Skip to main content

Transmission Control Protocol

aliases:

  • TCP

Transmission Control Protocol: connection oriented data transfer protocol that ensures that every packet sent is received before sending the next one.

TCP runs at the Transport layer.

Three-Way Handshake

This is the fundamental process that two devices go through to establish a connection via TCP. It has three steps:

  • Synchronize (SYN)
  • Synchronize-Acknowledge (SYN-ACK)
  • Acknowledge (ACK)

Basically, what happens during the three-way handshake is that the sender sends a "Hey, are you there?" message to the receiver. The receiver should respond with a copy of the message "Yes, I'm here! I also see you." If the copied message doesn't equal what was sent, then we cancel the connection right there. If the send/reply was successful, we can begin sending data to the recipient.

TCP/IP

TCP takes data from the Application layer, converts it into bytes, and gives it a TCP header. Those segments become the payload of IP packets, requiring consistent stateful information to work.

TCP Packet Segment Header

  • Source Port
  • Destination Port
  • Sequence Number (out-of-order packet handling)
  • ACK Number (expected sequence number of the next packet)
  • Data length
  • Flags (type of content in this packet, e.g. ACK, SYN, FIN, and others)
  • Window (the amount of data we're gonna send before another ACK)
  • Checksum
  • Urgent Pointer (points to the end of the urgent data segment)
  • Options (advanced configuration, including the max segment size)

TCP Teardown

TCP also contains functions for resetting a connection, keeping one alive if there isn't any data being transmitted, and closing a connection.

TCP Teardowns are the function for closing a TCP connection.

  • FIN segment send to the server (enter FIN-WAIT1)
  • Server responds with ACK (enter CLOSE-WAIT)
  • Client receives ACK (enter FIN-WAIT2)
  • Server sends FIN segment (enter LAST-ACK)
  • Client responds with ACK (enter TIME-WAIT)
  • Server receives ACK (close connection)

Some implementations of TCP combine the FIN and ACK responses into one operation. Additionally, hosts can also close TCP connections abruptly using a reset (RST) segment. However, this isn't normal behavior, and may flag warnings and trigger an investigation. This usually happens when either shady port scanning is happening or when a faulty client/server application starts tweaking out.

#XI

No comments to display

Back to top