Everything about The Transmission Control Protocol totally explained
The
Transmission Control Protocol (
TCP) is one of the core protocols of the
Internet protocol suite. TCP provides reliable, in-order delivery of a stream of bytes, making it suitable for applications like
file transfer and
e-mail. It is so important in the Internet protocol suite that sometimes the entire suite is referred to as "the TCP/IP protocol suite." TCP is the transport protocol that manages the individual conversations between web servers and web clients. TCP divides the
HTTP messages into smaller pieces, called
segments, to be sent to the destination client. It is also responsible for controlling the size and rate at which messages are exchanged between the server and the client.
Reason for TCP
The Internet Protocol (IP) works by exchanging groups of information called
packets. Packets are short sequences of
bytes consisting of a header and a body. The header describes the packet's destination, which
routers on the Internet use to pass the packet along, generally in the right direction, until it arrives at its final destination. The body contains the application data.
In cases of congestion, the IP can discard packets, and, for efficiency reasons, two consecutive packets on the Internet can take different routes to the destination. Then, the packets can arrive at the destination in the wrong order.
The TCP software libraries use the IP and provide a simpler interface to applications by hiding most of the underlying packet structures, rearranging out-of-order packets, minimizing network congestion, and re-transmitting discarded packets. Thus, TCP very significantly simplifies the task of writing network applications.
Applicability of TCP
TCP is used extensively by many of the Internet's most popular application protocols and resulting applications, including the
World Wide Web,
E-mail,
File Transfer Protocol,
Secure Shell, and some
streaming media applications.
However, because TCP is optimized for accurate delivery rather than timely delivery, TCP sometimes incurs relatively long delays (in the order of seconds) while waiting for out-of-order messages or retransmissions of lost messages, and it isn't particularly suitable for real-time applications such as
Voice over IP. For such applications, protocols like the
Real-time Transport Protocol (RTP) running over the
User Datagram Protocol (UDP) are usually recommended instead.
TCP is a reliable stream delivery service that guarantees to deliver a stream of data sent from one host to another without duplication or losing data. Since packet transfer isn't reliable, a technique known as positive acknowledgment with retransmission is used to guarantee reliability of packet transfers. This fundamental technique requires the receiver to respond with an acknowledgment message as it receives the data. The sender keeps a record of each packet it sends, and waits for acknowledgment before sending the next packet. The sender also keeps a timer from when the packet was sent, and retransmits a packet if the timer expires. The timer is needed in case a packet becomes lost or corrupt.. This is the
end-to-end principle at work.
Flow control
TCP uses an end-to-end
flow control protocol to avoid having the sender send data too fast for the TCP receiver to reliably receive and process it. Having a mechanism for flow control is essential in an environment where machines of diverse network speeds communicate. For example, when a fast PC sends data to a slow hand-held PDA, the PDA needs to regulate the influx of data, or protocol software would be overrun quickly. This is perhaps the most common method.
It is possible for both hosts to send FINs simultaneously then both just have to ACK. This could possibly be considered a 2-way handshake since the FIN/ACK sequence is done in parallel for both directions.
Some host TCP stacks may implement a "half-duplex" close sequence, as
Linux or
HP-UX do. If such a host actively closes a connection but still hasn't read all the incoming data the stack already received from the link, this host will send a RST instead of a FIN (Section 4.2.2.13 in
RFC 1122
). This allows a TCP application to be sure that the remote application has read all the data the former sent - waiting the FIN from the remote side when it'll actively close the connection. Unfortunatelly, the remote TCP stack can't distinguish between a
Connection Aborting RST and this
Data Loss RST - both will make the remote stack to throw away all the data it received, but the application still didn't read.
Some application protocols may violate the
OSI model layers, using the TCP open/close handshaking for the application protocol open/close handshaking - these may find the RST problem on active close. As an example:
s = connect(remote);
send (s, data);
close(s);
For a usual program flow like above, a TCP/IP stack like that described above doesn't guarantee that all the data will arrive to the other application
unless the programmer is sure that the remote side won't send anything.
Vulnerabilities
Vulnerability to Denial of Service
By using a spoofed IP address and repeatedly sending
purposely assembled SYN packets attackers can cause the server to consume large amounts of resources keeping track of the bogus connections. This is known as a
SYN flood attack. Proposed solutions to this problem include
SYN cookies and Cryptographic puzzles.
Connection hijacking
An attacker who is able to eavesdrop a TCP session and redirect packets can hijack a TCP connection. To do so, the attacker learns the sequence number from the ongoing communication and forges a false packet that looks like the next packet in the stream. Such a simple hijack can result in one packet being erroneously accepted at one end. When the receiving host acknowledges the extra packet to the other side of the connection, synchronization is lost. Hijacking might be combined with ARP or routing attacks that allow taking control of the packet flow, so as to get permanent control of the hijacked TCP connection.
Impersonating a different IP address was possible prior to RFC 1948, when the initial
sequence number was easily guessable. That allowed an attacker to blindly send a sequence of packets that the receiver would believe to come from a different IP address, without the need to deploy ARP or routing attacks: it's enough to ensure that the legitimate host of the impersonated IP address is down, or bring it to that condition using denial of service attacks. This is why the sequence number is chosen at random.
TCP ports
TCP uses the notion of
port numbers to identify sending and receiving application end-points on a host, or
Internet sockets. Each side of a TCP connection has an associated 16-bit unsigned port number (1-65535) reserved by the sending or receiving application. Arriving TCP data packets are identified as belonging to a specific TCP connection by its sockets, that is, the combination of source host address, source port, destination host address, and destination port. This means that a server computer can provide several clients with several services simultaneously, as long as a client takes care of initiating any simultaneous connections to one destination port from different source ports.
Port numbers are categorized into three basic categories: well-known, registered, and dynamic/private. The well-known ports are assigned by the
Internet Assigned Numbers Authority (IANA) and are typically used by system-level or root processes. Well-known applications running as servers and passively listening for connections typically use these ports. Some examples include:
FTP (21),
ssh (22),
TELNET (23),
SMTP (25) and
HTTP (80). Registered ports are typically used by end user applications as ephemeral source ports when contacting servers, but they can also identify named services that have been registered by a third party. Dynamic/private ports can also be used by end user applications, but are less commonly so. Dynamic/private ports don't contain any meaning outside of any particular TCP connection.
Development of TCP
TCP is a complex and evolving protocol. However, while significant enhancements have been made and proposed over the years, its most basic operation hasn't changed significantly since its first specification
RFC 675 in 1974, and the v4 specification RFC 793, published in
September 1981.
(External Link) RFC 1122, Host Requirements for Internet Hosts, clarified a number of TCP protocol implementation requirements. RFC 2581, TCP Congestion Control, one of the most important TCP related RFCs in recent years, describes updated algorithms to be used in order to avoid undue congestion. In 2001, RFC 3168 was written to describe
explicit congestion notification (
ECN), a congestion avoidance signalling mechanism.
The original
TCP congestion avoidance algorithm was known as "TCP Tahoe", but many alternative algorithms have since been proposed (including
TCP Reno,
Vegas,
FAST TCP, New Reno, and Hybla).
Another scheme looked how to engineer various extensions into TCP.
TCP Interactive (iTCP) allows applications to subscribe to TCP events and respond accordingly enabling various functional extensions to TCP from outside TCP layer including application assisted congestion control.
TCP over wireless
TCP has been optimized for wired networks. Any
packet loss is considered to be the result of congestion and the congestion window size is reduced dramatically as a precaution. However, wireless links are known to experience sporadic and usually temporary losses due to fading, shadowing, hand off, and other radio effects, that can't be considered congestion. After the (erroneous) back-off of the congestion window size, due to wireless packet loss, there can be a congestion avoidance phase with a conservative decrease in window size. This causes the radio link to be underutilized. Extensive research has been done on the subject of how to combat these harmful effects. Suggested solutions can be categorized as end-to-end solutions (which require modifications at the client and/or server), link layer solutions (such as
RLP in
CDMA2000), or proxy based solutions (which require some changes in the network without modifying end nodes).
Hardware TCP implementations
One way to overcome the processing power requirements of TCP is to build hardware implementations of it, widely known as
TCP Offload Engines (TOE). The main problem of TOEs is that they're hard to integrate into computing systems, requiring extensive changes in the operating system of the computer or device. The first company to develop such a device was
Alacritech.
Debugging TCP
A
packet sniffer, which intercepts TCP traffic on a network link, can be useful in debugging networks, network stacks and applications which use TCP by showing the user what packets are passing through a link. Some networking stacks support the SO_DEBUG socket option, which can be enabled on the socket using setsockopt. That option dumps all the packets, TCP states and events on that socket which will be helpful in debugging.
netstat is another utility that can be used for debugging.
Alternatives to TCP
For many applications TCP isn't appropriate. One big problem (at least with normal implementations) is that the application can't get at the packets coming after a lost packet until the retransmitted copy of the lost packet is received. This causes problems for real-time applications such as streaming multimedia (such as
Internet radio), real-time multiplayer games and
voice over IP (VoIP) where it's sometimes more useful to get most of the data in a timely fashion than it's to get all of the data in order.
For both historical and performance reasons, most
storage area networks (SANs) prefer to use
Fibre Channel protocol (FCP) instead of TCP/IP.
Also for
embedded systems,
network booting and servers that serve simple requests from huge numbers of clients (for example
DNS servers) the complexity of TCP can be a problem. Finally some tricks such as transmitting data between two hosts that are both behind
NAT (using
STUN or similar systems) are far simpler without a relatively complex protocol like TCP in the way.
Generally where TCP is unsuitable the
User Datagram Protocol (UDP) is used. This provides the application
multiplexing and checksums that TCP does, but doesn't handle building streams or retransmission giving the application developer the ability to code those in a way suitable for the situation and/or to replace them with other methods like
forward error correction or
interpolation.
SCTP is another IP protocol that provides reliable stream oriented services not so dissimilar from TCP. It is newer and considerably more complex than TCP so hasn't yet seen widespread deployment. However, it's especially designed to be used in situations where reliability and near-real-time considerations are important.
Venturi Transport Protocol (VTP) is a patented proprietary protocol that's designed to replace TCP transparently in order to overcome perceived inefficiencies related to wireless data transport.
TCP also has some issues in high bandwidth utilization environments. The
TCP congestion avoidance algorithm works very well for ad-hoc environments where it isn't known who will be sending data, but if the environment is predictable, a timing based protocol such as
ATM can avoid the overhead of the retransmits that TCP needs.
Fields used to compute the checksum
TCP checksum using IPv4
When TCP runs over
IPv4, the method used to compute the checksum is defined in RFC 793:
» The checksum field is the 16 bit one's complement of the one's complement sum of all 16-bit words in the header and text. If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16-bit word for checksum purposes. The pad isn't transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.
In other words, all 16-bit words are summed together using
one's complement (with the checksum field set to zero). The sum is then one's complemented. This final value is then inserted as the checksum field. Algorithmically speaking, this is the same as for
IPv6. The difference is in the data used to make the checksum. When computing the checksum, a pseudo-header that mimics the IPv4 header is shown in the table below.
| Bit offset |
Bits 0–3 |
4–7 |
8–15 |
16–31 |
| 0 | Source address
|
| 32 | Destination address
|
| 64 | Zeros |
Protocol |
TCP length
|
| 96 | Source port |
Destination port
|
| 128 | Sequence number
|
| 160 | Acknowledgement number
|
| 192 | Data offset |
Reserved |
Flags |
Window
|
| 224 | Checksum |
Urgent pointer
|
| 256 | Options (optional)
|
| 256/288+ |
Data
|
The source and destination addresses are those in the IPv4 header. The protocol is that for TCP (
see List of IPv4 protocol numbers): 6. The TCP length field is the length of the TCP header and data.
TCP checksum using IPv6
When TCP runs over
IPv6, the method used to compute the checksum is changed, as per RFC 2460:
» Any transport or other upper-layer protocol that includes the addresses from the IP header in its checksum computation must be modified for use over IPv6, to include the 128-bit IPv6 addresses instead of 32-bit IPv4 addresses.
When computing the checksum, a pseudo-header that mimics the IPv6 header is shown in the table below.
| Bit offset |
Bits 0 - 7 |
8–15 |
16–23 |
24–31 |
| 0 | Source address
|
| 32 |
| 64 |
| 96 |
| 128 | Destination address
|
| 160 |
| 192 |
| 224 |
| 256 | TCP length
|
| 288 | Zeros |
Next header
|
| 320 | Source port |
Destination port
|
| 352 | Sequence number
|
| 384 | Acknowledgement number
|
| 416 | Data offset |
Reserved |
Flags |
Window
|
| 448 | Checksum |
Urgent pointer
|
| 480 | Options (optional)
|
| 480/512+ |
Data
|
Source address – the one in the IPv6 header
Destination address – the final destination; if the IPv6 packet doesn't contain a Routing header, that will be the destination address in the IPv6 header, otherwise, at the originating node, it'll be the address in the last element of the Routing header, and, at the receiving node, it'll be the destination address in the IPv6 header.
TCP length – the length of the TCP header and data;
Next Header – the protocol value for TCPFurther Information
Get more info on 'Transmission Control Protocol'.
|
External Link Exchanges
Do you know how hard it is to get a link from a large encyclopaedia? Well we're different and will prove it. To get a link from us just add the following HTML to your site on a relevant page:
<a href="http://transmission_control_protocol.totallyexplained.com">Transmission Control Protocol Totally Explained</a>
Then simply click through this link from your web page. Our crawlers will verify your link, extract the title of your web page and instantly add a link back to it. If you like you can remove the words Totally Explained and embed the link in article text.
As long as your link remains in place, we'll keep our link to you right here. Please play fair - our crawlers are watching. Your site must be closely related to this one's topic. Any kind of spamming, dubious practises or removing the link will result in your link from us being dropped and, potentially, your whole site being banned. |
