IP has many weaknesses, one of which is unreliable packet delivery—packets may be dropped due to transmission errors, bad routes, and/or throughput degradation. The Transmission Control Protocol (TCP) helps reconcile these issues by providing reliable, stream-oriented connections. In fact,
TCP/IP is predominantly based on TCP functionality, which is based on IP, to make up the TCP/IP suite. These features describe a connection-oriented process of communication establishment.
There are many components that result in TCP’s reliable service delivery. Following are some of the main points:
• Streams. Data is systematized and transferred as a stream of bits, organized into 8-bit octets or bytes. As these bits are received, they are passed on in the same manner.
• Buffer Flow Control. As data is passed in streams, protocol software may divide the stream to fill specific buffer sizes. TCP manages this process, and assures avoidance of a buffer overflow. During this process, fast-sending stations may be stopped periodically to keep up with slow-receiving stations.
• Virtual Circuits. When one station requests communication with another, both stations inform their application programs, and agree to communicate. If the link or communications between these stations fail, both stations are made aware of the breakdown and inform their respective software applications. In this case, a coordinated retry is attempted.
• Full Duplex Connectivity. Stream transfer occurs in both directions, simultaneously, to reduce overall network traffic.
Figure 1.15 TCP windowing example. Sequencing and Windowing
TCP organizes and counts bytes in the data stream using a 32-bit sequence number. Every TCP packet contains a starting sequence number (first byte) and an acknowledgment number (last byte). A concept known as a sliding window is implemented to make stream transmissions more efficient. The sliding window uses bandwidth more effectively, because it will allow the transmission of multiple packets before an acknowledgment is required.
Figure 1.15 is a real- world example of the TCP sliding window. In this example, a sender has bytes to send in sequence (1 to 8) to a receiving station with a window size of 4. The sending station places the first 4 bytes in a window and sends them, then waits for an acknowledgment (ACK=5). This acknowledgment specifies that the first 4 bytes were received. Then, assuming its window size is still 4 and that it is also waiting for the next byte (byte 5), the sending station moves the sliding window 4 bytes to the right, and sends bytes 5 to 8. Upon receiving these bytes, the receiving station sends an acknowledgment (ACK=9), indicating it is waiting for byte 9. And the process continues.
At any point, the receiver may indicate a window size of 0, in which case the sender will not send any more bytes until the window size is greater. A typical cause for this occurring is a buffer overflow.
TCP Packet Format and Header Snapshots
Keeping in mind that it is important to differentiate between captured packets—whether they are TCP, UDP, ARP, and so on—take a look at the TCP packet format in Figure 1.16, whose components are defined in the following list:
Figure 1.16 A TCP packet.
Source Port. Specifies the port at which the source processes send/receive TCP services.
Destination Port. Specifies the port at which the destination processes send/receive TCP services.
Sequence Number. Specifies the first byte of data or a reserved sequence number for a future process.
Acknowledgment Number.
The sequence number of the very next byte of data the sender should receive.
Data Offset. The number of 32-bit words in the header. Reserved. Held for future use.
Flags. Control information, such as SYN, ACK, and FIN bits, for connection establishment and termination.
Checksum. Specifies any damage to the header that occurred during transmission.
Urgent Pointer. The optional first urgent byte in a packet, which indicates the end of urgent data.
Options. TCP options, such as the maximum TCP segment size.
Data. Upper- layer information.
Now take a look at the snapshot of a TCP header, shown in Figure 1.17a, and compare it with the fields shown in Figure 1.17b.
Ports, Endpoints, Connection Establishment
TCP enables simultaneous communication between different application programs on a single machine. TCP uses port numbers to distinguish each of the receiving station’s destinations. A pair of endpoints identifies the connection between the two stations, as mentioned earlier. Colloquially, these endpoints are defined as the connection between the two stations’ applications as they communicate; they are defined by TCP as a pair of integers in this format: (host, port). The host is the station’s IP address, and port is the TCP port number on that station. An example of a station’s endpoint is:
206.0.125.81:1026 (host)(port)
An example of two stations’ endpoints during communication is:
STATION 1 STATION 2
206.0.125.81:1022 207.63.129.2:26 (host)(port) (host)(port)
This technology is very important in TCP, as it allows simultaneous communications by assigning separate ports for each station connection.
When a connection is established between two nodes during a TCP session, a three-way handshake is used. This process starts with a one-node TCP request by a SYN/ACK bit, and the second node TCP response with a SYN/ACK bit. At this point, as described previously, communication between the two nodes will proceed. When there is no more data to send, a TCP node may send a FIN bit, indicating a close control signal. At this intersection, both nodes will close simultaneously. Some common and well-known TCP ports and their related connection services are shown in Table B.1 in Appendix B on page 793.
Figure 1.17a Extracted from an HTTP Internet Web server transmission.
Figure 1.17b Extracted from a sliding window sequence transmission.