8/13/2019 Tcp Syn & Windowing

1/17

TCP segment structure[edit]

Transmission Control Protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCPsegment. The TCP segment is then encapsulatedinto an Internet Protocol (IP) datagram, and exchanged with peers. [!

The term TCP packet, though sometimes informall" used, is not in line with current terminolog", wheresegmentrefers to theTCP Protocol #ata $nit (P#$), datagram[%!to the IP P#$ andframeto the data link la"er P#$&

Processes transmit data '" calling on the TCP and passing 'uffers of data as arguments. The TCP packages the data from these'uffers into segments and calls on the internet module [e.g. IP! to transmit each segment to the destination TCP. [!

TCP segment consists of a segment headerand a datasection. The TCP header contains *+ mandator" fields, and an optionalextension field (Options, orange 'ackground in ta'le).

The data section follows the header. Its contents are the pa"load data carried for the application. The length of the data section isnot specified in the TCP segment header. It can 'e calculated '" su'tracting the com'ined length of the TCP header and the

encapsulating IP header from the total IP datagram length (specified in the IP header).

TCP eader

Offset

s Octet 0 1 2 3

Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

0 0 -ource port #estination port

4 32 -euence num'er

8 64 cknowledgment num'er (if ACKset)

12 96 #ata offset/eserved0 0 0 0

0 0

NS

CWR

ECE

URG

ACK

PSH

RST

SYN

FIN

0indow -i1e

16 128 Checksum $rgent pointer (if URGset)

20

...

160

...

2ptions (if data offset3 . Padded at the end with 4+4 '"tes if necessar".)

...

-ource port (*5 'its)identifies the sending port

#estination port (*5 'its)identifies the receiving port

-euence num'er (6 'its)has a dual role&

If the SYNflag is set (*), then this is the initial seuence num'er. The seuence num'er of the actual first

data '"te and the acknowledged num'er in the corresponding C7 are then this seuence num'er plus *.

If the SYNflag is clear (+), then this is the accumulated seuence num'er of the first data '"te of this

segment for the current session.

cknowledgment num'er (6 'its)if the ACKflag is set then the value of this field is the next seuence num'er that the receiver is expecting. This

acknowledges receipt of all prior '"tes (if an"). The first ACKsent '" each end acknowledges the other end8s initial

seuence num'er itself, 'ut no data.#ata offset (% 'its)

specifies the si1e of the TCP header in 69'it words. The minimum si1e header is words and the maximum is *words thus giving the minimum si1e of 6+ '"tes and maximum of 5+ '"tes, allowing for up to %+ '"tes of options inthe header. This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actualdata.

/eserved (5 'its)

for future use and should 'e set to 1ero:lags (; 'its) (aka Control 'its)

contains ; *9'it flags

NS(* 'it) < =C>9nonce concealment protection (added to header '" /:C %+).

http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=3http://en.wikipedia.org/wiki/Encapsulation_(networking)http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-3http://en.wikipedia.org/wiki/Protocol_data_unithttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-4http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-4http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-5http://en.wikipedia.org/wiki/Octet_(computing)http://en.wikipedia.org/wiki/Bithttp://tools.ietf.org/html/rfc3540http://tools.ietf.org/html/rfc3540http://en.wikipedia.org/wiki/Encapsulation_(networking)http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-3http://en.wikipedia.org/wiki/Protocol_data_unithttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-4http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-5http://en.wikipedia.org/wiki/Octet_(computing)http://en.wikipedia.org/wiki/Bithttp://tools.ietf.org/html/rfc3540http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=3

8/13/2019 Tcp Syn & Windowing

2/17

CWR(* 'it) < Congestion 0indow /educed (C0/) flag is set '" the sending host to indicate that it received

a TCP segment with the ECEflag set and had responded in congestion control mechanism (added to header

'"/:C *5?).

ECE(* 'it) < =C>9=cho indicates

If the SYNflag is set (*), that the TCP peer is=C>capa'le.

If the SYNflag is clear (+), that a packet with Congestion =xperienced flag in IP header set is received during

normal transmission (added to header '" /:C *5?).

URG(* 'it) < indicates that the $rgent pointer field is significant

ACK(* 'it) < indicates that the cknowledgment field is significant. ll packets after the initial SYNpacket

sent '" the client should have this flag set.

PSH(* 'it) < Push function. sks to push the 'uffered data to the receiving application.

RST(* 'it) < /eset the connection

SYN(* 'it) < -"nchroni1e seuence num'ers. 2nl" the first packet sent from each end should have this flag

set. -ome other flags change meaning 'ased on this flag, and some are onl" valid for when it is set, andothers when it is clear.

FIN(* 'it) < >o more data from sender

0indow si1e (*5 'its)the si1e of the receive window, which specifies the num'er of window si1e units ('" default, '"tes) ('e"ond the

seuence num'er in the acknowledgment field) that the sender of this segment is currentl" willing to receive (seeFlowcontrolandWindow Scaling)

Checksum (*5 'its)The *59'it checksumfield is used for error9checking of the header and data

$rgent pointer (*5 'its)

if the URGflag is set, then this *59'it field is an offset from the seuence num'er indicating the last urgent data '"te2ptions (@aria'le +o92p option used onl" for padding,and does not have an 2ption9Aength or 2ption9#ata '"te following it. n 2ption97ind '"te of + is the =nd 2f 2ptions

option, and is also onl" one '"te. n 2ption97ind '"te of +x+6 indicates that this is the Baximum -egment -i1eoption, and will 'e followed '" a '"te specif"ing the length of the B-- field (should 'e +x+%). >ote that this length is

the total length of the given options field, including 2ption97ind and 2ption9Aength '"tes. -o while the B-- value ist"picall" expressed in two '"tes, the length of the field will 'e % '"tes (6 '"tes of kind and length). In short, an B--option field with a value of +x+D% will show up as (+x+6 +x+% +x+D%) in the TCP options section.-ome options ma" onl" 'e sent when SYNis setE the" are indicated 'elow as [SYN]. 2ption97ind and standard lengths

given as (2ption97ind,2ption9Aength).

+ (? 'its) < =nd of options list

* (? 'its) < >o operation (>2P, Padding) This ma" 'e used to align option fields on 69'it 'oundaries for

'etter performance.

6,%,SS(6 'its) < Baximum segment si1e (see maximum segment size)[SYN]

,,S(6% 'its) < 0indow scale (see window scalingfor details) [SYN][5!

%,6 (*5 'its) < -elective cknowledgement permitted. [SYN](Seeselective acknowledgmentsfor details)[F!

http://tools.ietf.org/html/rfc3168http://tools.ietf.org/html/rfc3168http://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://tools.ietf.org/html/rfc3168http://tools.ietf.org/html/rfc3168http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Flow_controlhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Flow_controlhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Window_scalinghttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Window_scalinghttp://en.wikipedia.org/wiki/Checksumhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Maximum_segment_sizehttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Maximum_segment_sizehttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Window_scalinghttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-6http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Selective_acknowledgmentshttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-7http://tools.ietf.org/html/rfc3168http://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://tools.ietf.org/html/rfc3168http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Flow_controlhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Flow_controlhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Window_scalinghttp://en.wikipedia.org/wiki/Checksumhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Maximum_segment_sizehttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Window_scalinghttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-6http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Selective_acknowledgmentshttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-7

8/13/2019 Tcp Syn & Windowing

3/17

,N!!!!""""###(varia'le 'its,Nis either *+, *?, 65, or %)9 -elective C7nowledgement (-C7)[?!

These first two '"tes are followed '" a list of *90IT9*

('oth server and client) represents waiting for a connection termination reuest from the remote TCP, or anacknowledgment of the connection termination reuest previousl" sent.

:I>90IT96('oth server and client) represents waiting for a connection termination reuest from the remote TCP.

CA2-=90IT('oth server and client) represents waiting for a connection termination reuest from the local user.

http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-8http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-8http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_timestampshttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-9http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-10http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-11http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=4http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=4http://www.medianet.kent.edu/techreports/TR2005-07-22-tcp-EFSM.pdfhttp://www.medianet.kent.edu/techreports/TR2005-07-22-tcp-EFSM.pdfhttp://www.medianet.kent.edu/techreports/TR2005-07-22-tcp-EFSM.pdfhttp://en.wikipedia.org/wiki/Internet_sockethttp://en.wikipedia.org/wiki/Internet_sockethttp://en.wikipedia.org/wiki/Internet_sockethttp://en.wikipedia.org/wiki/State_(computer_science)http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-12http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-12http://en.wikipedia.org/wiki/File:Tcp_state_diagram_fixed.svghttp://en.wikipedia.org/wiki/File:Tcp_state_diagram_fixed.svghttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-8http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_timestampshttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-9http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-10http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-11http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=4http://www.medianet.kent.edu/techreports/TR2005-07-22-tcp-EFSM.pdfhttp://en.wikipedia.org/wiki/Internet_sockethttp://en.wikipedia.org/wiki/State_(computer_science)http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-12

8/13/2019 Tcp Syn & Windowing

4/17

CA2-I>

('oth server and client) represents waiting for a connection termination reuest acknowledgment from the remote TCP.A-T9C7

('oth server and client) represents waiting for an acknowledgment of the connection termination reuest previousl"sent to the remote TCP (which includes an acknowledgment of its connection termination reuest).

TIB=90IT(either server or client) represents waiting for enough time to pass to 'e sure the remote TCP received the

acknowledgment of its connection termination reuest. [ccording to /:C F;a connection can sta" in TIB=90ITfor a maximum of four minutes known as aB-A(maximum segment lifetime).!

CA2-=#('oth server and client) represents no connection state at all.

Connection establisment[edit]

To esta'lish a connection, TCP uses a three9wa" handshake.Defore a client attempts to connect with a server, the server mustfirst 'ind to and listen at a port to open it up for connections& this is called a passive open. 2nce the passive open is esta'lished, aclient ma" initiate an active open. To esta'lish a connection, the three9wa" (or 9step) handshake occurs&

*. !"#& The active open is performed '" the client sending a -H> to the server. The client sets the segment8s seuencenum'er to a random value .

6. !"#$%C&& In response, the server replies with a -H>9C7. The acknowledgment num'er is set to one more than the

received seuence num'er i.e. *, and the seuence num'er that the server chooses for the packet is another randomnum'er, D.

. %C&& :inall", the client sends an C7 'ack to the server. The seuence num'er is set to the receivedacknowledgement value i.e. *, and the acknowledgement num'er is set to one more than the received seuencenum'er i.e. D*.

t this point, 'oth the client and server have received an acknowledgment of the connection. The steps *, 6 esta'lish theconnection parameter (seuence num'er) for one direction and it is acknowledged. The steps 6, esta'lish the connection

parameter (seuence num'er) for the other direction and it is acknowledged. 0ith these, a full9duplex communication isesta'lished.

Connection termination[edit]

Connection termination

The connection termination phase uses a four9wa" handshake,with each side of the connection terminating independentl". 0henan endpoint wishes to stop its half of the connection, it transmits a :I> packet, which the other end acknowledges with an C7.

Therefore, a t"pical tear9down reuires a pair of :I> and C7 segments from each TCP endpoint. fter 'oth :I>GC7exchanges are concluded, the side which sent the first :I> 'efore receiving one waits for a timeout 'efore finall" closing theconnection, during which time the local port is unavaila'le for new connectionsE this prevents confusion due to dela"ed packets

'eing delivered during su'seuent connections.

http://tools.ietf.org/html/rfc793http://tools.ietf.org/html/rfc793http://en.wikipedia.org/wiki/Maximum_Segment_Lifetimehttp://en.wikipedia.org/wiki/Maximum_Segment_Lifetimehttp://en.wikipedia.org/wiki/Maximum_Segment_Lifetimehttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=5http://en.wikipedia.org/wiki/Handshakinghttp://en.wikipedia.org/wiki/Handshakinghttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=6http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=6http://en.wikipedia.org/wiki/Handshake_(computing)http://en.wikipedia.org/wiki/Handshake_(computing)http://en.wikipedia.org/wiki/File:TCP_CLOSE.svghttp://en.wikipedia.org/wiki/File:TCP_CLOSE.svghttp://tools.ietf.org/html/rfc793http://en.wikipedia.org/wiki/Maximum_Segment_Lifetimehttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=5http://en.wikipedia.org/wiki/Handshakinghttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=6http://en.wikipedia.org/wiki/Handshake_(computing)

8/13/2019 Tcp Syn & Windowing

5/17

connection can 'e 4half9open4, in which case one side has terminated its end, 'ut the other has not. The side that has

terminated can no longer send an" data into the connection, 'ut the other side can. The terminating side should continue readingthe data until the other side terminates as well.

It is also possi'le to terminate the connection '" a 9wa" handshake, when host sends a :I> and host D replies with a :I> JC7 (merel" com'ines 6 steps into one) and host replies with an C7.[*!This is perhaps the most common method.

It is possi'le for 'oth hosts to send :I>s simultaneousl" then 'oth Kust have to C7. This could possi'l" 'e considered a 69wa"handshake since the :I>GC7 seuence is done in parallel for 'oth directions.

-ome host TCP stacks ma" implement a half9duplex close seuence, asAinuxor P9$Ldo. If such a host activel" closes aconnection 'ut still has not read all the incoming data the stack alread" received from the link, this host sends a /-T instead of a:I> (-ection %.6.6.* in /:C **66). This allows a TCP application to 'e sure the remote application has read all the data theformer sentMwaiting the :I> from the remote side, when it activel" closes the connection. Dut the remote TCP stack cannot

distinguish 'etween a Connection &$orting 'STand(ata )oss 'ST. Doth cause the remote stack to lose all the data received.

-ome application protocols ma" violate the2-I model la"ers,using the TCP openGclose handshaking for the application protocolopenGclose handshaking M these ma" find the /-T pro'lem on active close. s an example&

s = connect(remote);

sen(s! "t");c#ose(s);

:or a usual program flow like a'ove, a TCPGIP stack like that descri'ed a'ove does not guarantee that all the data arrives to the

other application.

'esource usage[edit]

Bost implementations allocate an entr" in a ta'le that maps a session to a running operating s"stem process. Decause TCPpackets do not include a session identifier, 'oth endpoints identif" the session using the client8s address and port. 0henever apacket is received, the TCP implementation must perform a lookup on this ta'le to find the destination process. =ach entr" in theta'le is known as a Transmission Control Dlock or TCD. It contains information a'out the endpoints (IP and port), status of the

connection, running data a'out the packets that are 'eing exchanged and 'uffers for sending and receiving data.

The num'er of sessions in the server side is limited onl" '" memor" and can grow as new connections arrive, 'ut the client must

allocate a random port 'efore sending the first -H> to the server. This port remains allocated during the whole conversation, andeffectivel" limits the num'er of outgoing connections from each of the client8s IP addresses. If an application fails to properl"

close unreuired connections, a client can run out of resources and 'ecome una'le to esta'lish new TCP connections, even fromother applications.

Doth endpoints must also allocate space for unacknowledged packets and received ('ut unread) data.

(ata trans)er[edit]

There are a few ke" features that set TCP apart from $ser #atagram Protocol&

2rdered data transfer M the destination host rearranges according to seuence num'er[6!

/etransmission of lost packets M an" cumulative stream not acknowledged is retransmitted[6!

=rror9free data transfer[*%!

:low control M limits the rate a sender transfers data to guarantee relia'le deliver". The receiver continuall" hints the

sender on how much data can 'e received (controlled '" the sliding window). 0hen the receiving host8s 'uffer fills, thenext acknowledgment contains a + in the window si1e, to stop transfer and allow the data in the 'uffer to 'e processed.[6!

http://en.wikipedia.org/wiki/TCP_half-openhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-13http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-13http://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/HP-UXhttp://en.wikipedia.org/wiki/HP-UXhttp://tools.ietf.org/html/rfc1122http://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=7http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=8http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=8http://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-14http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/TCP_half-openhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-13http://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/HP-UXhttp://tools.ietf.org/html/rfc1122http://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=7http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=8http://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-14http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2

8/13/2019 Tcp Syn & Windowing

6/17

Congestion control [6!

'eliable transmission[edit]

TCP uses ase*uence num$erto identif" each '"te of data. The seuence num'er identifies the order of the '"tes sent from eachcomputer so that the data can 'e reconstructed in order, regardless of an" fragmentation, disordering, orpacket lossthat ma"

occur during transmission. :or ever" pa"load '"te transmitted, the seuence num'er must 'e incremented. In the first two stepsof the 9wa" handshake, 'oth computers exchange an initial seuence num'er (I->). This num'er can 'e ar'itrar", and should infact 'e unpredicta'le to defend againstTCP seuence prediction attacks.

TCP primaril" uses a cumulative acknowledgmentscheme, where the receiver sends an acknowledgment signif"ing that thereceiver has received all data preceding the acknowledged seuence num'er. The sender sets the seuence num'er field to the

seuence num'er of the first pa"load '"te in the segment8s data field, and the receiver sends an acknowledgment specif"ing theseuence num'er of the next '"te the" expect to receive. :or example, if a sending computer sends a packet containing four

pa"load '"tes with a seuence num'er field of *++, then the seuence num'ers of the four pa"load '"tes are *++, *+*, *+6 and*+. 0hen this packet arrives at the receiving computer, it would send 'ack an acknowledgment num'er of *+% since that is theseuence num'er of the next '"te it expects to receive in the next packet.

In addition to cumulative acknowledgments, TCP receivers can also send selective acknowledgmentsto provide further

information.

If the sender infers that data has 'een lost in the network, itretransmitsthe data.

*rror detection[edit]

-euence num'ers allow receivers to discard duplicate packets and properl" seuence reordered packets. cknowledgments

allow senders to determine when to retransmit lost packets.

To assure correctness a checksumfield is included (seeTCP segment structurefor details on checksumming). The TCPchecksum is a weak check '" modern standards. #ata Aink Aa"ers with high 'it error rates ma" reuire additional link errorcorrectionGdetection capa'ilities. The weak checksum is partiall" compensated for '" the common use of a C/C or 'etter

integrit" check at la"er 6,'elow 'oth TCP and IP, such as is used in PPPor the =thernetframe. owever, this does not mean thatthe *59'it TCP checksum is redundant& remarka'l", introduction of errors in packets 'etween C/C9protected hops is common,

'ut the end9to9end*59'it TCP checksum catches most of these simple errors.[*!This is the end9to9end principleat work.

+lo, control[edit]

TCP uses an end9to9endflow controlprotocol to avoid having the sender send data too fast for the TCP receiver to receive andprocess it relia'l". aving a mechanism for flow control is essential in an environment where machines of diverse network

speeds communicate. :or example, if a PC sends data to a smartphone that is slowl" processing received data, the smartphonemust regulate the data flow so as not to 'e overwhelmed.[6!

TCP uses a sliding windowflow control protocol. In each TCP segment, the receiver specifies in the receive windowfield theamount of additionall" received data (in '"tes) that it is willing to 'uffer for the connection. The sending host can send onl" up to

that amount of data 'efore it must wait for an acknowledgment and window update from the receiving host.

http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=9http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=9http://en.wikipedia.org/wiki/Packet_losshttp://en.wikipedia.org/wiki/Packet_losshttp://en.wikipedia.org/wiki/Packet_losshttp://en.wikipedia.org/wiki/TCP_sequence_prediction_attackhttp://en.wikipedia.org/wiki/TCP_sequence_prediction_attackhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Selective_acknowledgmentshttp://en.wikipedia.org/wiki/Retransmission_(data_networks)http://en.wikipedia.org/wiki/Retransmission_(data_networks)http://en.wikipedia.org/wiki/Retransmission_(data_networks)http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=10http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=10http://en.wikipedia.org/wiki/Checksumhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structurehttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structurehttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structurehttp://en.wikipedia.org/wiki/Layer_2http://en.wikipedia.org/wiki/Layer_2http://en.wikipedia.org/wiki/Point-to-Point_Protocolhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/End-to-end_principlehttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-15http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-15http://en.wikipedia.org/wiki/End-to-end_principlehttp://en.wikipedia.org/wiki/End-to-end_principlehttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=11http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=11http://en.wikipedia.org/wiki/Flow_control_(data)http://en.wikipedia.org/wiki/Flow_control_(data)http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/Sliding_Window_Protocolhttp://en.wikipedia.org/wiki/Sliding_Window_Protocolhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=9http://en.wikipedia.org/wiki/Packet_losshttp://en.wikipedia.org/wiki/TCP_sequence_prediction_attackhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#Selective_acknowledgmentshttp://en.wikipedia.org/wiki/Retransmission_(data_networks)http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=10http://en.wikipedia.org/wiki/Checksumhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structurehttp://en.wikipedia.org/wiki/Layer_2http://en.wikipedia.org/wiki/Point-to-Point_Protocolhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/End-to-end_principlehttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-15http://en.wikipedia.org/wiki/End-to-end_principlehttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=11http://en.wikipedia.org/wiki/Flow_control_(data)http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/Sliding_Window_Protocol

8/13/2019 Tcp Syn & Windowing

7/17

TCP seuence num'ers and receive windows 'ehave ver" much like a clock. The receive window shifts each time the receiver

receives and acknowledges a new segment of data. 2nce it runs out of seuence num'ers, the seuence num'er loops 'ack to +.

0hen a receiver advertises a window si1e of +, the sender stops sending data and starts thepersist timer. The persist timer is used

to protect TCP from adeadlocksituation that could arise if a su'seuent window si1e update from the receiver is lost, and thesender cannot send more data until receiving a new window si1e update from the receiver. 0hen the persist timer expires, theTCP sender attempts recover" '" sending a small packet so that the receiver responds '" sending another acknowledgementcontaining the new window si1e.

If a receiver is processing incoming data in small increments, it ma" repeatedl" advertise a small receive window. This is referredto as thesill" window s"ndrome, since it is inefficient to send onl" a few '"tes of data in a TCP segment, given the relativel"

large overhead of the TCP header.

Congestion control[edit]

The final main aspect of TCP is congestion control.TCP uses a num'er of mechanisms to achieve high performance and avoidcongestion collapse,where network performance can fall '" several orders of magnitude. These mechanisms control the rate of

data entering the network, keeping the data flow 'elow a rate that would trigger collapse. The" also "ield an approximatel" max9

min fairallocation 'etween flows.

cknowledgments for data sent, or lack of acknowledgments, are used '" senders to infer network conditions 'etween the TCPsender and receiver. Coupled with timers, TCP senders and receivers can alter the 'ehavior of the flow of data. This is moregenerall" referred to as congestion control andGor network congestion avoidance.

Bodern implementations of TCP contain four intertwined algorithms& -low9start,congestion avoidance,fast retransmit,andfast

recover"(/:C 5?*).

In addition, senders emplo" a retransmission timeout(/T2) that is 'ased on the estimated round9trip time(or /TT) 'etween the

sender and receiver, as well as the variance in this round trip time. The 'ehavior of this timer is specified in /:C 56;?.There aresu'tleties in the estimation of /TT. :or example, senders must 'e careful when calculating /TT samples for retransmitted

packetsE t"picall" the" use7arn8s lgorithmor TCP timestamps (see /:C *6). These individual /TT samples are thenaveraged over time to create a -moothed /ound Trip Time (-/TT) usingNaco'son8s algorithm. This -/TT value is what is

finall" used as the round9trip time estimate.

=nhancing TCP to relia'l" handle loss, minimi1e errors, manage congestion and go fast in ver" high9speed environments are

ongoing areas of research and standards development. s a result, there are a num'er of TCP congestion avoidance algorithmvariations.

-aimum segment si/e[edit]

http://en.wikipedia.org/wiki/Deadlockhttp://en.wikipedia.org/wiki/Deadlockhttp://en.wikipedia.org/wiki/Silly_window_syndromehttp://en.wikipedia.org/wiki/Silly_window_syndromehttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=12http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=12http://en.wikipedia.org/wiki/Congestion_controlhttp://en.wikipedia.org/wiki/Congestion_controlhttp://en.wikipedia.org/wiki/Congestive_collapsehttp://en.wikipedia.org/wiki/Congestive_collapsehttp://en.wikipedia.org/wiki/Max-min_fairnesshttp://en.wikipedia.org/wiki/Max-min_fairnesshttp://en.wikipedia.org/wiki/Slow-starthttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/Fast_retransmithttp://en.wikipedia.org/wiki/Fast_retransmithttp://en.wikipedia.org/wiki/Slow-start#Fast_recoveryhttp://en.wikipedia.org/wiki/Slow-start#Fast_recoveryhttp://en.wikipedia.org/wiki/Slow-start#Fast_recoveryhttp://en.wikipedia.org/wiki/Slow-start#Fast_recoveryhttp://tools.ietf.org/html/rfc5681http://en.wikipedia.org/wiki/Round-trip_timehttp://en.wikipedia.org/wiki/Round-trip_timehttp://tools.ietf.org/html/rfc6298http://tools.ietf.org/html/rfc6298http://en.wikipedia.org/wiki/Karn's_Algorithmhttp://en.wikipedia.org/wiki/Karn's_Algorithmhttp://en.wikipedia.org/wiki/Karn's_Algorithmhttp://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://en.wikipedia.org/wiki/Van_Jacobsonhttp://en.wikipedia.org/wiki/Van_Jacobsonhttp://en.wikipedia.org/wiki/Van_Jacobsonhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=13http://en.wikipedia.org/wiki/File:Tcp.svghttp://en.wikipedia.org/wiki/File:Tcp.svghttp://en.wikipedia.org/wiki/Deadlockhttp://en.wikipedia.org/wiki/Silly_window_syndromehttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=12http://en.wikipedia.org/wiki/Congestion_controlhttp://en.wikipedia.org/wiki/Congestive_collapsehttp://en.wikipedia.org/wiki/Max-min_fairnesshttp://en.wikipedia.org/wiki/Max-min_fairnesshttp://en.wikipedia.org/wiki/Slow-starthttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/Fast_retransmithttp://en.wikipedia.org/wiki/Slow-start#Fast_recoveryhttp://en.wikipedia.org/wiki/Slow-start#Fast_recoveryhttp://tools.ietf.org/html/rfc5681http://en.wikipedia.org/wiki/Round-trip_timehttp://tools.ietf.org/html/rfc6298http://en.wikipedia.org/wiki/Karn's_Algorithmhttp://tools.ietf.org/html/rfc1323http://en.wikipedia.org/wiki/Van_Jacobsonhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=13

8/13/2019 Tcp Syn & Windowing

8/17

Themaximum segment si1e(B--) is the largest amount of data, specified in '"tes, that TCP is willing to receive in a single

segment. :or 'est performance, the B-- should 'e set small enough to avoid IP fragmentation,which can lead to packet loss andexcessive retransmissions. To tr" to accomplish this, t"picall" the B-- is announced '" each side using the B-- option when

the TCP connection is esta'lished, in which case it is derived from themaximum transmission unit(BT$) si1e of the data linkla"erof the networks to which the sender and receiver are directl" attached. :urthermore, TCP senders can usepath BT$

discover"to infer the minimum BT$ along the network path 'etween the sender and receiver, and use this to d"namicall" adKustthe B-- to avoid IP fragmentation within the network..

B-- announcement is also often called 4B-- negotiation4. -trictl" speaking, the B-- is not 4negotiated4 'etween the originatorand the receiver, 'ecause that would impl" that 'oth originator and receiver will negotiate and agree upon a single, unified B--

that applies to all communication in 'oth directions of the connection. In fact, two completel" independent values of B-- arepermitted for the two directions of data flow in a TCP connection.[*5!This situation ma" arise, for example, if one of the devicesparticipating in a connection has an extremel" limited amount of memor" reserved (perhaps even smaller than the overalldiscovered Path BT$) for processing incoming TCP segments.

!electie acno,ledgments[edit]

/el"ing purel" on the cumulative acknowledgment scheme emplo"ed '" the original TCP protocol can lead to inefficiencies

when packets are lost. :or example, suppose *+,+++ '"tes are sent in *+ different TCP packets, and the first packet is lost duringtransmission. In a pure cumulative acknowledgment protocol, the receiver cannot sa" that it received '"tes *,+++ to ;,;;;successfull", 'ut failed to receive the first packet, containing '"tes + to ;;;. Thus the sender ma" then have to resend all *+,+++

'"tes.

To solve this pro'lem TCP emplo"s theselective acknowledgment +S&C,-option, defined in /:C 6+*?,which allows thereceiver to acknowledge discontinuous 'locks of packets that were received correctl", in addition to the seuence num'er of the

last contiguous '"te received successivel", as in the 'asic TCP acknowledgment. The acknowledgement can specif" a num'er ofS&C, $locks, where each -C7 'lock is conve"ed '" the starting and ending seuence num'ers of a contiguous range that thereceiver correctl" received. In the example a'ove, the receiver would send -C7 with seuence num'ers *+++ and ;;;;. Thesender thus retransmits onl" the first packet, '"tes + to ;;;.

TCP sender can interpret an out9of9order packet deliver" as a lost packet. If it does so, the TCP sender will retransmit thepacket previous to the out9of9order packet and slow its data deliver" rate for that connection. The duplicate9-C7 option, anextension to the -C7 option that was defined in/:C 6??,solves this pro'lem. The TCP receiver sends a #9C7 to indicatethat no packets were lost, and the TCP sender can then reinstate the higher transmission rate.

The -C7 option is not mandator" and it is used onl" if 'oth parties support it. This is negotiated when connection isesta'lished. -C7 uses the optional part of the TCP header (seeTCP segment structurefor details). The use of -C7 is

widespread M all popular TCP stacks support it. -elective acknowledgment is also used in -tream Control Transmission Protocol(-CTP).

indo, scaling[edit]

.ain article/ TCP window scale option

:or more efficient use of high 'andwidth networks, a larger TCP window si1e ma" 'e used. The TCP window si1e field controlsthe flow of data and its value is limited to 'etween 6 and 5, '"tes.

-ince the si1e field cannot 'e expanded, a scaling factor is used. The TCP window scale option,as defined in/:C *6,is an

option used to increase the maximum window si1e from 5, '"tes to * giga'"te. -caling up to larger window si1es is a part ofwhat is necessar" for TCP Tuning.

The window scale option is used onl" during the TCP 9wa" handshake. The window scale value represents the num'er of 'its toleft9shift the *59'it window si1e field. The window scale value can 'e set from + (no shift) to *% for each direction independentl".Doth sides must send the option in their -H> segments to ena'le window scaling in either direction.

-ome routers and packet firewalls rewrite the window scaling factor during a transmission. This causes sending and receivingsides to assume different TCP window si1es. The result is non9sta'le traffic that ma" 'e ver" slow. The pro'lem is visi'le on

some sites 'ehind a defective router.[*F!

http://en.wikipedia.org/wiki/Maximum_segment_sizehttp://en.wikipedia.org/wiki/Maximum_segment_sizehttp://en.wikipedia.org/wiki/Maximum_segment_sizehttp://en.wikipedia.org/wiki/IP_fragmentationhttp://en.wikipedia.org/wiki/IP_fragmentationhttp://en.wikipedia.org/wiki/MTU_(networking)http://en.wikipedia.org/wiki/MTU_(networking)http://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/Path_MTU_discoveryhttp://en.wikipedia.org/wiki/Path_MTU_discoveryhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-16http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-16http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=14http://tools.ietf.org/html/rfc2018http://tools.ietf.org/html/rfc2018http://tools.ietf.org/html/rfc2883http://tools.ietf.org/html/rfc2883http://tools.ietf.org/html/rfc2883http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structurehttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structurehttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structurehttp://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocolhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=15http://en.wikipedia.org/wiki/TCP_window_scale_optionhttp://en.wikipedia.org/wiki/TCP_window_scale_optionhttp://en.wikipedia.org/wiki/TCP_window_scale_optionhttp://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://en.wikipedia.org/wiki/TCP_Tuninghttp://en.wikipedia.org/wiki/TCP_Tuninghttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-17http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-17http://en.wikipedia.org/wiki/Maximum_segment_sizehttp://en.wikipedia.org/wiki/IP_fragmentationhttp://en.wikipedia.org/wiki/MTU_(networking)http://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/Path_MTU_discoveryhttp://en.wikipedia.org/wiki/Path_MTU_discoveryhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-16http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=14http://tools.ietf.org/html/rfc2018http://tools.ietf.org/html/rfc2883http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structurehttp://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocolhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=15http://en.wikipedia.org/wiki/TCP_window_scale_optionhttp://en.wikipedia.org/wiki/TCP_window_scale_optionhttp://tools.ietf.org/html/rfc1323http://en.wikipedia.org/wiki/TCP_Tuninghttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-17

8/13/2019 Tcp Syn & Windowing

9/17

TCP timestamps[edit]

TCP timestamps, defined in /:C *6, can help TCP determine in which order packets were sent. TCP timestamps are notnormall" aligned to the s"stem clock and start at some random value. Ban" operating s"stems will increment the timestamp forever" elapsed millisecondE however the /:C onl" states that the ticks should 'e proportional.

There are two timestamp fields&

" $%&'te sener tmest"m *"#+e (m' tmest"m)" $%&'te ec,o re#' tmest"m *"#+e (t,e most recent tmest"m rece*e -rom 'o+).

TCP timestamps are used in an algorithm known asProtection &gainst Wrapped Se*uencenum'ers, orP&WS(see/:C *6fordetails). P0- is used when the TCP window si1e exceeds the possi'le num'ers of seuence num'ers (6 6). In the case where a

packet was potentiall" retransmitted it answers the uestion& 4Is this seuence num'er in the first % D or the secondO4 nd thetimestamp is used to 'reak the tie.

/:C *6incorrectl" states in section 6. that the window scale must 'e limited to 6+to remain under * D (which is correct,'ut the seuence num'er limit is % D)E however a scale of *5 and a window si1e of 5 would 'e 55 less than the 66possi'le seuence num'ers and thus an accepta'le "et excessive value. Decause of this error man" s"stems have limited the maxscale to 6*%to 4follow the /:C4.[citation needed!

lso, the =ifel detection algorithm (/:C 66)uses TCP timestamps to determine if retransmissions are occurring 'ecausepackets are lost or simpl" out of order.

Out o) band data[edit]

2ne is a'le to interrupt or a'ort the ueued stream instead of waiting for the stream to finish. This is done '" specif"ing the data

as urgent. This tells the receiving program to process it immediatel", along with the rest of the urgent data. 0hen finished, TCPinforms the application and resumes 'ack to the stream ueue. n example is when TCP is used for a remote login session, the

user can send a ke"'oard seuence that interrupts or a'orts the program at the other end. These signals are most often neededwhen a program on the remote machine fails to operate correctl". The signals must 'e sent without waiting for the program to

finish its current transfer.[6!

TCP 22D data was not designed for the modern Internet. The urgentpointer onl" alters the processing on the remote host anddoesn8t expedite an" processing on the network itself. 0hen it gets to the remote host there are two slightl" differentinterpretations of the protocol, which means onl" single '"tes of 22D data are relia'le. This is assuming it is relia'le at all as it is

one of the least commonl" used protocol elements and tends to 'e poorl" implemented.[*?![*;!

+orcing data delier[edit]

>ormall", TCP waits for 6++ ms or for a full packet of data to send (>agle8s lgorithmtries to group small messages into asingle packet). This wait creates small, 'ut potentiall" serious, dela"s if repeated constantl" during a file transfer. :or example, at"pical send 'lock would 'e % 7D, a t"pical B-- is *%5+, so 6 packets go out on a *+ B'itGs ethernet taking *.6 ms eachfollowed '" a third carr"ing the remaining **F5 after a *;F ms pause 'ecause TCP is waiting for a full 'uffer.

In the case of telnet, each user ke"stroke is echoed 'ack '" the server 'efore the user can see it on the screen. This dela" would'ecome ver" anno"ing.

-etting the socketoption TCP/N01E2AYoverrides the default 6++ ms send dela". pplication programs use this socket option

to force output to 'e sent after writing a character or line of characters.

The /:C defines the PSHpush 'it as 4a message to the receiving TCP stack to send this data immediatel" up to the receiving

application4.[6!There is no wa" to indicate or control it in $ser spaceusingDerkele" socketsand it is controlled '"Protocol stack

onl".[6+!

ulnerabilities[edit]

http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=16http://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://tools.ietf.org/html/rfc3522http://tools.ietf.org/html/rfc3522http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=17http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=17http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-18http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-18http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-19http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=18http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=18http://en.wikipedia.org/wiki/Nagle's_Algorithmhttp://en.wikipedia.org/wiki/Network_sockethttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/User_spacehttp://en.wikipedia.org/wiki/User_spacehttp://en.wikipedia.org/wiki/Berkeley_socketshttp://en.wikipedia.org/wiki/Berkeley_socketshttp://en.wikipedia.org/wiki/Berkeley_socketshttp://en.wikipedia.org/wiki/Protocol_stackhttp://en.wikipedia.org/wiki/Protocol_stackhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-Stevens2006-20http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-Stevens2006-20http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=19http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=16http://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://tools.ietf.org/html/rfc1323http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://tools.ietf.org/html/rfc3522http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=17http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-18http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-19http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=18http://en.wikipedia.org/wiki/Nagle's_Algorithmhttp://en.wikipedia.org/wiki/Network_sockethttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-comer-2http://en.wikipedia.org/wiki/User_spacehttp://en.wikipedia.org/wiki/Berkeley_socketshttp://en.wikipedia.org/wiki/Protocol_stackhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-Stevens2006-20http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=19

8/13/2019 Tcp Syn & Windowing

10/17

TCP ma" 'e attacked in a variet" of wa"s. The results of a thorough securit" assessment of TCP, along with possi'le mitigations

for the identified issues, were pu'lished in 6++;,[6*!and is currentl" 'eing pursued within the I=T:.[66!

(enial o) serice[edit]

D" using a spoofed IPaddress and repeatedl" sendingpurposel" assem'led-H> packets, followed '" man" C7 packets,attackers can cause the server to consume large amounts of resources keeping track of the 'ogus connections. This is known as a

-H> floodattack. Proposed solutions to this pro'lem include-H> cookiesand cr"ptographic pu11les, though s"n cookies comewith their own set of vulnera'ilities.[6!-ockstressis a similar attack, that might 'e mitigated with s"stem resource management.[6%!n advanced #o- attack involving the exploitation of the TCP Persist Timer was anal"1ed inPhrackQ55.[6!

Connection i5acing[edit]

.ain article/ TCP se*uence prediction attack

n attacker who is a'le to eavesdrop a TCP session and redirect packets can hiKack a TCP connection. To do so, the attacker

learns the seuence num'er from the ongoing communication and forges a false segment that looks like the next segment in thestream. -uch a simple hiKack can result in one packet 'eing erroneousl" accepted at one end. 0hen the receiving host

acknowledges the extra segment to the other side of the connection, s"nchroni1ation is lost. iKacking might 'e com'ined with/P or routing attacks that allow taking control of the packet flow, so as to get permanent control of the hiKacked TCP

connection.[65!

Impersonating a different IP address was not difficult prior to/:C *;%?,when the initialse*uence num$erwas easil" guessa'le.

That allowed an attacker to 'lindl" send a seuence of packets that the receiver would 'elieve to come from a different IPaddress, without the need to deplo" /P or routing attacks& it is enough to ensure that the legitimate host of the impersonated IPaddress is down, or 'ring it to that condition usingdenial9of9service attacks.This is wh" the initial seuence num'er is nowchosen at random.

TCP eto[edit]

n attacker who can eavesdrop and predict the si1e of the next packet to 'e sent can cause the receiver to accept a malicious

pa"load without disrupting the existing connection. The attacker inKects a malicious packet with the seuence num'er and apa"load si1e of the next expected packet. 0hen the legitimate packet is ultimatel" received, it is found to have the same seuencenum'er and length as a packet alread" received and is silentl" dropped as a normal duplicate packetMthe legitimate packet is

4vetoed4 '" the malicious packet. $nlike in connection hiKacking, the connection is never des"nchroni1ed and communicationcontinues as normal after the malicious pa"load is accepted. TCP veto gives the attacker less control over the communication, 'utmakes the attack particularl" resistant to detection. The large increase in network traffic from the C7 storm is avoided. The

onl" evidence to the receiver that something is amiss is a single duplicate packet, a normal occurrence in an IP network. Thesender of the vetoed packet never sees an" evidence of an attack. [6F!

TCP ports[edit]

.ain article/ TCP and 0(P port

TCP usesport num'ersto identif" sending and receiving application end9points on a host, or%nternet sockets. =ach side of a TCPconnection has an associated *59'it unsigned port num'er (+95) reserved '" the sending or receiving application. rriving

TCP data packets are identified as 'elonging to a specific TCP connection '" its sockets, that is, the com'ination of source hostaddress, source port, destination host address, and destination port. This means that a server computer can provide several clients

with several services simultaneousl", as long as a client takes care of initiating an" simultaneous connections to one destinationport from different source ports.

Port num'ers are categori1ed into three 'asic categories& well9known, registered, and d"namicGprivate. The well9known ports areassigned '" the Internet ssigned >um'ers uthorit"(I>) and are t"picall" used '" s"stem9level or root processes. 0ell9known applications running as servers and passivel" listening for connections t"picall" use these ports. -ome examples include&:TP(6+ and 6*), --(66),T=A>=T(6), -BTP(6),--A(%%) and TTP(?+). /egistered ports are t"picall" used '" end

user applications as ephemeralsource ports when contacting servers, 'ut the" can also identif" named services that have 'eenregistered '" a third part". #"namicGprivate ports can also 'e used '" end user applications, 'ut are less commonl" so.

#"namicGprivate ports do not contain an" meaning outside of an" particular TCP connection.

http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-21http://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-22http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-22http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=20http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=20http://en.wikipedia.org/wiki/IP_address_spoofinghttp://en.wikipedia.org/wiki/IP_address_spoofinghttp://en.wikipedia.org/wiki/Mangled_packethttp://en.wikipedia.org/wiki/Mangled_packethttp://en.wikipedia.org/wiki/Mangled_packethttp://en.wikipedia.org/wiki/SYN_floodhttp://en.wikipedia.org/wiki/SYN_floodhttp://en.wikipedia.org/wiki/SYN_cookieshttp://en.wikipedia.org/wiki/SYN_cookieshttp://en.wikipedia.org/wiki/SYN_cookieshttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-23http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-23http://en.wikipedia.org/wiki/Sockstresshttp://en.wikipedia.org/wiki/Sockstresshttp://en.wikipedia.org/wiki/Sockstresshttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-24http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-24http://en.wikipedia.org/wiki/Phrackhttp://en.wikipedia.org/wiki/Phrackhttp://en.wikipedia.org/wiki/Phrackhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-25http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-25http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=21http://en.wikipedia.org/wiki/TCP_sequence_prediction_attackhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-26http://tools.ietf.org/html/rfc1948http://tools.ietf.org/html/rfc1948http://tools.ietf.org/html/rfc1948http://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=22http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-27http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=23http://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/Internet_sockethttp://en.wikipedia.org/wiki/Internet_sockethttp://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authorityhttp://en.wikipedia.org/wiki/File_Transfer_Protocolhttp://en.wikipedia.org/wiki/File_Transfer_Protocolhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/TELNEThttp://en.wikipedia.org/wiki/TELNEThttp://en.wikipedia.org/wiki/SMTPhttp://en.wikipedia.org/wiki/SMTPhttp://en.wikipedia.org/wiki/Secure_Socket_Layerhttp://en.wikipedia.org/wiki/Secure_Socket_Layerhttp://en.wikipedia.org/wiki/Secure_Socket_Layerhttp://en.wikipedia.org/wiki/HTTPhttp://en.wikipedia.org/wiki/HTTPhttp://en.wikipedia.org/wiki/Ephemeral_porthttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-21http://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-22http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=20http://en.wikipedia.org/wiki/IP_address_spoofinghttp://en.wikipedia.org/wiki/Mangled_packethttp://en.wikipedia.org/wiki/SYN_floodhttp://en.wikipedia.org/wiki/SYN_cookieshttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-23http://en.wikipedia.org/wiki/Sockstresshttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-24http://en.wikipedia.org/wiki/Phrackhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-25http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=21http://en.wikipedia.org/wiki/TCP_sequence_prediction_attackhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-26http://tools.ietf.org/html/rfc1948http://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=22http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-27http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=23http://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/Internet_sockethttp://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authorityhttp://en.wikipedia.org/wiki/File_Transfer_Protocolhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/TELNEThttp://en.wikipedia.org/wiki/SMTPhttp://en.wikipedia.org/wiki/Secure_Socket_Layerhttp://en.wikipedia.org/wiki/HTTPhttp://en.wikipedia.org/wiki/Ephemeral_port

8/13/2019 Tcp Syn & Windowing

11/17

(eelopment[edit]

TCP is a complex protocol. owever, while significant enhancements have 'een made and proposed over the "ears, its most'asic operation has not changed significantl" since its first specification /:C 5Fin *;F%, and the v% specification/:C F;,pu'lished in -eptem'er *;?*. /:C **66, ost /euirements for Internet osts, clarified a num'er of TCP protocolimplementation reuirements./:C 6?*,TCP Congestion Control, one of the most important TCP9related /:Cs in recent "ears,

descri'es updated algorithms that avoid undue congestion. In 6++*, /:C *5?was written to descri'e explicit congestion

notification(=C>), a congestion avoidance signaling mechanism.

The originalTCP congestion avoidance algorithmwas known as 4TCP Tahoe4, 'ut man" alternative algorithms have since 'eenproposed (includingTCP /eno,TCP @egas,:-T TCP,TCP >ew /eno, andTCP "'la).

TCP Interactive(iTCP) [6?!is a research effort into TCP extensions that allows applications to su'scri'e to TCP events andregister handler components that can launch applications for various purposes, including application9assisted congestion control.

Bultipath TCP(BPTCP)[6;![+!is an ongoing effort within theI=T:that aims at allowing a TCP connection to use multiple pathsto maximise resource usage and increase redundanc". The redundanc" offered '" Bultipath TCP in the context of wirelessnetworks[*!ena'les statistical multiplexing of resources, and thus increases TCP throughput dramaticall". Bultipath TCP also

'rings performance 'enefits in datacenter environments.[6!The reference implementation[!of Bultipath TCP is 'eing developed

in the Ainux kernel.[%![!

TCP Cookie Transactions(TCPCT) is an extension proposed in #ecem'er 6++; to secure servers against denial9of9service

attacks. $nlike-H> cookies, TCPCT does not conflict with other TCP extensions such aswindow scaling. TCPCT was designeddue to necessities of #>--=C,where servers have to handle large num'ers of short9lived TCP connections.

tcpcr"ptis an extension proposed in Nul" 6+*+ to provide transport9level encr"ption directl" in TCP itself. It is designed to worktransparentl" and not reuire an" configuration. $nlike TA-(--A), tcpcr"pt itself does not provide authentication, 'ut provides

simple primitives down to the application to do that. s of 6+*+, the first tcpcr"pt I=T:draft has 'een pu'lished andimplementations exist for several maKor platforms.

TCP :ast 2penis an extension to speed up the opening of successive TCP connections 'etween two endpoints. It works '"skipping the three9wa" handshake using a cr"ptographic 4cookie4. It is similar to an earlier proposal called TGTCP, which was notwidel" adopted due to securit" issues.[5!s of Nul" 6+*6, it is an I=T: Internet draft. [F!

TCP oer ,ireless net,ors[edit]

TCP has 'een optimi1ed for wired networks. n"packet lossis considered to 'e the result of network congestionand thecongestion window si1e is reduced dramaticall" as a precaution. owever, wireless links are known to experience sporadic and

usuall" temporar" losses due to fading, shadowing, hand off, and other radio effects, that cannot 'e considered congestion. fterthe (erroneous) 'ack9off of the congestion window si1e, due to wireless packet loss, there can 'e a congestion avoidance phasewith a conservative decrease in window si1e. This causes the radio link to 'e underutili1ed. =xtensive research has 'een done onthe su'Kect of how to com'at these harmful effects. -uggested solutions can 'e categori1ed as end9to9end solutions (which

reuire modifications at the client or server), [?!link la"er solutions (such as/APin cellular networks), or prox" 'ased solutions(which reuire some changes in the network without modif"ing end nodes). [?![;!

num'er of alternative congestion control algorithms have 'een proposed to help solve the wireless pro'lem, such as @egas,0estwood,@eno and -anta Cru1.

ard,are implementations[edit]

2ne wa" to overcome the processing power reuirements of TCP is to 'uild hardware implementations of it, widel" known as

TCP 2ffload =ngines(T2=). The main pro'lem of T2=s is that the" are hard to integrate into computing s"stems, reuiringextensive changes in the operating s"stem of the computer or device. 2ne compan" to develop such a device was lacritech.

(ebugging[edit]

http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=24http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=24http://tools.ietf.org/html/rfc675http://tools.ietf.org/html/rfc675http://tools.ietf.org/html/rfc793http://tools.ietf.org/html/rfc793http://tools.ietf.org/html/rfc793http://tools.ietf.org/html/rfc1122http://tools.ietf.org/html/rfc2581http://tools.ietf.org/html/rfc2581http://tools.ietf.org/html/rfc2581http://tools.ietf.org/html/rfc3168http://tools.ietf.org/html/rfc3168http://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/TCP_Renohttp://en.wikipedia.org/wiki/TCP_Renohttp://en.wikipedia.org/wiki/TCP_Renohttp://en.wikipedia.org/wiki/TCP_Vegashttp://en.wikipedia.org/wiki/FAST_TCPhttp://en.wikipedia.org/wiki/FAST_TCPhttp://en.wikipedia.org/wiki/FAST_TCPhttp://en.wikipedia.org/wiki/TCP_New_Renohttp://en.wikipedia.org/wiki/TCP_Hyblahttp://en.wikipedia.org/wiki/TCP_Hyblahttp://en.wikipedia.org/wiki/TCP_Hyblahttp://en.wikipedia.org/w/index.php?title=TCP_Interactive&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=TCP_Interactive&action=edit&redlink=1http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-28http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-28http://en.wikipedia.org/wiki/Multipath_TCPhttp://en.wikipedia.org/wiki/Multipath_TCPhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-29http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-29http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-30http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-30http://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-31http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-31http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-32http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-32http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-33http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-34http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-35http://en.wikipedia.org/wiki/TCP_Cookie_Transactionshttp://en.wikipedia.org/wiki/SYN_cookieshttp://en.wikipedia.org/wiki/SYN_cookieshttp://en.wikipedia.org/wiki/Window_scalinghttp://en.wikipedia.org/wiki/Window_scalinghttp://en.wikipedia.org/wiki/DNSSEChttp://en.wikipedia.org/wiki/DNSSEChttp://en.wikipedia.org/wiki/Tcpcrypthttp://en.wikipedia.org/wiki/Tcpcrypthttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/TCP_Fast_Openhttp://en.wikipedia.org/wiki/TCP_Fast_Openhttp://en.wikipedia.org/wiki/T/TCPhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-lwn-36http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-lwn-36http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-37http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=25http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=25http://en.wikipedia.org/wiki/Packet_losshttp://en.wikipedia.org/wiki/Packet_losshttp://en.wikipedia.org/wiki/Network_congestionhttp://en.wikipedia.org/wiki/Network_congestionhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-Microsoft_Academic_Research-38http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-Microsoft_Academic_Research-38http://en.wikipedia.org/wiki/Radio_Link_Protocolhttp://en.wikipedia.org/wiki/Radio_Link_Protocolhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-Microsoft_Academic_Research-38http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-IEEE_Computer_Society-39http://en.wikipedia.org/wiki/TCP_Vegashttp://en.wikipedia.org/wiki/TCP_Vegashttp://en.wikipedia.org/wiki/TCP_Westwoodhttp://en.wikipedia.org/wiki/TCP_Westwoodhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=26http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=26http://en.wikipedia.org/wiki/TCP_Offload_Enginehttp://en.wikipedia.org/wiki/Alacritechhttp://en.wikipedia.org/wiki/Alacritechhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=27http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=27http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=24http://tools.ietf.org/html/rfc675http://tools.ietf.org/html/rfc793http://tools.ietf.org/html/rfc1122http://tools.ietf.org/html/rfc2581http://tools.ietf.org/html/rfc3168http://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://en.wikipedia.org/wiki/Explicit_Congestion_Notificationhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/TCP_Renohttp://en.wikipedia.org/wiki/TCP_Vegashttp://en.wikipedia.org/wiki/FAST_TCPhttp://en.wikipedia.org/wiki/TCP_New_Renohttp://en.wikipedia.org/wiki/TCP_Hyblahttp://en.wikipedia.org/w/index.php?title=TCP_Interactive&action=edit&redlink=1http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-28http://en.wikipedia.org/wiki/Multipath_TCPhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-29http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-30http://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-31http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-32http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-33http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-34http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-35http://en.wikipedia.org/wiki/TCP_Cookie_Transactionshttp://en.wikipedia.org/wiki/SYN_cookieshttp://en.wikipedia.org/wiki/Window_scalinghttp://en.wikipedia.org/wiki/DNSSEChttp://en.wikipedia.org/wiki/Tcpcrypthttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/TCP_Fast_Openhttp://en.wikipedia.org/wiki/T/TCPhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-lwn-36http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-37http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=25http://en.wikipedia.org/wiki/Packet_losshttp://en.wikipedia.org/wiki/Network_congestionhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-Microsoft_Academic_Research-38http://en.wikipedia.org/wiki/Radio_Link_Protocolhttp://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-Microsoft_Academic_Research-38http://en.wikipedia.org/wiki/Transmission_Control_Protocol#cite_note-IEEE_Computer_Society-39http://en.wikipedia.org/wiki/TCP_Vegashttp://en.wikipedia.org/wiki/TCP_Westwoodhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=26http://en.wikipedia.org/wiki/TCP_Offload_Enginehttp://en.wikipedia.org/wiki/Alacritechhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=27

8/13/2019 Tcp Syn & Windowing

12/17

packet sniffer, which intercepts TCP traffic on a network link, can 'e useful in de'ugging networks, network stacks and

applications that use TCP '" showing the user what packets are passing through a link. -ome networking stacks support the-2R#=D$ socket option, which can 'e ena'led on the socket using setsockopt. That option dumps all the packets, TCP states,

and events on that socket, which is helpful in de'ugging.>etstatis another utilit" that can 'e used for de'ugging.

%lternaties[edit]

:or man" applications TCP is not appropriate. 2ne pro'lem (at least with normal implementations) is that the application cannotaccess the packets coming after a lost packet until the retransmitted cop" of the lost packet is received. This causes pro'lems for

real9time applications such as streaming media,real9time multipla"er games and voice over IP(@oIP) where it is generall" moreuseful to get most of the data in a timel" fashion than it is to get all of the data in order.

:or 'oth historical and performance reasons, most storage area networks(->s) prefer to use :i're Channelprotocol (:CP)instead of TCPGIP.

lso, forem'edded s"stems,network 'ooting,and servers that serve simple reuests from huge num'ers of clients (e.g.#>-servers) the complexit" of TCP can 'e a pro'lem. :inall", some tricks such as transmitting data 'etween two hosts that are 'oth

'ehind>T(using-T$>or similar s"stems) are far simpler without a relativel" complex protocol like TCP in the wa".

enerall", where TCP is unsuita'le, the $ser #atagram Protocol($#P) is used. This provides the application multiplexingand

checksums that TCP does, 'ut does not handle streams or retransmission, giving the application developer the a'ilit" to codethem in a wa" suita'le for the situation, or to replace them with other methods like forward error correctionorinterpolation.

-tream Control Transmission Protocol(-CTP) is another IP protocol that provides relia'le stream oriented services similar toTCP. It is newer and considera'l" more complex than TCP, and has not "et seen widespread deplo"ment. owever, it isespeciall" designed to 'e used in situations where relia'ilit" and near9real9time considerations are important.

@enturi Transport Protocol(@TP) is a patentedproprietar" protocolthat is designed to replace TCP transparentl" to overcomeperceived inefficiencies related to wireless data transport.

TCP also has issues in high 'andwidth environments. The TCP congestion avoidance algorithmworks ver" well for ad9hoc

environments where the data sender is not known in advance, 'ut if the environment is predicta'le, a timing 'ased protocol suchas s"nchronous Transfer Bode(TB) can avoid TCP8s retransmits overhead.

Bultipurpose Transaction Protocol(BTPGIP) is patented proprietar" software that is designed to adaptivel" achieve highthroughput and transaction performance in a wide variet" of network conditions, particularl" those where TCP is perceived to 'einefficient.

Cecsum computation[edit]

TCP cecsum )or 7P4[edit]

0hen TCP runs overIPv%,the method used to compute the checksum is defined in /:C F;&

The checksum field is the 12 $it one3s complement of the one3s complement sum of all 124$it words in the header and text# %f asegment contains an odd num$er of header and text octets to $e checksummed the last octet is padded on the right with zeros toform a 124$it word for checksum purposes# The pad is not transmitted as part of the segment# While computing the checksum the

checksum field itself is replaced with zeros#

In other words, after appropriate padding, all *59'it words are added usingone8s complement arithmetic. The sum is then 'itwisecomplemented and inserted as the checksum field. pseudo9header that mimics the IPv% packet header used in the checksum

computation is shown in the ta'le 'elow.

TCP pseudo9header for checksum computation (IPv%)

it o))set 093 49: 891; 16931

0 -ource address

http://en.wikipedia.org/wiki/Packet_snifferhttp://en.wikipedia.org/wiki/Netstathttp://en.wikipedia.org/wiki/Netstathttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=28http://en.wikipedia.org/wiki/Streaming_mediahttp://en.wikipedia.org/wiki/Streaming_mediahttp://en.wikipedia.org/wiki/Voice_over_IPhttp://en.wikipedia.org/wiki/Storage_area_networkhttp://en.wikipedia.org/wiki/Storage_area_networkhttp://en.wikipedia.org/wiki/Fibre_Channelhttp://en.wikipedia.org/wiki/Fibre_Channel_Protocolhttp://en.wikipedia.org/wiki/Fibre_Channel_Protocolhttp://en.wikipedia.org/wiki/Embedded_systemshttp://en.wikipedia.org/wiki/Embedded_systemshttp://en.wikipedia.org/wiki/Network_bootinghttp://en.wikipedia.org/wiki/Network_bootinghttp://en.wikipedia.org/wiki/Network_bootinghttp://en.wikipedia.org/wiki/Domain_name_systemhttp://en.wikipedia.org/wiki/Domain_name_systemhttp://en.wikipedia.org/wiki/Domain_name_systemhttp://en.wikipedia.org/wiki/Network_address_translationhttp://en.wikipedia.org/wiki/Network_address_translationhttp://en.wikipedia.org/wiki/STUNhttp://en.wikipedia.org/wiki/STUNhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Multiplexinghttp://en.wikipedia.org/wiki/Forward_error_correctionhttp://en.wikipedia.org/wiki/Forward_error_correctionhttp://en.wikipedia.org/wiki/Interpolation_(computer_programming)http://en.wikipedia.org/wiki/Interpolation_(computer_programming)http://en.wikipedia.org/wiki/Interpolation_(computer_programming)http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocolhttp://en.wikipedia.org/wiki/Venturi_Transport_Protocolhttp://en.wikipedia.org/wiki/Venturi_Transport_Protocolhttp://en.wikipedia.org/wiki/Proprietary_protocolhttp://en.wikipedia.org/wiki/Proprietary_protocolhttp://en.wikipedia.org/wiki/Proprietary_protocolhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/Multipurpose_Transaction_Protocolhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=29http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=30http://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/IPv4http://tools.ietf.org/html/rfc793http://en.wikipedia.org/wiki/Signed_number_representations#Ones.27_complementhttp://en.wikipedia.org/wiki/Signed_number_representations#Ones.27_complementhttp://en.wikipedia.org/wiki/Packet_snifferhttp://en.wikipedia.org/wiki/Netstathttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=28http://en.wikipedia.org/wiki/Streaming_mediahttp://en.wikipedia.org/wiki/Voice_over_IPhttp://en.wikipedia.org/wiki/Storage_area_networkhttp://en.wikipedia.org/wiki/Fibre_Channelhttp://en.wikipedia.org/wiki/Fibre_Channel_Protocolhttp://en.wikipedia.org/wiki/Embedded_systemshttp://en.wikipedia.org/wiki/Network_bootinghttp://en.wikipedia.org/wiki/Domain_name_systemhttp://en.wikipedia.org/wiki/Network_address_translationhttp://en.wikipedia.org/wiki/STUNhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://en.wikipedia.org/wiki/Multiplexinghttp://en.wikipedia.org/wiki/Forward_error_correctionhttp://en.wikipedia.org/wiki/Interpolation_(computer_programming)http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocolhttp://en.wikipedia.org/wiki/Venturi_Transport_Protocolhttp://en.wikipedia.org/wiki/Proprietary_protocolhttp://en.wikipedia.org/wiki/TCP_congestion_avoidance_algorithmhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/Multipurpose_Transaction_Protocolhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=29http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=30http://en.wikipedia.org/wiki/IPv4http://tools.ietf.org/html/rfc793http://en.wikipedia.org/wiki/Signed_number_representations#Ones.27_complement

8/13/2019 Tcp Syn & Windowing

13/17

32 #estination address

64 Seros Protocol TCP length

#ata

-ource address < the one in the IPv5 header

#estination address < the final destinationE if the IPv5 packet doesn8t contain a /outing header, TCP uses the

destination address in the IPv5 header, otherwise, at the originating node, it uses the address in the last element of the/outing header, and, at the receiving node, it uses the destination address in the IPv5 header.

TCP length < the length of the TCP header and data

>ext eader < the protocol value for TCP

http://en.wikipedia.org/wiki/List_of_IP_protocol_numbershttp://en.wikipedia.org/wiki/List_of_IP_protocol_numbershttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=31http://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/IPv6http://tools.ietf.org/html/rfc2460http://tools.ietf.org/html/rfc2460http://en.wikipedia.org/wiki/List_of_IP_protocol_numbershttp://en.wikipedia.org/wiki/List_of_IP_protocol_numbershttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=31http://en.wikipedia.org/wiki/IPv6http://tools.ietf.org/html/rfc2460

8/13/2019 Tcp Syn & Windowing

14/17

Cecsum o))load [edit]

Ban" TCPGIP software stack implementations provide options to use hardware assistance to automaticall" compute the checksumin thenetwork adapterprior to transmission onto the network or upon reception from the network for validation. This ma" relievethe 2- from using precious CP$ c"cles calculating the checksum. ence, overall network performance is increased.

This feature ma" causepacket anal"1ersdetecting out'ound network traffic upstream of the network adapter that are unaware or

uncertain a'out the use of checksum offload to report invalid checksum in out'ound packets.

?????????TCP !"# model???????????

In this lesson, you will learn how two TCPdevices synchronize using three way handshake (3 way handshake) and

what are the three steps of a TCP three way handshake and how twoTCPdevices synchronize.

efore the sending device and the receiving device start the e!change of data, "oth devices need to "e

synchronized. #uring theTCP initialization process, the sending device and the receiving device e!change a few

control packets for synchronization purposes. This e!change is known as a three$way handshake.

The three$way handshake "egins with the initiator sending a TCP segmentwith theSYNcontrol "it flag set.

TCP allows one side to esta"lish a connection. The other side %ay either accept the connection or refuse it. If we

consider this fro% application layer point of view, the side that is esta"lishing the connection is the client and the

side waiting for a connection is the server.

TCP identifies two types of &P' calls

*ctive &pen. In an *ctive &pen call a device (client process) using TCP takes the active role and initiates the

connection "y sending aTCP SYN message to start the connection.

Passive &pen * passive &P' can specify that the device (server process) is waiting for an active &P' fro% a

specific client. It does not generate anyTCP message segment. The server processes listening for the clients are in

Passive &pen %ode.

http://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=32http://en.wikipedia.org/wiki/Network_adapterhttp://en.wikipedia.org/wiki/Network_adapterhttp://en.wikipedia.org/wiki/Network_adapterhttp://en.wikipedia.org/wiki/Packet_analyzerhttp://en.wikipedia.org/wiki/Packet_analyzerhttp://en.wikipedia.org/wiki/Packet_analyzerhttp://www.omnisecu.com/tcpip/transmission-control-protocol-tcp.phphttp://www.omnisecu.com/tcpip/transmission-control-protocol-tcp.phphttp://www.omnisecu.com/tcpip/transmission-control-protocol-tcp.phphttp://www.omnisecu.com/tcpip/transmission-control-protocol-tcp.phphttp://www.omnisecu.com/tcpip/transmission-control-protocol-tcp.phphttp://www.omnisecu.com/tcpip/transmission-control-protocol-tcp.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&action=edit&section=32http://en.wikipedia.org/wiki/Network_adapterhttp://en.wikipedia.org/wiki/Packet_analyzerhttp://www.omnisecu.com/tcpip/transmission-control-protocol-tcp.phphttp://www.omnisecu.com/tcpip/transmission-control-protocol-tcp.phphttp://www.omnisecu.com/tcpip/transmission-control-protocol-tcp.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.php

8/13/2019 Tcp Syn & Windowing

15/17

TCP Three-way Handshake

+tep . #evice * (Client) sends a TCP segmentwith +- , *C/ 0, I+ (Initial +e1uence u%"er) 2000.

The *ctive &pen device (#evice *) sends a seg%ent with theSYN flagset to , ACK flagset to 0 and an Initial

+e1uence u%"er 2000 (or '!a%ple), which %arks the "eginning of the se1uence nu%"ers for data that device *

will trans%it. SYNis short for +-chronize. SYN flagannounces an atte%pt to open a connection. The first "yte

trans%itted to #evice will have the se1uence nu%"er I+4.

+tep 2. #evice (+erver) receives #evice *5s TCP segmentand returns a TCP segmentwith +- , *C/ , I+

6000 (#evice 5s Initial Sequence Numer), Ackn!wledgment Numer 200 (2000 4 , the ne!t sequence

numer#evice e!pecting fro% #evice *).

+tep 3. #evice * sends a TCP segmentto #evice that acknowledges receipt of #evice 5s I+, 7ith flags set as

+- 0, *C/ , +e1uence nu%"er 200, Ackn!wledgment numer 600 (6000 4 , the ne!t se1uence

nu%"er #evice * e!pecting fro% #evice )

This handshaking techni1ue is referred to as the Three$way handshake or +-, +-$*C/, *C/.

*fter the three$way handshake, the connection is open and the participant co%puters start sending data using the

sequence and ackn!wledge numers.

-ou have learned what is TCP three way hand shake (3 way handshake), the three steps of a TCP three way

handshake and how two TCP devices synchronize. Click 8e!t8 to continue.

In this lesson, you will learn the ter%s 8TCP 7indow8, 8TCP +liding 7indow8 and how 8TCP +liding 7indow8

works.

http://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.phphttp://www.omnisecu.com/tcpip/tcp-header.php

8/13/2019 Tcp Syn & Windowing

16/17

"hat is a TCP "ind!w#

* TCP window is the a%ount of unacknowledged data a sender can send on a particular connection "efore it gets an

acknowledg%ent "ack fro% the receiver, that it has received so%e of the data.

TCP Sliding "ind!w

The working of the TCP sliding window %echanis% can "e e!plained as "elow.

The sending device can send all packets within the TCP wind!w si$e(as specified in the TCP header) without