TCP Header

Transmission Control Protocol (TCP)is a transport communication protocol, is a reliable and error-free communication between systems. It performs sequencing and segmentation of the data. The total length of a TCP header is 20 bytes; four bytes for each row.

Here’s what it looks like:

Let’s walk through all these fields:

1. Source port: this is a 16 bit field that specifies the port number of the sender.

2. Destination port: this is a 16 bit field that specifies the port number of the receiver.

3. Sequence number: the sequence number is a 32 bit field that indicates how much data is sent during the TCP session. When you establish a new TCP connection (3 way handshake) then the initial sequence number is a random 32 bit value. The receiver will use this sequence number and sends back an acknowledgment. Protocol analyzers like wireshark will often use a relative sequence number of 0 since it’s easier to read than some high random number.

4. Acknowledgment number: this 32 bit field is used by the receiver to request the next TCP segment. This value will be the sequence number incremented by 1.

5. Header Length (Data offset):

   • 4 bits, it contains the length of TCP header.
   • It helps in knowing from where the actual data begins.

6. RSV: 6 bits. Reserved for future use. Must be zero.

7. Flags: there are 9 bits for flags, we also call them control bits. We use them to establish connections, send data and terminate connections:

   • URG: urgent pointer. When this bit is set, the data should be treated as priority over other data.
   • ACK: used for the acknowledgment.
   • PSH: this is the push function. This tells an application that the data should be transmitted immediately and that we don’t want to wait to fill the entire TCP segment.
   • RST: this resets the connection, when you receive this you have to terminate the connection right away. This is only used when there are unrecoverable errors and it’s not a normal way to finish the TCP connection.
   • SYN: we use this for the initial three way handshake and it’s used to set the initial sequence number.
   • FIN: this finish bit is used to end the TCP connection. TCP is full duplex so both parties will have to use the FIN bit to end the connection.

8. Window: It is a 16-bit field. It contains the size of data that the receiver can accept. This field is used for the flow control between the sender and receiver and also determines the amount of buffer allocated by the receiver for a segment. The value of this field is determined by the receiver.

9. Checksum: 16 bits are used for a checksum to check if the TCP header is OK or not.

10. Urgent pointer: these 16 bits are used when the URG bit has been set, the urgent pointer is used to indicate where the urgent data ends.

11. Options: this field is optional and can be anywhere between 0 and 32 bits.

An example of the the TCP three way handshake. I highlighted all the fields:

TCP header (20 bytes)

• Source port, 16 bits (0-65535)
• Destination port, 16 bits (0-65535)
• Sequence number, 32 bits, number of bytes sent
• Acknowledgment number, 32 bits, number of bytes received
• Header length, 8 bits = 40 unless options are used
• Unused, 2 bits
• URG, 1 bit, unused
• ACK, 1 bit, 1 = received sequence through acknowledgment number
• PSH, 1 bit, unused
• RST, 1 bit
• SYN, 1 bit, 1 = opening connection
• FIN, 1 bit, 1 = closing connection
• Receiver window size, 16 bits (bytes free in buffer, scaled using option in setup)
• Checksum, 16 bits (XOR of header only)
• Urgent pointer, 16 bits, unused
• Options, variable length (usually 0)
• Data, variable length (usually 0-1500)

Read more

• https://www.rfc-editor.org/rfc/rfc793#page-15
• https://datatracker.ietf.org/doc/html/rfc4413#page-23
• https://cs.fit.edu/~mmahoney/cse4232/tcpip.html
• https://www.ibm.com/docs/en/aix/7.2?topic=protocols-tcp-header-field-definitions