1. Introduction to the Connection-oriented TCP Protocol
TCP, short for Transfer Control Protocol, is known in Chinese as 传输控制协议. It operates at the transport layer of the OSI model, providing connection-oriented and reliable transmission services.
The primary function of TCP is to establish connections and then receive and transmit data from application layer programs. TCP works based on a virtual circuit connection method—requiring a connection to be established between the sender and receiver before data transmission. After data is sent, the sender waits for an acknowledgment from the receiver; otherwise, the sender assumes the data was lost and retransmits it.
Below, we introduce the TCP header structure and related working principles:
1. TCP Header
The minimum total length of a TCP header is 20 bytes, and its header structure is shown in the diagram below (Figure 1);
Bits 0 Bits 15 Bits 16 Bits 31
(Figure 1 TCP Header Structure)
Source Port: Specifies the sending port
Destination Port: Specifies the receiving port number
Sequence Number: Indicates the segment’s position in the forthcoming sequence of segments
Acknowledgment Number: Defines the sequence number of the successfully received segment; the acknowledgment number includes the next expected sequence number from the side sending the acknowledgment
TCP Offset: Specifies the length of the segment header. The segment header length is determined by the options set in the header options field.
Reserved: Specifies a reserved field for future use
Flags: SYN, ACK, PSH, RST, URG, FIN
- SYN: Indicates synchronization
- ACK: Indicates acknowledgment
- PSH: Indicates to immediately push the data to the receiving process
- RST: Indicates connection reset
- URG: Indicates an urgent pointer
- FIN: Indicates the sender has finished sending data
Window: Specifies instructions regarding the size of the next segment that can be transmitted by the sender
Checksum: The checksum includes the TCP header and data sections, used to verify the reliability of the header and data sections
Urgent: Indicates that the segment contains urgent information; the urgent pointer is valid only when the URG flag is set to 1.
Options: Specifies the recognized segment size, timestamps, the endpoint of the options field, and the boundaries of options in the options field
2. TCP Working Principles
- TCP Connection Establishment: The process of establishing a TCP connection is also known as the TCP three-way handshake. First, the sender host initiates a synchronization (SYN) request to the receiver host to establish a connection; the receiver host responds with a synchronization/acknowledgment (SYN/ACK) reply; upon receiving this packet, the sender host sends an acknowledgment (ACK) to the receiver host, thus establishing a TCP connection successfully;
- TCP Connection Termination: After establishing a TCP connection and completing data transmission, the sender host and destination host will send a data packet with the finish flag set to 1 to close the TCP connection and release the buffer space occupied by that connection;
- TCP Reset: TCP permits sudden interruptions in the connection during transmissions, known as TCP reset;
- TCP Data Ordering and Acknowledgment: TCP is a reliable transmission protocol that uses sequence numbers and acknowledgment numbers during transmission to track data reception;
- TCP Retransmission: If the sender host does not receive an acknowledgment from the receiver host for a particular data packet within the retransmission timeout period, it assumes the packet is lost and resends it to the receiver host, known as TCP retransmission;
- TCP Delayed Acknowledgment: TCP does not always immediately acknowledge data upon receipt; it permits the host to send its acknowledgment while receiving data from the other side.
- TCP Data Protection (Checksum): TCP is a reliable transmission protocol, providing checksum calculations to ensure data integrity during transmission.
2. Detailed Decoding
Understanding TCP decoding information requires a clear knowledge of TCP working principles and the relevant TCP header field information.
Now, let’s explore the TCP header through decoded information from the Colasoft network analysis system, as shown in Figure 2.
(Figure 2 Colasoft Network Analysis System TCP Decoding Information)
The above image shows detailed field information within the TCP protocol header, which precisely aligns with the TCP header structure. We will describe the decoded view information below:
1. Source Port: 1041, offset 34, value 2 bytes;
2. Destination Port: 5001, port name complex-link, offset 36, value 2 bytes;
3. Sequence Number: TCP packet sequence number is 148694863, offset 38, value 4 bytes;
4. Acknowledgment Number: Acknowledgment number is 387135032, offset 42, value 4 bytes;
5. TCP Offset: TCP offset is 5, offset 46, value 4 bits
6. Flags: The value for PSH and ACK is 1, indicating an acknowledgment packet; the received valid segment is sent to the application immediately, without buffered storage
7. Window: Represents the size of the next segment the receiver can accept: 64124.
8. Checksum: Checksum is 0x10D4 (correct), indicating the data has not been modified or damaged and is complete.
9. Urgent Pointer: There is no urgent pointer because the URG flag in the flag field is set to 0
10. No TCP Options: No option content
The above is an actual capture of a TCP packet, and you can learn about the TCP protocol using the above-mentioned method.