Transmission Control Protocol (TCP) is a connection-oriented Layer 4 (Transport Layer) protocol. “Connection-oriented” means that it establishes and maintains a connection before any data exchange can occur, which enforces reliability.
A TCP connection is established through the TCP three-way handshake, a three-step connection initiation process that we will also look into. Thanks to this connection initiation and maintenance, TCP is more reliable than other Transport Layer protocols, such as UDP.
Although this post primarily focuses on TCP, here is a brief summary of UDP for quick comparison:
User Datagram Protocol (UDP) is a connectionless and lightweight transport protocol that prioritizes speed over reliability in data transmission. Unlike TCP, UDP does not establish a formal connection with the receiver; instead, it just transmits data without guaranteeing reliability or error correction.
TCP Header
The TCP header contains various fields that provide essential information for establishing, maintaining, and terminating reliable connections between devices. It consists of 11 fields:
| Field | Description |
|---|---|
| Source Port | The port from which data is being sent |
| Destination Port | The port where data is being sent |
| Sequence Number | Maintains the order of transmitted data segments |
| Acknowledgment Number | Acknowledges receipt and indicates the next expected sequence number |
| Data Offset (DO) | 4-bit field indicating the length of the TCP header |
| RSV | Reserved field, always set to 0 |
| Window | How much data the receiver can accept |
| Checksum | Used to detect errors in TCP packets |
| Urgent Pointer | Indicates data should be delivered as quickly as possible |
| Options | Optional field ranging from 0 to 320 bits |
| Flags (Control Bits) | 9 bits used to control or describe the TCP connection state |
Acknowledgment & Sequence Numbers are used by the client and server to track what has been sent and received. Sequence numbers are randomly chosen when a connection starts (between 0 and 4,294,967,295), and increment with each segment. Tools like Wireshark may simplify this by displaying relative sequence numbers starting from 0.
TCP Control Bits (Flags)
| Flag | Description |
|---|---|
| SYN | Initiates a TCP connection and synchronizes sequence numbers. Seen during the three-way handshake. |
| ACK | Acknowledges received packets. |
| RST | Immediately tears down a connection. Often sent in response to unexpected traffic. |
| FIN | Politely terminates a connection. Unlike RST, it doesn’t kill the connection instantly. |
TCP Three-Way Handshake
To establish a reliable connection between a client and server, TCP uses the three-way handshake. This process ensures that both parties are ready to transmit and receive data.
- SYN — The client sends a SYN packet to the server to initiate the connection and propose an initial sequence number.
- SYN-ACK — The server responds with a SYN-ACK, acknowledging the client’s SYN and sending its own sequence number.
- ACK — The client sends back an ACK to acknowledge the server’s SYN-ACK. The connection is now established.
This handshake ensures that both hosts agree on starting sequence numbers and are ready to begin communication. It also confirms bidirectional readiness.
TCP Connection Termination
Ending a TCP connection is also a controlled process. Either side can initiate the termination. It typically follows a four-step graceful close:
- FIN — One host sends a FIN to indicate it has finished sending data.
- ACK — The receiving host acknowledges the FIN.
- FIN — The receiving host sends its own FIN to close the connection on its side.
- ACK — The original host acknowledges the second FIN. Connection fully closed.
Additional Notes
- Retransmission — TCP ensures reliability through retransmission of lost packets.
- Flow control — Managed by the window size field to prevent overwhelming the receiver.
- Congestion control — TCP dynamically adjusts transmission rates based on network congestion signals.
Summary
TCP is a robust, connection-oriented protocol that underpins reliable communication on the internet. From its structured header to the three-way handshake and orderly termination process, TCP guarantees data delivery, ordering, and integrity — making it essential for services like HTTP/HTTPS, SSH, FTP, and more.
Understanding TCP’s internals, especially its control bits, sequencing, and handshakes, is crucial for analyzing traffic, diagnosing network issues, and building secure, reliable systems.