TCP header format explanation
TCP transfers messages reliably, from one machine to another over the underlying IP network. The unit of transfer is named as TCP segment. Each segment has two parts, one is a TCP header, and the other is user/application data.
In this tutorial, we will explain the header format and details of each parameter of the header. Before any explanation, we should know what a header in the computer network is?
A network message has two parts, one is actual user or application data, and another is the protocol information to process the message. Later conveys the purpose, size, and how a receiver should handle the message. The control information is called the TCP header.
The header bytes reach first to the receiver, to process the message as per protocol. Because of this, the header is added before the user data.
TCP header explanation:
For example, a web request uses the TCP/IP protocol. Upon a web request from the web browser, TCP adds a header to the HTTP data and sends it to the IP layer. On the webserver, TCP reads the header and finds the application address. On the TCP layer, an application address is the TCP port number. If protocol finds an application for a port received in the TCP header. TCP sends the content (user data) to the serving HTTP module over that port.
TCP header format:
The header conveys the purpose of a segment. For example, there are multiple types of segments. Few are for connection management and others for carrying user data. The following section shows the header and a detailed explanation of the header parameters.
TCP Source Port :
The first parameter in the TCP header, which is a two bytes long numeric value. Over TCP, an application is identified by a port number. For example, ssh port is 23, the port for HTTP is 80, etc. This is the address of the sender application over TCP. When an application sends the message to TCP, it specifies the source port and destination port. The Source port is optional. If the TCP user does not set the source port, the TCP layer itself chooses a port. In this case, the port number will be an ephemeral port number. Generally, the value is from 1024 to 65535 is used for a temporary port number.
TCP Destination Port:
Port number of the destination user of receiving TCP. It is set in the TCP header by the user. The parameter is mandatory. Over the public internet, the port numbers are also called well-known ports. For example, a website runs over always a default port 80. Technically it can use any other port also (e.g. 8080). In that case, a TCP client who is using a web browser should also know the port number along with the website domain name (URL, www.website.com:8080), to browse the website.
TCP Sequence Number:
A 32-bit integer value, preset from 5 to 7 bytes in TCP header. TCP does the sequence control using the sequence number. What is sequence control in TCP, and how do TCP sequence numbers do the job? When the sender sends the messages to the receiver, TCP uses the IP network to reach the destination. There might be multiple paths to reach from source to destination. This may lead to the situation where the message sent earlier reaches the destination later. For example, the sender sends two messages MSG1 and MSG2 with sequence numbers 100 and 101, respectively. On the receiver, MSG2 reaches first. This creates a sequencing issue. Because, for correct processing, MSG1 should be sent to the application first than MSG2. To handle message sequencing, TCP waits for the MSG1. When MSG1 arrives, TCP sends the MSG 1 and then MSG2 to the application.
Acknowledgment Number (TCP Ack):
TCP is a reliable protocol. What does this mean? This means that TCP makes sure that a message sent to the remote layer has been received. It does this by using the TCP ack number. This is a 32 bits numeric value in the TCP header. Ack number is set by the receiver. The value signifies the expecting next sequence number segment from the sender. The next example is the detailed explanation of the TCP Ack number usage in the protocol.
There is a client who is sending TCP segments M1, M2, and M3 to the TCP server with sequence numbers 100, 101, and 1002 respectively. It sends M1 and M2 then waits for the ack from the remote, before sending M3. The receiver sends the ACK to the sender after receiving both M1 and M2. Value 102 will be a sequence number in the TCP header of the ACK segment. Now the sender will send the M3. Here you might be thinking about how TCP decides how many segments it should be sent at a single time. We will cover this incoming section for Windows.
TCP Header Size (HLen) :
In the beginning, we have mentioned that receiving TCP, uses the header to read the application data. A TCP message is a stream of bytes with a header and data. To read user bytes, the TCP layer should know how many bytes are present for the header before user data. This is determined by the 4 bits value in the header. It is variable in nature and always multiple of 32 bits. The variable is in nature because there are optional parameters. Generally, the TCP header size is 20 bytes. In that case, there is no optional parameter present.
As the name suggests, reserved. The protocol cannot use these bits. Maybe the TCP header will use in the future.
The first thing we should know, what is a TCP flag is in the header? A Flag is a parameter of the length of one bit. So a TCP flag may have a value of either zero or one. If the value is one, the TCP flag is set and corresponding content is present in the message. If set to zero means the flag is not set. TCP flags are set of 6 bits. Each bit represents a TCP segment type in the TCP header. The following are the possible TCP flags and TCP segments. These are six bits from left to right.
URG – If Urgent Pointer Field is valid and then urgent pointer value is set.
ACK – Acknowledgement segment. Have set an acknowledgment sequence number in the TCP header.
PSH Flag – Push request. To understand the meaning of this flag, first, we will discuss how the network optimization is done in TCP. TCP breaks the application message into bytes. A TCP segment carries the user bytes and a TCP header. How big a segment will be decided by the layer for the optimization of network usage. For example, if TCP keeps sending a very less number of bytes in a segment. The network will be flooded with too many messages and there are changes for network congestion too. The destination layer will keep busy most of the time, processing of message rather than application. To overcome this problem, TCP tries to send the maximum number of bytes in a single segment. Maximum Transmission Unit (MTU) is the network parameter that decides the size.
This may cause delays in outgoing messages, as the layer will buffer the bytes till sufficient bytes are received, Once it gets the sufficient number then transferred to the network.
The buffering is fine if there are no real-time requirements. But there are application requirements, where data should be delivered in real-time from one end to another. For example, you are watching an online video, if data is slow due to buffering then the user experience will not be good. To overcome this, TCP provides a mechanism where an application can instruct the layer not to buffer user data. Once the no buffering is set TCP sends the segments immediately. The setting results in the PSH flag set in the TCP header.
How the receiver side uses the PSH flag? On the sender, there is no wait then the question comes to mind, why PSH flag is set in the message too? The answer is that real-time communication is between the applications. So even on the sending side, there is no wait. The recipient should not also wait for more segments for sending bytes to the user application for real-time data. Once the receiver sees the Push flag in the header, it delivers pending bytes immediately to the application.
FIN and RST-Flag: TCP does reset connection when errors can not recover for a connection. We have a detailed tutorial for TCP connection termination. For FIN and RST segments.
SYN Flag: Flag is set in TCP header, for the segment which is for the connection setup.
It is a 32-bit parameter in the TCP header. The usage in flow control. The flow control, we will discuss in another tutorial. The window contains the size of the receiver window.
TCP Checksum :
The checksum is a 16-bit value. Sender TCP computes the checksum and sets it in the header, before sending it to the receiver. On the receiving side, again checksum is computed and matched. If the checksum does not match, means the segment is corrupted and needs to discard. The purpose of checksum is to make ensure that the TCP segment is not altered over the network.
As the name suggests, it is something that should process immediately. When the URG flag is set, the parameter tells how many bytes are urgent. The receiver side sends the urgent bytes first to the application. So you can consider this as out of band data,
These are optional parameters.
User Data :
This is the last thing in the TCP header. Actual application data from users e.g HTTP. TCP delivers user data end to end reliably.