What is the TCP sequence number?
Before starting anything about the TCP sequence numbering mechanism, we must understand the two main functionalities of TCP protocol. TCP is an example of a transport layer protocol as per the OSI model. Provides reliable and sequenced delivery of messages in each direction. Reliable means no packet loss and sequence delivery means, receiver application receives in the same sequence, as sent by the sender application.
To achieve both the functionality, TCP needs an identifier for each byte sent/receive. The TCP sequence number is a four bytes identifier, to identify each byte in a TCP stream. TCP connection has two streams one in each direction. Outgoing stream for outgoing messages and incoming stream for incoming messages. Each end maintains a sequence number counter for outgoing segments/bytes and an acknowledgment counter for incoming bytes or segments.
Sequence number increase when a TCP endpoint sends the message on an outgoing stream. The increment value is the number of bytes received. For example, if the initial counter value is N and 4 bytes are transmitted. Sequence numbers will be N, N + 1, N+2, and N+3 respectively. In a similar way, the acknowledgment counter increases when the TCP endpoint receives the messages from the far end.
Size of sequence number :
A TCP sequence number is a four bytes value or 32 bits value. Value can be from 0 to 2^32 – 1 (4,294,967,295). After reaching the largest value, TCP will continue with the value zero. Looks that there can be a problem with having two packets with the same sequence numbers for a long duration session? But no, TCP window maximum size is 2^16 – 1. Means if sequence number has reached the limit of 2^32 – 1, means, sequence numbers from 0 to 2^16, has been already acknowledged.
Initial sequence number(ISN) in TCP :
TCP initialize sequence number counters at the time of TCP connection establishment. Initialization values are called initial sequence numbers. As per TCP specification, the initial value needs not to be zero (it may be any random number). SYN is the first TCP segment from the client to the server in a three-way handshake, for the connection setup procedure. SYN segment has an SYN flag set in TCP header and a sequence number value. SYN uses the first value of a sequence number, which is zero.
If the server ready to accept the connection, there is a new SYN (from server to connection setup) and ACK (for received SYN from the client) from the server. Header flag bits are set for SYN and ACK in a TCP single segment. SYN has an initial sequence number from the server and the acknowledgment number has the next expecting sequence number from the client.
After getting SYN from the server, the client sends ACK, with the acknowledgment number. The value is the next expecting sequence number from the server. Now client and server are ready with sequence numbers on each end, for reliable and sequenced delivery of messages.
TCP sequence Number analysis with an example:
Here we will cover TCP sequence number in detail with a live capture example. The example has relative sequence numbers, so the sequence number starts from zero. This makes it easy to analyze a capture and a good example to understand.
TCP capture setup:
We have captured traces for a TCP communication with the help of client and server socket programs. Both programs executed on the same machine in loopback, using loopback address 127.0.0.1. The server listens on port 5000 for TCP connection from the client. The following are the sequence for example capture.
- Clients connect to the server.
- The server Accepts the connection.
- A client sends the data of 13 bytes length.
- The server sends the data of 11 bytes length.
- The server closes the connection after two seconds.
Sequence Number while connection setup(1 to 3):
During connection setup, each TCP end initializes the sequence and acknowledge numbers. The first SYN message from the client to server, have a sequence number and acknowledgment number as zero. The client let know the server that, its own sequence number is zero and expecting the next segment from the server with sequence number zero.
The server accepts the connection and sends the SYN and ACK segments. The sequence number is zero and the acknowledgment number is 1 (server received one byte (SYN) from the client and expecting the next segment to start from 1).
The client responds with ACK with Sequence number as 1 and acknowledgment number is 1. This means the client’s sequence number is 1 and expecting the next segment from the server with sequence number 1.
Data transfer and sequence number(4 to 7):
After connection setup, the client sends a segment of 13 bytes length and advances the sequence number to 14. The server acknowledges the segment with an ACK, having sequence number as 1 and acknowledgment number is 14 ( 1+ 13), The next expecting sequence number from the client is 14 now.
The server sends the data of 11 bytes length with sequence number 1 and acknowledgment number as 14. Clients accept the data and send sequence number as 14 and acknowledge number as 12. Any further segment from the server will have 12 as the sequence number.
TCP Connection termination and sequence number(8 to 10):
While data transfer each side has incremented, its own sequence number and acknowledgment number. The client has sequence number 14 and server 12 for the next segment to send. When the server closes the connection it sends FIN and ACK, with sequence number 12 and acknowledgment number 14. The client has received all bytes till 11 and after FIN, the next expecting sequence number from the server is 13. Which is shown in step 9. This step also has a FIN, for closing the connection in another direction. Finally, the server sends the ACK and the connection closes in both directions.
TCP sequence numbers have importance during the whole life cycle of a TCP connection. It starts at the time of connection setup and ends at the time of connection termination. During communication, each byte has a sequence number.