
TCP connections are ‘full duplex’ – both parties can send data at the same time.
Either party can tear down it’s half of the conversation at any point by setting the FIN flag. A typical termination of a connection is as follows:
Host A will send a FIN segment.
Host B acknowledges the FIN with an ACK
Host B sends its own FIN.
Host A replies with an ACK.
Connection is now released by both hosts.
Because each TCP segment has a sequence number, a recipient can deliver data to the application layer in the correct order – even if the IP network delivers them out of order.
If a host doesn’t receive an expected segment then it won’t send an acknowledgement for that segment. If the sender doesn’t receive an ACK that it’s expecting then it will resend the data.
This is what enables TCP to provide guaranteed, ordered delivery to the application layer.
TCP provides basic error recovery using a checksum. When the checksum is checked by the recipient, if it fails then the segment is discarded. Because the segment has been discarded, an acknowledgement won’t be sent and then the sender will resend the data.
Multiplexing is used to allow multiple connections simultaneously and to differentiate between the connections for different applications. When a host receives data, it needs to work out who that data is for – is it http traffic for a web browser, VOIP for Skype or FTP data being transferred. TCP does this using ports. Hosts manage network connections using sockets which are defined by:
When a client sets up a connection for an application it will assign an unused port as the source port. This is known as an ephemeral port – it is just assigned for the duration of the connection. All data received on this port until the connection is terminated will be sent on to that application.
The destination port that data is sent to is more specific. Common applications have been assigned port numbers which is what a client will set as the destination port. For example HTTP traffic uses port 80.
The server can differentiate between connections using the client's IP address and source port.
There are three ranges of port numbers. IANA (the Internet Assigned Numbers Authority) maintain registered port numbers and suggested ranges to be used:
Well known ports (0 – 1023)
Registered ports (1024 – 49151)
Dynamic / Private Ports - often used as ephemeral ports (49152 – 65535)
21 File Transfer Protocol (FTP)
22 Secure Shell (SSH)
25 Simple Mail Transfer Protocol (SMTP)
53 Domain Name System (DNS)
80 Hyper Text Transfer Protocol (HTTP)
110 Post Office Protocol (POP3)
143 Internet Message Access Protocol (143)
443 HTTPS (HTTP Secure – using TLS/SSL)
TCP lets the receiver specify a ‘window’. The size of the window (in bytes) dictates how many bytes of data the sender can transmit before it should wait for an acknowledgement from the receiver.
TCP port number which the data is being sent from.
TCP port number which the data is being sent to.
Used for initiating the connection and then keeping track of the order of data.
Gives the size of the TCP header in bytes. The minimum is 20 bytes, if ‘Options’ are used then they may add up to an additional 40 bytes. The maximum size of a TCP header (data offset) is 60 bytes.
The Transmission Control Protocol has these 3 bits reserved for future use. They should be set to zero.
There are 6 one bit flags:
URG: Urgent Pointer field significant
ACK: Acknowledgment field significant
PSH: Push Function
RST: Reset the connection
SYN: Synchronize sequence numbers
FIN: No more data from sender
The size of the window is the number of bytes which the sender will accept (from the current acknowledgement number) before it sends another acknowledgement.
The checksum is calculated over a ‘pseudo-header’ which consists of:
Source IP Address (32 bits)
Destination IP Address (32 bits)
Zero Padding (8 bits)
Protocol – 6 for TCP (8 bits)
TCP length (8 bits)
If the URG flag is set, this field is used to give the last urgent byte of data.
If the data offset is greater than 5 then the options field occupies the remaining space. Zero padding is included at the end if necessary.