Top Ad unit 728 × 90

07: Transport layer - TCP header (Transmission Control Protocol) detailed explanation part 7

Each of the four bottom layers has a header(s) that contains information about the source and destination machines and network-related stuff. This lesson covers the TCP header which is generated at the Transport layer. You may be asking how TCP header is like ! do not freak ! it is very simple, you need just concentrate while reading this lesson. See the following figure to get started.

The three upper layers have no headers, they rather generate data which is encapsulated with TCP header at the Transport layer. DATA+TCP header (or UDP header)= Segment (Transport layer PDU). The above figure shows data arrived at the Transport layer, then it is added TCP header. This header encompasses an array of fields, each field is responsible for a task in data transmission. So, it is of paramount importance to dissect TCP header by showing its components and how they contribute in networking. The following is the TCP header.

The fields shown in the above figure are all TCP header components. Understanding the functions of each field largely aids in grasping  and analysing data in some software programs like wireshark. There are some fields which you are already familiar with, such as, Ports, Sequencing, ACK . However, they are explained for the purpose of creating a complete image of TCP header.

Source and destination ports :

The first two fields are allocated to source port and destination port. They are assigned 16 Bits (2 Bytes) for each. Thus one field of 16 Bits identifies the source port and the other, whose size is also 16 Bits ,identifies the destination. We have already said that well-known ports are ranged from 0 to 1023, registered ports are from 1024 to 49151, and dynamic or private ports are from 49152 to 65535. The reason behind stopping at the number 65535 for port numbers is because of the fact that one field of either source or destination ports is given 16 Bits. And 2 to the power of 16 gives 65535. For more detail see Port addressing lesson.

Sequence numbers :

The next field is for sequence number, whose size is 32 Bits (4 Bytes). Although it is already explained, it is of help to you to have it expounded again. As already elucidated, when data arrives at the Transport layer, it is divided into segments, and each segment is assigned a sequence number so that if the segments take different routes and arrive at the destination machine in a disorderly way ( arriving before its preceding segments), they will automatically be arranged thanks to the sequence numbers. It also makes acknowledgment easier as you will see after.
Acknowledgment number :

Acknowledgment number is used to make sure that data segments are successfully delivered and also to inform the sender that the last segment is received and waiting for the following segment. In other words, acknowledgment number indicates the next sequence number that the receiving device is expecting from the sender.

Header length or data offset :

This field is responsible for distinguishing the actual data from TCP header. It is called header length as well as data offset. This field is assigned 4 Bits. The idea of this field is that data is originally zeros and ones, so it is difficult to discern which set of zeros and ones are for TCP header and which zeros and ones are for the actual data because they are all seem a stream of bits. Thanks to this field, a given network device will be able to indicate where the actual data begins and ends.
Reserved :

This field is called Reserved because of the fact that it is reserved for future use. It should be set to zeros. It is assigned 6 Bits.

Flags :

The next field consists of six flags which are URG, ACK, PSH, RST, SYN, and FIN. Each one is assigned 1 Bits. These flags play a very significant role in the transmission of data. Let us start with the first flag which is URG


URG stands for urgent. It is used to identify the incoming data segments as urgent. Such incoming data segments do not wait until the previous segments are consumed by the receiver but are sent directly and processed  right away. To make it plain for you, consider this example of analogy :

The above figure shows a group of people waiting in a queue for a service. All of these people are lining up one abreast to wait their turn to benefit from a service that the office provides. Suddenly a woman joins the queue. She has an urgent problem and the queue ends up being quite long. As a result, the security officer, whose job is to make sure that no one jumps the queue, sees the woman with urgent problem and knows she has something important that needs to be dealt with urgently. By following the normal procedures, the security officer signals to the woman to skip the queue and go all the way up to the front giving her priority over the others. In the example these people represent the segments that arrive at their destination and are queued in the buffer to be processed, while the woman with urgent problem is the segment with the urgent pointer flag set.  From this example you can now know how urgent works.
Now let us move to explain it in network terms. We said that each computer has a buffer (temporary or virtual memory). We also said that when the sender sends data segments to the receiver, it is automatically stored in the buffer, and each buffer has a certain size which cannot be exceeded. So all data segments  is  buffered in the sender’ computer until it gets a certain size in order to leave. Now, what if the sending device requested a service like telnet whose size per request or command is, for example, 3 Bytes and the buffer’s size is 30 Bytes. The problem is that the  buffer will not let the data segments leave until it gets 30 Bytes. In this case, requesting such services would be impossible because telnet will take only 3 Bytes in the buffer. The resolution is that the sender will send the telnet request data segments with URG flag to at once leave and the receiving machine will give those specific segments priority by processing them immediately. If the URG is 1, it means that the URG flag is set and that the urgent segments is significant, but if the URG is 0, it indicates that there is no urgent segments.


ACK flag stands for acknowledgment. It indicates that the ACK field is significant. Briefly, ack flag is used to acknowledge the successful receipt of data. It is already explained, see acknowledgment lesson.


PSH flag stands for push. This flag has, to all intents and purposes, the same aim as URG flag. It exists to ensure that data segments are given the priority that it deserves and processed at the sending or receiving end. 

By using PSH flag, TCP allows the sending application to specify the data segments to be immediately pushed. When an application requests the TCP to push data segments, it should send all data segments that has accumulated without waiting until the buffer if filled. There are a whole lot of instances where the accumulation of data in buffer is undesirable because any delay may cause problems to the waiting application. A simple example would be VLC media player or real player wherein data must be sent and processed immediately to ensure a smooth stream without any cut offs.


RST flag stands for reset. The reset flag is used when segments that are not intended for a given connection arrive at the destination. Put another way, if a set of segments are sent to a particular destination in order to establish a connection and there is no such service awaiting to answer at the remote host, it (destination) will automatically reject the request and then send a reply with RST flag set, which signifies that the remote host has reset the connection.


The next flag contained in TCP header is SYN which stands for synchronization. SYN is sent at the very beginning during the establishment of a connection between the sender and receiver through the classical three-way handshake. The following figure shows the establishement of connection through three-way handshake which includes SYNs.


The last flag is FIN which stands for finish. This flag is used to terminate the virtual connection (or circuit) already created using the previous SYN flag. It takes place in the following way.

The above figure represents an existing connection between PC1 and PC2, where the two hosts are exchanging data. Once data transmission is completed, PC1 sends a TCP header with FIN flag set to inform the PC2 that it needs to close the connection. PC2, in turn, sends a TCP header with ACK/FIN flag set to acknowlege killing the connection, then, it sends another TCP header with FIN flag set to notify the PC1 application that the connection is no longer available. Lastly, PC1 sends TCP header with ACK/FIN flag set to definitely tear down the (virtual circuit) connection.

Window size :

Though window size is previously expounded, it is of crucial importance to have it explained again in the context of TCP header. The field’s size is 16 Bits. It is one of the most significant fields within TCP header. It exists for the purpose of indicating to the receiver the amount of data that the sender is able to accept. Regardless of who the sender or receiver is, this field is always there. It uses ‘Bytes’ as a metric. Consider the following figure.

Simply put, the window size specifies how much data to be transmitted is suitable for both the sender and receiver. When they first initiate a connection, they agree upon a certain size of data after some calculations. In the above figure the agreed-upon size is 64 Mega Bytes. After sending a data segment of 64 Mega Bytes, an acknowledgment must be sent back in order to send the next segment.

Checksum :

The next field is checksum whose size is 6 Bits. The TCP checksum field was created to ensure that data segments which reached the destination are intact and error-free. The following figure gives you an example of checksum.

Let us suppose that the source creates a data segment to send it to the destination. Before sending that segment some checksum calculations are done ; as a results, the binary code is generated which is the checksum. The code 010101010010 is then attached to the data in the TCP header checksum field and sent to the destination. When the segment arrives at the destination, it de-encapsulates it and checks the code included in the TCP header. The destination, in turn, does checksum calculation, so if the code resulted from the destination’s checksum calculation matches the one contained the TCP header, it signifies that the data segment is intact and error-free. In contrary, if the destination’s checksum code does not match the one encompassed in the TCP header, that indicates that the data segment is corrupted and damaged. Because during wireless or wired transmission, data can be affected by noise which itself adds extra bits that leads to the corruption of data. It is important to point out that checksum adds a header called ‘Pseudo header’ to TCP header but it is not sent, it is rather used to help checksum calculation. See the following figure.

This (Pseudo header) header is created both at the sender and receiver. The receiver recreates it again to perform the same  calculation to see if the data segments arrive are error-free or not.
N.B . The inclusion of SRC and DST ip addresses is just for the purpose of making calculations.

Urgent pointer :

Urgent pointer is also 16 Bits. It springs into action when URG flag is set to 1. The flag indicates that there are  data segments to be processed urgently. The Urgent pointer is responsible for pointing where the urgent data segments start and end.

Thanks to Urgent pointer, the position of urgent data is easily identified. In the above figure the urgent data is referred to by the code 0x5681, which means that data segments whose value is 0x5681 will be given priority in order to be processed first.

Options :

Options, whose size is 32 Bits, is a field located at the end of TCP header and right before The data field. It is there to make use of new enhancements, if there are any, recommended by engineers whose job is protocols development. Options field encompasses MSS (Maximum Segment Size), Window scaling, SACK (Selective Acknowledgment), Time stamps, Nop.

MSS (Maximum Segment Size)

To start with, MSS is the highest and largest amount of data, specified in bytes, that two end devices can handle at a time. In other words, MSS is used to define the maximum segment that will be used between two hosts during a connection. This option springs into action when the connection is first initiated during three-way handshake.

A TCP header plus DATA are called segment, while an IP header plus a segment are called IP diagram, however we are not concerned with IP header now. We will thouroughly cover it in the network layer. The default TCP MSS segment size is 536 Bytes, but two end devices can agree upon a different size other than 536 ; what is more is that the agreed upon size cannot be changed once a connection is established.

Window scaling :

By understanding window size, window scaling will be much easier to grasp because of the fact that it is an extention to window size flag. The largest possible value in the window size flag is only 65535 Bytes, so window scaling was developed to enhance data transmission over the network. The window scaling size option can be a maximum of 30 bits in size, which includes the original 16 bits of window size field. Thus, the 16 bits of the original window size field plus 14 bits of the window scaling option gives 30 bits in total.

Window scaling was designed for the purpose of solving the problem of high-latency (= it means the delay that happens in data transmission over a network) and high-bandwidth (= it means the amount of data that can be carried by a digital communication medium) vis-à-vis the small amount of data that causes intervening time between sending and reception.

High-bandwidth WAN links where window size is limited can leads to low quality performance. Consider the following figure.

The above figure shows 4 data segments being transmitted from the source to the destination over a fast WAN link ( with high-bandwidth) with high-latency by using the maximum possible window size of 65535 Bytes. The link can carry too much data because of its high-bandwidth ( as seen in the picture, there are four data segments, two abreast. It is represented by the height of the link), but it will take too much time for those four data segments to arrive at the destination. As shown in the figure, When they are put on wire to be transmitted, they propagate with no other data segments coming after them until they arrive to the destination. Then, the ACK is sent back to acknowlege reception of the whole data segments. They are the only data segments on wire. Simply put, the other data segments will be in transmission when the previous ones are received at the destination.

So , the problem is solved by virtue of window scaling. It increases the size of the window to a size that will lead to better performance. Consider this figure which is a far cry from the previous one.

The above figure shows a close example of window scaling. This time, window size is increased to 120 000 Bytes which results in high-performance data transmission and no high-latency. Because of the large window size, the destination has already received some data segments, which allows it to send ACK back to the source. Thanks to window scaling, the transmission of data flows smoothly and it does not cease.

SACK (selective acknowledgment) :

To understand SACK or selective acknowledgment, one has to be aware of (the previously explained) acknowledgment. Troubles may sometimes appears during acknowledgment process. See this figure with a problem in ACK.

In the above figure, after sending the four segments , the receiver has acknowleged the first one (seg1) because during the transmission of seg2, a problem occurs and the segment is lost. In normal ACK, the receiver will send ACK1 to inform the sender that the seg1 is received and that seg2 is being awaited. The sender will automatically send seg2, 3, and 4. Up to now there is a big problem, which is , the sender sends seg2, 3, and 4, but the the last two segments are already received, they will be duplicated at the receiver buffer. To solve this problem, selective acknowledgment was developed. Consider the following figure.

This time, the source transmits 4 segments to the destination, and the seg2 is lost again. What will the receiver do in this case ? the answer is that it will make use of SACK. It will use selective acknowledgment by sending ACK1 to inform the sender that the first segment is received and that seg2 must be sent, but do not send me seg 3 and 4 because I have already received them. So, the sender will send seg2 and the receiver will acknowledge seg4 to continue transmitting the next segments.

Time stamps :

The next option is Time Stamp, 4 Bytes long. It is simply a timer whose function is to set a time within which an ACK must be sent by the receiver. If the timer expires and no ACK is sent back, the sender will automatically retransmit the same segment, because every network has unique latency characteristics and TCP has to understand them in order to set accurate ACK timer threshold values. For example, LANs have low latency times, and as such TCP can use low values for ACK times. The following figure clarifies all that.

During the establishement of a connection, the sender and receiver agree upon a specific period of time for the timer to expire. The above figure shows the process of how a timer is set. There is a segment with a timer attached sent by the source to the destination ; likewise, the destination transmits back an ACK seg with a timer attached. The time that the segment, which is called echo request, takes to arrive at the destination, and for the ACK segment, which is referred to as echo reply, to arrive at the source is the resulting time that if it is exceeded, the same segment sent by the source will be sent again. It is known as RTT (round-trip delay), which means that the agreed upon time is set after sending the first segment and receiving the first ACK segment ( the time that the segments take back and forth is RTT, which is itself the time that must not be exceeded). Put another way, let us assume that the resulting time (RTT) is 2 ms, thus if the ACK segment is not received at the source before this time, the same segment (sent by the source) will be sent again.

NOP (NO Operation):

This option is used provide padding around the other options. The length of the TCP header must be a multiple of 4 Bytes ; however , most of the options are not 4 Bytes long. If the total length of the options is not a 4 Bytes multiple, one or more 1 Bytes NOPs will be added to the options in order to adjust the overall length. For instance, if options are 6 Bytes, two NOPs will be added to become 8 Bytes.

Padding :

The last field of TCP header is Padding field. It is used to fill up the TCP header with zeros and make it even multiple of 32 Bits. If the TCP header is not a multiple of 32 Bits in length, enough zeros are added to pad the header to become a multiple of 32 Bits.
07: Transport layer - TCP header (Transmission Control Protocol) detailed explanation part 7 Reviewed by BOUFTIRA on 7:25:00 AM Rating: 5

No comments:

All Rights Reserved by Computer Networks For All © 2015 - 2017

Contact Form


Email *

Message *

Powered by Blogger.