TCP header format explanation
TCP protocol transfer message from one machine to other over the underlying IP network. The unit of transfer is named as TCP segment. Each segment has two parts, one is TCP header and other is user or application data. In this tutorial, we will explain the TCP header format and details of each parameter present in the header. Before any explanation of TCP header, we should know what is a header in the computer network?
Each message has two parts over the computer network, one is actual user or application data and another is the information in protocol defined format. Later conveys the purpose, size and the handling of message on the receiver, the control information. Which is called TCP header for TCP protocol messages. Header Should reach fist to the receiver, then user data to process the message as per protocol. In TCP, the header is added before to the TCP user data.
TCP header explanation:
For example, a web request uses the TCP/IP protocol. Upon a web request from the web browser, TCP adds a header to the HTTP data and sends to the IP layer. On the webserver, TCP reads the header and finds the application address. On the TCP layer, an application address is the TCP port number. If finds an application for a port received in TCP header. TCP sends the content (user data) to the serving HTTP module over that port.
TCP header format:
Header conveys the purpose of a segment. For example, there are multiple types of segments, few are for connection management and others for carrying user data. The following section shows the header and detail explanation about the header parameters.
TCP Source Port :
The first parameter in the TCP header, which is a two bytes long numeric value. Over TCP an application is identified by a port number. Example, ssh port is 23, HTTP port is 80 etc. This is the address of sender application over TCP. When an application sends the message to TCP, it specifies the source port and destination port. Source port is optional if TCP user does not set the source port, the TCP layer itself choose a port. In this case, the port number will be an ephemeral port number. Generally, the value is from 1024 to 65535 is used for an ephemeral port number.
TCP Destination Port:
Port number of the destination user of receiving TCP. It is set in TCP header by the user. The parameter is mandatory. Over a public internet, the port numbers also called well-known ports. Example, a website runs over always a default port 80. Technically it can use any other port also (e.g 8080). In that case, TCP client which is using web browser should also know the port number along with the website domain name (URL, www.website.com:8080), to browse the website.
TCP Sequence Number:
A 32-bit integer value, preset from 5 to 7 bytes in TCP header. TCP does the sequence control using sequence number. What is sequence control in TCP and how TCP sequence number does the job? When the sender sends the messages to the receiver, TCP uses IP network to reach the destination. There might be multiple paths to reach from source to destination. This may lead to the situation where the message sent earlier reaches to the destination later. For example, the sender sends two messages MSG1 and MSG2 with sequence numbers 100 and 101 respectively. On the receiver, MSG2 reaches first. This creates a sequencing issue. Because, for correct processing, MSG1 should be sent to the application first than MSG2. To handle message sequencing, TCP waits for the MSG1. When MSG1 arrives, TCP sends the MSG 1 and then MSG2 to the application.
Acknowledgement Number (TCP Ack):
TCP is a reliable protocol. What does this mean? This means that TCP, make sure that a message sent to the remote layer has been received. It does this by using the TCP ack number. This is a 32 bits numeric value in TCP header. Ack number is set by the receiver. The value signifies the expecting next sequence number segment from the sender. Next example is the detail explanation of the TCP Ack number usage in the protocol.
There is a client which is sending TCP segments M1, M2, and M3 to TCP server with sequence numbers 100, 101 and 1002 respectively. It sends M1 and M2 then wait for the ack from remote, before sending M3. The receiver sends the ACK to the sender, after receiving both M1 and M2. Value 102 will be a sequence number in TCP header of the ACK segment. Now the sender will send the M3. Here you might be thinking, how TCP decides, how many segments should it sent at a single time. We will cover this incoming section for Window.
TCP Header Size (HLen) :
In the beginning, we have mentioned that receiver TCP, uses a header to read the application data. A TCP message is a stream of bytes with header and data.To read user bytes, TCP should know how many bytes are present for a header before user data. This is determined by the 4 bits value in the header. It is variable in nature and always multiple of 32 bits. The variable in nature because there may be few values those and optional. Generally, TCP header size is 20 bytes. In that case, there is no optional parameter is present.
As the name suggests, reserved. Can not use, maybe TCP header will use in future.
The first thing we should know, what is a TCP flag in the header? A Flag is a parameter of the length of one bit. So a TCP flag may have value either zero or one. If the value is one, the TCP flag is set and corresponding content is present in the message. If set to zero means flag is not set. TCP flags are set of 6 bits. Each bit represent a TCP segment type in TCP header. Following is the possible TCP flags and TCP segments. These are six bits from left to right.
URG – If Urgent Pointer Field is valid and then urgent pointer value is set.
ACK – Acknowledgement segment. Have set acknowledgement sequence number in TCP header.
PSH Flag – Push request. To understand the meaning of this flag, first, we will discuss how the network optimization is done in TCP. TCP breaks the application message into bytes. A TCP segment carries the user bytes and a TCP header. How big a segment will be decided by the layer for the optimization of network usage. For example, if TCP keeps sending a very less number of bytes in a segment. The network will be flooded with too many messages and there are changes for network congestion too. The destination layer will keep busy most of the time, processing of message rather than application. To overcome this problem, TCP tries to send the maximum number of bytes in a single segment. Maximum Transmission Unit (MTU) is the network parameter which decides the size.
This may cause delays in outgoing messages, as layer will buffer the bytes till sufficient bytes are received, Once it gets the sufficient number then transfer to the network.
The buffering is fine if there are no real-time requirements. But there are application requirements, where data should be delivered in real-time from one end to another. For example, you are watching an online video, if data is slow due to buffering then user experience will not good. To overcome, TCP provides a mechanism where an application can instruct the layer not to buffer user data. Once the no buffering is set TCP sends the segments immediately. The setting results in PSH flag set in TCP header.
How the receiver side uses the PSH flag? On sender, there is no wait then the question comes in mind, why PSH flag is set in the message too? The answer is that real-time communication is between the applications. So even on the sending side there is not wait. The recipient should not also wait for more segments for sending bytes to the user application for real-time data. Once receiver sees the Push flag in header, it delivers pending bytes immediately to the application.
FIN and RST-Flag: TCP does reset connection when errors can not recover for a connection. We have a detailed tutorial for TCP connection termination. For FIN and RST segments.
SYN Flag: Flag is set in TCP header, for the segment which is for the connection setup.
It is a 32-bit parameter in the TCP header. The usage in flow control. The flow control, we will discuss in another tutorial. The window contains the size of the receiver window.
TCP Checksum :
The checksum is a 16-bit value. Sender TCP computes the checksum and set in the header, before sending to the receiver. On receiving side, again checksum is computed and matched. If the checksum does not match, means the segment is corrupted and it is discarded. The purpose of checksum is to make ensure that the TCP segment is not altered over the network.
As the name suggests, it is something which should process immediately. When the URG flag is set, the parameter tells how many bytes are urgent. Receiver side sends the urgent bytes fist to the application. So you can consider this as out of band data,
These are optional parameters.
User Data :
This the last thing in TCP header. Actual application data from user e.g HTTP. TCP delivers user data end to end reliably.