TCP Structure - Transmission Control Protocol
TCP desciption, Packet and Header structure, TCP Options and more.
2005-05-30 (updated: 2009-11-09) by Philip
Tags: TCP, header, TCP Options, ECN, TCP Window, packet, datagram
The Transmission Control Protocol (TCP) is one of the core Internet transport layer protocols. It is typically used by applications that require guaranteed, in-order delivery of packets. It provides handling for both timeouts and retransmissions, flow control, acknowledgements, and it distinguishes data form multiple concurrent applications running on the same host.
TCP establishes full duplex virtual connections between two nodes. Each node is defined by an IP address and a TCP port number. Data is then transferred in segments usually delineated by the maximum transmission unit (MTU) of the data link layer.
TCP assigns each packet a sequence number, which is used to make sure each packet is delivered, and in the correct order. The receiving end sends acknowledgements for packets which have been successfully received; if an acknowledgement is not received by the sender within a reasonable round-trip time (RTT), the presumably lost packet is retransmitted. The TCP Window size determines the number of bytes of data that can be sent before an acknowledgement from the receiver is necessary. TCP checks that no bytes are damaged by using a checksum for each block of data.
The TCP protocol is used with a number of applications: World Wide Web (HTTP), email (POP3, IMAP), File Transfer Protocol (FTP), Telnet, Secure Shell (SSH), IRC, NFS, NetBIOS, NNTP, etc.
TCP Header structure
|bits ||00 ||01 ||02 ||03 ||04 ||05 ||06 ||07 ||08 ||09 ||10 ||11 ||12 ||13 ||14 ||15 ||16 ||17 ||18 ||19 ||20 ||21 ||22 ||23 ||24 ||25 ||26 ||27 ||28 ||29 ||30 ||31|
|0 ||Source port ||Destination port|
|32 ||Sequence number|
|64 ||Acknowledgement number|
|96 ||Data offset ||Reserved ||ECN ||Control bits ||TCP Window|
|128 ||Checksum ||Urgent pointer|
|160 ||TCP Options (and padding, optional)|
|Data (variable length)|
Source port - 16 bits
Port number of the sender.
Destination port - 16 bits
The destination port this packet is addressed to.
Sequence number - 32 bits
Sequence number of the first data byte in this segment. If the SYN bit is set, then this is the initial sequence number and the first data byte is this initial sequence number plus one.
Acknowledgement number - 32 bits
If the ACK bit is set, the the next expected sequence number. Once a connection is established, this is always sent.
Data offset - 4 bits
Length of the TCP header as a number of 32-bit words. This indicates where the data begins. The length of the TCP header is always a multiple of 32 bits. The minimum size header is 5 words (20 bytes), and the maximum is 15 words (60 bytes). This field gets its name since it is also the offset from the start of the packet to the data.
Reserved - 3 bits
Should be 0. Note, RFC 793 defines this as a 6 bit field, but the last 3 are used for ECN as defined below.
ECN, Explicit Congestion Notification - 3 bits
Defined in RFC 2481, RFC 3168 and RFC 3540. Field contains 3 bit flags:
00 NS - added in RFC 3540. This is an optional ECN field intended to protect against accidental or malicious concealment of marked packets from the TCP sender.
02 ECE, ECN-Echo
Control bits (aka Flags) - 6 bits
This field contains 6 bit flags:
00 URG - Urgent pointer
01 ACK - Acknowledgement field
02 PSH - Push function
03 RST - Reset the connection
04 SYN - Synchronize sequence numbers
05 FIN - No more data from sender
Number of data bytes the sender of this segment is willing to accept, starting with the one in the Acknowledgement field. The Initial/Default/Maximum possible TCP Window is negotiated during the three-way handshake at the beginning of a connection. After that, packets contain the currently available portion of the TCP Window.
Checksum - 16 bits
Used for error-checking of the header and data. The method for computing the checksum is defined in RFC 793. Computed as the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the TCP header, and the data, padded (as needed) with zero bytes at the end to make a multiple of two bytes.
Urgent pointer - 16 bits, unsigned
If the URG bit is set, this field is an offset, pointing to the sequence number of the last byte in a sequence of urgent data.
TCP Options - 0 to 44 bytes variable length, optional
Additional header fields, called options, as defined by RFC 1323. This field is not required. All options are included in the checksum. An option may begin on any byte boundary. The total TCP header length (including TCP Options) is padded with zeros as necessary to make the header length multiple of 32 bits.
TCP Options are identified by an option kind field, as listed in the below table. Any number of TCP Options can be added to the end of the TCP header.
Each TCP Option may be either:
- a single byte option kind (options 0 and 1).
- a multi-byte option kind, consisting of a single byte option kind, a single byte length, and (length-2) bytes of data.
The most commonly used TCP Options are: 0,1,2,3,4,5, and 8.
|Kind ||Length (bytes) ||Description ||Reference|
|0 ||- ||EOL - End of option list, used as padding as needed ||RFC 793|
|1 ||- ||No operation (may be used as padding to a 32-bit boundary) ||RFC 793|
|2 ||4 ||MSS - Maximum receive segment size as a 16-bit number. Only valid if SYN bit is set. ||RFC 793|
|3 ||3 ||WSOPT - Windows scale factor. The TCP Window Size is leftshifted by the value of this 8-bit option. Only valid when SYN bit is set. ||RFC 1323|
|4 ||2 ||SACK (Selective Acknowledgements) permitted on this connection ||RFC 2018|
|5 ||variable ||SACK (Selective Acknowledgements) of non-contiguous blocks of data. The data in the option i sa series of (left edge)-(right edge) pairs giving, respectively, the first sequence number that has been received, and the first that hasn't. ||RFC 2018|
|6 ||6 ||Echo (obsoleted by option 8) ||RFC 1072|
|7 ||6 ||Echo Reply (obsoleted by option 8) ||RFC 1072|
|8 ||10 ||TSOPT - Timestamp option. The first 4 bytes (TSval) are the time that the packet was sent, the remaining 4 (TSecr) echo the TSval of a packet that was received. TSecr is only valid when ACK bit is set. ||RFC 1323|
|9 ||2 ||Partial Order Connection Permitted ||RFC 1693|
|10 ||3 ||Partial Order Service Profile ||RFC 1693|
|11 ||6 ||CC, Connection Count ||RFC 1644|
|12 ||6 ||CC.NEW ||RFC 1644|
|13 ||6 ||CC.ECHO ||RFC 1644|
|14 ||3 ||TCP Alternate Checksum Request ||RFC 1146|
|15 ||variable ||TCP Alternate Checksum Data ||RFC 1146|
|16 || ||Skeeter ||Knowles|
|17 || ||Bubba ||Knowles|
|18 ||3 ||Trailer Checksum ||Subbu & Monroe|
|19 ||18 ||MD5 Signature ||RFC 2385|
|20 || ||SCPS Capabilities ||Scott|
|21 || ||Selective Negative Acknowledgements ||Scott|
|22 || ||Record Boundaries ||Scott|
|23 || ||Corruption experienced ||Scott|
|24 || ||SNAP ||Sukonnik|
|25 || ||Unassigned (released 12/18/00) || |
|26 || ||TCP Compression Filter ||Bellovin|
TCP Options 14/15 -- TCP Alternate Checksum Numbers
0 - TCP Checksum (RFC 1146)
1 - 8-bit Fletchers's algorithm (RFC 1146)
2 - 16-bit Fletchers's algorithm (RFC 1146)
3 - Redundant Checksum Avoidance (Kay)
Data - variable length
RFC 793 - Postel, J., "Transmission Control Protocol - DARPA Internet Program Protocol Specification", STD 7, RFC 793, DARPA, September 1981.
RFC 1323 - Jacobson, V., Braden, R., and D. Borman, "TCP Extensions for High Performance", RFC 1323, LBL, ISI, Cray Research, May 1992.
RFC 1072 - Jacobson, V., and R. Braden, "TCP Extensions for Long-Delay Paths", RFC 1072, LBL, ISI, October 1988.
RFC 1644 - Braden, R. "T/TCP -- TCP Extensions for Transactions Functional Specification", RFC 1644, ISI, July 1994
RFC 1693 - Connolly, T., et al, "An Extension to TCP : Partial Order Service", RFC 1693, University of Deleware, November 1994.
RFC 1146 - Zweig, J., and C. Partridge, "TCP Alternate Checksum Options", RFC 1146, UIUC, BBN, March 1990.
RFC 2018 - Mathis, M., Mahdavi, J., Floyd, S., and Romanow, A., TCP Selective Acknowledgement Options. RFC 2018, April 1996.
RFC 2385 - Heffernan, A., "Protection of BGP Sessions via the TCP MD5 Signature Option", RFC 2385, Cisco Systems, August 1998.
RFC 3168 - The Addition of Explicit Congestion Notification (ECN) to IP.
RFC 3540 - Robust Explicit Congestion Notification (ECN) Signaling with Nonces.
Bellovin - Steve Bellovin, , March 2000.
Braden - Bob Braden, , March 1995.
Bridges - Monroe Bridges, , September 1994.
Knowles - Stev Knowles, , March 1995.
Kay - J. Kay, , Septermber 1994. Kay, J. and Pasquale, J., "Measurement, Analysis, and Improvement of UDP/IP Throughput for the DECstation 5000," Proceedings of the Winter 1993 Usenix Conference, January 1993 (available for anonymous FTP at ucsd.edu:/pub/csl/fastnet/fastnet.tar.Z). email@example.com
Scott - Keith Scott , February 1999.
Subbu - Subbu Subramaniam, , September 1994.
Sukonnik - Vladimir Sukonnik , February 1999.