May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

TCP Protocol

News See Also Recommended Links IP troubleshooting TCP Headers TCP flow control
TCP handshake Sequence numbers NAT Quiz Humor Socks5



TCP Headers

TCP Flow Control


TCP protocol is defined in RFC 793. The objective of TCP is to provide a reliable, connection-oriented delivery service. TCP views data as a stream of bytes, not frames. The unit of transfer is refered to as a segment. To provide the connection-oriented service, TCP takes care to ensure reliability, flow control, and connection maintainence.

TCP  is suited to the situation when large volume of data are transmitted between systems possibly across multiple routers. TCP has four main features:

  1. Virtual circuit connection
  2. Full-duplex connection
  3. Unstructured stream orientation
  4. Buffered transfer

Here are those four features in detail:

  • Virtual Circuit Connection.  TCP, on both the sending and receiving systems, must establish a connection before the transmission can start. This is similar to making a phone call; the line must be established before you can begin to talk.
  • Reliability

    To ensure reliability, TCP is able to recover from data that is damaged, lost, duplicated, or delivered out of sequence. In order to do this, TCP assigns a sequence number to each byte transmitted. The receiving host's TCP must return an ACK for bytes received within a specified period. If this is not done, the data is retransmitted. Damaged data is handled by adding a checksum to each segment. If a segment is detected as damaged by the receiving host's TCP, it will discard the segment. The sender will resend the segment since the ACK was never sent.


    TCP Headers

    All IP packets have at least one header, which is known as the IP header; sometimes this header is also called a Layer 3 or network header. The IP header is simply a series of bits which have been grouped into fields of a set size. All IP headers have the same structure; the only difference will be which bits have been set to "1" to either turn on a field's value or to represent a binary number within a field. Let's take a closer look at the fields in an IP header:
    4 8 16 32 bits
    Ver. IHL Type of service Total length
    Identification Flags Fragment offset
    Time to live Protocol Header checksum
    Source address
    Destination address
    Option + Padding

    An IP packet has 14 fields and occupy six 32-bit words; let's go through these fields one at a time.

    16 32 bits
    Source port Destination port
    Sequence number
    Acknowledgement number
    Offset Reserved U A P R S F Window
    Checksum Urgent pointer
    Option + Padding

    Note that a TCP header is also composed of 32-bit words; like an IP header, the default size is 20 bytes if the option field is not used. Let's summarize the fields that are available in a TCP header:

    We'll be seeing these flags again when we run "tcpdump" and when we take a look at creating packet filter rules.

    TCP Flow Control


    TCP is more than a basic send-receive-acknowledge-send progression. TCP has sophisticated algorithms to optimize flow control on both the sender side and the receiver side. The algorithm that implements flow
    control on both the sender side and the receiver side follows what is known as the sliding window principle.

    Receiver-Side Window Advertisements

    A TCP window advertisement determines the maximum amount of data that can be sent before the sender must wait for an acknowledgement from the receiver. By advertising its window size, the receiver side manages flow control. With window advertisements, the receiving host continually informs the sending host of how much data it is prepared to receive.

    Each TCP segment from the receiver carries an acknowledgement and a window advertisement. Each acknowledgement specifies how many bytes have been received, and each window advertisement specifies how many additional bytes the receiver is prepared to accept. The size contained in the window advertisements varies over time; therefore, it is considered a sliding window.

    Sender-Side Congestion Window

    To avoid network congestion, TCP on the sender side maintains a congestion window. The congestion window adjusts the amount of data that can be sent according to the number of segments that were recently lost or acknowledged in transit. Lost segments are detected if a transmission timeout occurs before an acknowledgement is received.

    As acknowledgements begin to be received, TCP doubles the size of the congestion window. If congestion is detected, the congestion window halves in size. If congestion continues, the congestion window can be halved multiple times.

    Depending upon the severity of the congestion, TCP can use either a slow-start or congestion-avoidance algorithm to begin to increase the size of the congestion window. The slow-start algorithm quickly increases window size by doubling it for each successful transmission. The congestion-avoidance algorithm slowly increases the window�s size by increasing it only one segment at a time for each successful transmission.

    TCP Large Window

    The Solaris implements RFC 1323, which allows larger TCP window advertisement sizes to enhance performance over high-delay, high-bandwidth networks, such as satellite networks.

    A standard TCP header uses a 16-bit field to report the receiver window size to the sender. Therefore, the largest window that can be used is 216 or 64 Kbytes. RFC 1323 introduces a mechanism to increase the window size to 230 or 1 Gbyte.

    Sequence Numbers

    A fundamental notion in the design is that every octet of data sent over a TCP connection has a sequence number. Since every octet is sequenced, each of them can be acknowledged. The acknowledgment mechanism employed is cumulative so that an acknowledgment of sequence number X indicates that all octets up to but not including X have been received. This mechanism allows for straight-forward duplicate detection in the presence of retransmission. Numbering of octets within a segment is that the first data octet immediately following the header is the lowest numbered, and the following octets are numbered consecutively.




    Q1. TCP stands for _____________________ ?

     A: Transmission Control Protocol

     Q2. TCP is ________ and ____________  ?

     a. connectionless, stateless

    b. connection-orineted, stateless

    c. connection-oriented, stateful

    d. connectionless, stateful

     A: C

     Q3. Full Duplex Connection consists of ___ independent streams of data.

     Ans: 2

     Q4. Receiving host informs header of how much it is ready to receive. This is called ________________ ?

     A: Window Advertisement


    Q5. T/F: There is no way to inform TCP of congestion along the path

    A: True

    Q6. What is spoofing?

    a. Where a packets claims its source to be other that what its source really is.

    b. Same as "denial of service" attacks

    c. Where a machine continually pings another machine

    d. Where certain broadcasts are passed through a router

    A: A

    NOTE: There is protection built-in in IPv6 to against spoofing

    Q6. Sequence Number in a TCP header is used for (list all that apply)

    a. acknowledgements

    b. upper layer information

    c. reordering of the octets received

    d. protocol dependent information

    e. rejecting the duplicate octets

    A: A,C,E

    Q7. What is "keepalive�?

    a. A keepalive is a small, layer-1 bit message that is transmitted by a

         network device to let directly-connected network devices know of its presence.

    b. A keepalive is a small, layer-2 message that is transmitted by a

         network device to let directly-connected network devices know of its presence.

    c. A keepalive is a small, layer-2 message that is transmitted by a

         network device to let it neighbors know of congestion

    d. A keepalive is a small, layer-3 message that is transmitted by a

         network device to let directly-connected network devices know of its presence.

    e. A keepalive is a small, layer-3 message that is transmitted by a

         network device to let it neighbors know of congestion

    A: B

    Q8. What is flow control ?

    a. To keep the transmitting device from transmitting no faster than the receiving device can receive.

    b. To find the best route to a destination

    c. To determine which machine transmits packets on the wire on a given instance.

    d. To be able to send a beacon message when congestion occurs.

    A: A

    Q9. Which of the following methods are used as flow control ?

        Choose 3

    a. Acknowledgements

    b. Windowing

    c. Traceroute

    d. TTL

    e. Sliding windows

    A: A,B,E



    Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


    War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


    Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


    Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

    Classic books:

    The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater�s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

    Most popular humor pages:

    Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

    The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

    Copyright � 1996-2021 by Softpanorama Society. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

    FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

    This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

    You can use PayPal to to buy a cup of coffee for authors of this site


    The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

    Last Modified: March 12, 2019