TCP header format explanation
TCP transfers messages reliably from one machine to another over the underlying IP network. The unit of transfer is named as TCP segment. Each segment has two parts, one is a TCP header, and the other is user/application data.
In this tutorial, we will explain the header format and details of each header parameter. Before any explanation, we should know what a header in the computer network is.
A network message has two parts, one is actual user or application data, and another is the protocol information to process the message. Later conveys the purpose, size, and how a receiver should handle the message. The control information is called the TCP header.
The header bytes first reach the receiver to process the message as per protocol. Because of this, the header is added before the user data.
TCP header in a message:
For example, a web request uses the TCP/IP protocol. Upon a web request from the web browser, TCP adds a header to the HTTP data and sends it to the IP layer. TCP reads the header on the web server and finds the application address. On the TCP layer, an application address is the TCP port number. Suppose protocol finds an application for a port received in the TCP header. TCP sends the content (user data) to the serving HTTP module over that port.
TCP header format:
The header conveys the purpose of a segment. For example, there are multiple types of segments. Few are for connection management, and others for carrying user data. The following section shows the header and a detailed explanation of the header parameters.
TCP Source Port :
The first parameter in the TCP header is a two-byte long numeric value. Over TCP, an application is identified by a port number. For example, the ssh port is 23, the port for HTTP is 80, etc.
This is the address of the sender application over TCP. When an application sends a message to TCP, it specifies the source and destination ports. The Source port is optional. The TCP layer chooses a port if the TCP user does not set the source port. In this case, the port number will be an ephemeral port number. Generally, the value from 1024 to 65535 is used for a temporary port number.
TCP Destination Port:
Port number of the destination receiver application. It is set in the TCP header by the user. The parameter is mandatory. Over the public internet, the port numbers are also called well-known ports. For example, a website always runs over a default port 80. Technically it can use any other port also (e.g., 8080). In that case, a TCP client using a web browser should also know the port number and the website domain name (URL, www.website.com:8080) to browse the website.
TCP Sequence Number:
A 32-bit integer value is present from 5 to 7 bytes in the TCP header. TCP does the sequence control using the sequence number. What is sequence control in TCP, and how do TCP sequence numbers do the job? When the sender sends the messages to the receiver, TCP uses the IP network to reach the destination. There might be multiple paths to get from source to destination. This may lead to the earlier message reaching the destination later.
For example, the sender sends two messages, MSG1 and MSG2, with sequence numbers 100 and 101, respectively. On the receiver, MSG2 reaches first. This creates a sequencing issue. Because for correct processing, MSG1 should be sent to the application first, then MSG2. To handle message sequencing, TCP waits for the MSG1. When MSG1 arrives, TCP sends the MSG 1 and then MSG2 to the application.
Acknowledgment Number (TCP Ack):
TCP is a reliable protocol. What does this mean? This means that TCP ensures that a message sent to the remote layer has been received. It does this by using the TCP ack number. This is a 32-bit numeric value in the TCP header. The receiver sets the ack number. The value signifies the expected next sequence number segment from the sender. The following example is a detailed explanation of the TCP Ack number usage in the protocol.
A client is sending TCP segments M1, M2, and M3 to the TCP server with sequence numbers 100, 101, and 1002 respectively. It sends M1 and M2 and then waits for the ack from the remote before sending M3. The receiver sends the ACK to the sender after receiving M1 and M2. Value 102 will be a sequence number in the TCP header of the ACK segment. Now the sender will send the M3. You might be thinking about how TCP decides how many segments should be sent simultaneously. We will cover this incoming section for Windows.
TCP Header Size (HLen) :
Initially, we mentioned that receiving TCP uses the header to read the application data. A TCP message is a stream of bytes with a header and data. The TCP layer should know how many bytes are present for the header before user data to read user bytes. This is determined by the 4 bits value in the header. It is variable and always multiple of 32 bits. The variable is in nature because there are optional parameters. Generally, the TCP header size is 20 bytes. In that case, there is no optional parameter present.
As the name suggests, reserved. The protocol cannot use these bits. Maybe the TCP header will use in the future.
First, we should understand what means a flag is in the header. A Flag is a parameter of the length of one bit. So a TCP flag may have a value of either zero or one. If the value is one, the TCP flag is set, and the corresponding content is present in the message. If set to zero means the flag is not set. TCP flags are set of 6 bits. Each bit represents a TCP segment type in the TCP header. The following are the possible TCP flags and TCP segments. These are six bits from left to right.
URG – If the Urgent Pointer field is valid, then the urgent pointer value is set.
ACK – Acknowledgement segment. Have set an acknowledgment sequence number in the TCP header.
PSH Flag – Corresponding to Push request. To understand the meaning of this flag, first, we will discuss how network optimization is done in TCP. TCP breaks the application message into bytes. A TCP segment carries the user bytes and a TCP header. How big the layer will decide a segment for optimizing network usage.
For example, if TCP keeps sending a significantly less number of bytes in a segment. The network will be flooded with too many small messages, and there will also be changes to network congestion. The destination TCP layer will keep busy most of the time, processing network messages. To overcome this problem, TCP tries to send the maximum number of bytes in a single segment. The Maximum Transmission Unit (MTU) is the network parameter that decides the size.
This may cause delays in outgoing messages, as the layer will buffer the bytes till sufficient bytes are received. Once it gets an adequate number then transferred to the network.
The buffering is okay if there are no real-time requirements. But there are application requirements where data should be delivered in real-time from one end to another. For example, if data is slow due to buffering, the user experience will not be good if you are watching an online video. To overcome this, TCP provides a mechanism where an application can instruct the layer not to buffer user data. Once the no buffering is set, TCP sends the segments immediately. The setting results in the PSH flag set in the TCP header.
How the receiver side uses the PSH flag? On the sender, there is no wait. Then the question arises, why is the PSH flag also set in the message? The answer is that real-time communication is between the applications. So even on the sending side, there is no wait. The recipient should not wait for more segments to send bytes to the user application for real-time data. Once the receiver sees the Push flag in the header, it delivers pending bytes immediately to the application.
FIN and RST-Flag: TCP does reset the connection when errors can not recover for a connection. We have a detailed tutorial for TCP connection termination. For FIN and RST segments.
SYN Flag: Flag is set in TCP header for the segment, which is for the connection setup.
It is a 32-bit parameter in the TCP header. The usage in flow control. The flow control, we will discuss in another tutorial. The window contains the size of the receiver window.
TCP Checksum :
The checksum is a 16-bit value. Sender TCP computes the checksum and sets it in the header before sending it to the receiver. On the receiving side, again, the checksum is calculated and matched. If the checksum does not match, the segment is corrupted and must be discarded. The purpose of checksum is to ensure that the TCP segment is not altered over the network.
As the name suggests, it is something that should process immediately. When the URG flag is set, the parameter tells how many bytes are urgent. The receiver side sends the urgent bytes first to the application. So you can consider this as out-of-band data,
These are optional parameters.
User Data :
This is the last thing in the TCP header. Actual application data from users, e.g., HTTP. TCP delivers user data end-to-end reliably.