TCP Internals

Core Concepts

The Transmission Control Protocol (TCP) is a fundamental protocol of the Internet protocol suite. It provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network.

Unlike UDP, TCP is a connection-oriented protocol. This means that a connection must be established between the sender and receiver before data can be transmitted. This connection establishment and termination process is managed through a series of control packets.

TCP Header Structure

The TCP header is typically 20 bytes long but can be extended by options. It contains essential information for managing the TCP connection:

Field Size (bits) Description
Source Port 16 The port number of the sending application.
Destination Port 16 The port number of the receiving application.
Sequence Number 32 The sequence number of the first data octet in this segment.
Acknowledgment Number 32 If the ACK flag is set, this field contains the value of the next sequence number the sender of the ACK expects to receive.
Data Offset (Header Length) 4 Specifies the size of the TCP header in 32-bit words.
Reserved 6 Must be zero.
Flags 6 Control flags such as SYN, ACK, FIN, RST, PSH, URG.
Window Size 16 The number of data octets, beginning with the one indicated by the Acknowledgment Number, that the receiver is willing to accept.
Checksum 16 Used for error checking of the header and data.
Urgent Pointer 16 Indicates the urgent data.
Options Variable Optional fields, such as Maximum Segment Size (MSS).

Reliability Mechanisms

TCP achieves reliability through several key mechanisms:

  • Sequencing and Acknowledgment

    Each byte of data sent is assigned a sequence number. The receiver acknowledges received data by sending back the sequence number of the *next* byte it expects. This allows the sender to detect missing or duplicate segments.

  • Retransmission

    If a sender does not receive an acknowledgment for a segment within a certain time (Retransmission Timeout - RTO), it retransmits the segment. The RTO is dynamically adjusted based on network conditions.

  • Flow Control

    The Window Size field in the TCP header is used for flow control. It tells the sender how much data the receiver is currently able to buffer. This prevents a fast sender from overwhelming a slow receiver.

    A sliding window mechanism is employed, where the sender can send multiple segments without waiting for an individual acknowledgment for each, up to the advertised window size. As acknowledgments arrive, the window "slides" forward, allowing more data to be sent.

  • Congestion Control

    TCP employs sophisticated algorithms to prevent network congestion. When congestion is detected (e.g., through packet loss or increased round-trip times), TCP reduces its sending rate. Common congestion control algorithms include:

    • Slow Start
    • Congestion Avoidance
    • Fast Retransmit
    • Fast Recovery

    These algorithms work by adjusting the congestion window (cwnd), which limits the amount of unacknowledged data that can be in transit.

Connection Management

TCP uses a three-way handshake to establish a connection and a four-way handshake (typically) to terminate it.

Three-Way Handshake (Connection Establishment)

  1. Client sends a segment with the SYN flag set.
  2. Server sends a segment with the SYN and ACK flags set, acknowledging the client's SYN and sending its own SYN.
  3. Client sends a segment with the ACK flag set, acknowledging the server's SYN.

Connection Termination

  1. One side sends a segment with the FIN flag set.
  2. The other side acknowledges the FIN.
  3. The other side sends its own FIN.
  4. The first side acknowledges the second FIN.

The RST flag is used to abruptly terminate a connection, often in error conditions.

TCP Options

TCP supports optional fields in its header to provide additional functionality. Some common options include:

  • Maximum Segment Size (MSS): The largest amount of data, specified in bytes, that a TCP segment can carry. This is usually negotiated during connection setup.
  • Window Scale: Allows the window size to be larger than 65,535 bytes, which is crucial for high-bandwidth, long-delay networks.
  • Timestamps: Used to improve the accuracy of Round Trip Time (RTT) measurements and handle delayed packets.
  • Selective Acknowledgments (SACK): Allows the receiver to inform the sender about contiguous blocks of received data, even if some segments in between are missing. This improves retransmission efficiency.

State Machine

TCP connections progress through various states, from CLOSED to ESTABLISHED and eventually back to CLOSED. The state transitions are managed by the TCP state machine, driven by incoming segments and application calls.

Common states include:

  • CLOSED
  • LISTEN
  • SYN-SENT
  • SYN-RECEIVED
  • ESTABLISHED
  • FIN-WAIT-1
  • FIN-WAIT-2
  • CLOSE-WAIT
  • CLOSING
  • LAST-ACK
  • TIME-WAIT

Key Takeaway

TCP is a complex but robust protocol designed for reliable data transfer over the internet. Its internal mechanisms of sequencing, acknowledgments, retransmissions, flow control, and congestion control work together to ensure data integrity and efficient network utilization.

© 2023 Microsoft Corporation. All rights reserved. Document ID: WIN-NET-TCP-INT-001.