Provided by Colasoft Co., Ltd.
Home | Protocols | Packet Samples | Tools | RFCs | Glossary | Resource

TCP ( Transmission Control Protocol )

Home > Protocols > TCP Update: 2005-11-10 16:11:46    I have words to say about this protocol
On this page
SUMMARY
Protocol : Transmission Control Protocol
Protocol suite : TCP/IP
Layer : Transport Layer
Type : Connection oriented byte stream protocol
Latest Version : 6
SNMP MIBs : iso.org.dod.internet.mgmt.mib-2.tcp (1.3.6.1.2.1.6).
iso.org.dod.internet.mgmt.mib-2.tcpMIB (1.3.6.1.2.1.49)
Related protocols : IP,
IPv6,
UDP,
ICMP,
FTP,
TELNET,
SMTP,
ARP,
RARP,
RPC
Working groups : Pilc, Performance Implications of Link Characteristics
Tcpimpl, TCP Implementation
Tcpm, TCP Maintenance and Minor Extensions
Tsvwg, Transport Area Working Group
DESCRIPTION
TCP is typically used by applications that require guaranteed delivery. It is a sliding window protocol that provides handling for both timeouts and retransmissions.

TCP provides a reliable stream delivery and virtual connection service to applications through the use of sequenced acknowledgment with retransmission of packets when necessary. TCP establishes a full duplex virtual connection between two endpoints. Each endpoint is defined by an IP address and a TCP port number and is implemented as a finite state machine.The protocol suite gets its name because most TCP/IP protocols are based on TCP, which is in turn based on IP. TCP and IP are the twin pillars of TCP/IP.

Operation
The primary purpose of the TCP is to provide reliable, securable logical circuit or connection service between pairs of processes. To provide this service on top of a less reliable internet communication system requires facilities in the following areas:

  • Basic Data Transfer

    • The TCP is able to transfer a continuous stream of octets in each direction between its users by packaging some number of octets into segments for transmission through the internet system. In general, the TCPs decide when to block and forward data at their own convenience.

    Sometimes users need to be sure that all the data they have submitted to the TCP has been transmitted. For this purpose a push function is defined. To assure that data submitted to a TCP is actually transmitted the sending user indicates that it should be pushed through to the receiving user. A push causes the TCPs to promptly forward and deliver data up to that point to the receiver. The exact push point might not be visible to the receiving user and the push function does not supply a record boundary marker.

  • TCP Reliability

    • TCP reliability depends upon the existence of a bound on the lifetime of a segment: the "Maximum Segment Lifetime" or MSL. An MSL is generally required by any reliable transport protocol, since every sequence number field must be finite, and therefore any sequence number may eventually be reused. In the Internet protocol suite, the MSL bound is enforced by an IP-layer mechanism, the "Time-to-Live" or TTL field.
    Duplication of sequence numbers might happen in either of two ways:
    • Sequence number wrap-around on the current connection
      A TCP sequence number contains 32 bits. At a high enough transfer rate, the 32-bit sequence space may be "wrapped" (cycled) within the time that a segment is delayed in queues.


    • Earlier incarnation of the connection
      Suppose that a connection terminates, either by a proper close sequence or due to a host crash, and the same connection (i.e., using the same pair of sockets) is immediately reopened. A delayed segment from the terminated connection could fall within the current window for the new incarnation and be accepted as valid.

  • Flow Control

    • TCP provides a means for the receiver to govern the amount of data sent by the sender. This is achieved by returning a "window" with every ACK indicating a range of acceptable sequence numbers beyond the last segment successfully received. The window indicates an allowed number of octets that the sender may transmit before receiving further permission.

  • Multiplexing

    • To allow for many processes within a single Host to use TCP communication facilities simultaneously, the TCP provides a set of addresses or ports within each host. Concatenated with the network and host addresses from the internet communication layer, this forms a socket. A pair of sockets uniquely identifies each connection. That is, a socket may be simultaneously used in multiple connections.
    The binding of ports to processes is handled independently by each Host. However, it proves useful to attach frequently used processes (e.g., a "logger" or timesharing service) to fixed sockets which are made known to the public. These services can then be accessed through the known addresses. Establishing and learning the port addresses of other processes may involve more dynamic mechanisms.

  • Connections

    • The reliability and flow control mechanisms described above require that TCPs initialize and maintain certain status information for each data stream. The combination of this information, including sockets, sequence numbers, and window sizes, is called a connection. Each connection is uniquely specified by a pair of sockets identifying its two sides.
    When two processes wish to communicate, their TCP's must first establish a connection (initialize the status information on each side). When their communication is complete, the connection is terminated or closed to free the resources for other uses.
    Since connections must be established between unreliable hosts and over the unreliable internet communication system, a handshake mechanism with clock-based sequence numbers is used to avoid erroneous initialization of connections.

  • Precedence and Security

    • The users of TCP may indicate the security and precedence of their communication. Provision is made for default values to be used when these features are not needed.


Full-duplex Operation
No matter what the particular application, TCP almost always operates full-duplex. The algorithms described below operate in both directions, in an almost completely independent manner. It's sometimes useful to think of a TCP session as two independent byte streams, traveling in opposite directions. No TCP mechanism exists to associate data in the forward and reverse byte streams. Only during connection start and close sequences can TCP exhibit asymmetric behavior (i.e. data transfer in the forward direction but not in the reverse, or vice versa).

Window Size and Buffering
Each endpoint of a TCP connection will have a buffer for storing data that is transmitted over the network before the application is ready to read the data. This lets network transfers take place while applications are busy with other processing, improving overall performance.

To avoid overflowing the buffer, TCP sets a Window Size field in each packet it transmits. This field contains the amount of data that may be transmitted into the buffer. If this number falls to zero, the remote TCP can send no more data. It must wait until buffer space becomes available and it receives a packet announcing a non-zero window size.

Sometimes, the buffer space is too small. This happens when the network's bandwidth-delay product exceeds the buffer size. The simplest solution is to increase the buffer, but for extreme cases the protocol itself becomes the bottleneck (because it doesn't support a large enough Window Size). Under these conditions, the network is termed an LFN (Long Fat Network - pronounced elephant).

Round-Trip Time Estimation
When a host transmits a TCP packet to its peer, it must wait a period of time for an acknowledgment. If the reply does not come within the expected period, the packet is assumed to have been lost and the data is retransmitted. The obvious question - How long do we wait? - lacks a simple answer. Over an Ethernet, no more than a few microseconds should be needed for a reply. If the traffic must flow over the wide-area Internet, a second or two might be reasonable during peak utilization times. If we're talking to an instrument package on a satellite hurtling toward Mars, minutes might be required before a reply. There is no one answer to the question - How long?

All modern TCP implementations seek to answer this question by monitoring the normal exchange of data packets and developing an estimate of how long is "too long". This process is called Round-Trip Time (RTT) estimation. RTT estimates are one of the most important performance parameters in a TCP exchange, especially when you consider that on an indefinitely large transfer, all TCP implementations eventually drop packets and retransmit them, no matter how good the quality of the link. If the RTT estimate is too low, packets are retransmitted unnecessarily; if too high, the connection can sit idle while the host waits to timeout.

The TCP Header Structure

16

32 bits

Source port

Destination port

Sequence number

Acknowledgement number

Offset

Reserved

U

A

P

R

S

F

Window

Checksum

Urgent pointer

Option + Padding

Data


  • Source Port

    • 16 bits. Source port number.

  • Destination Port

    • 16 bits. Destination port number.

  • Sequence Number

    • 32 bits. The sequence number of the first data octet in this segment (except when SYN is present). If SYN is present, the sequence number is the initial sequence number (ISN) and the first data octet is ISN+1.

  • Acknowledgment Number

    • 32 bits. If the ACK control bit is set, this field contains the value of the next sequence number which the sender of the segment is expecting to receive. Once a connection is established, this value is always sent.

  • Data Offset

    • 4 bits. The number of 32-bit words in the TCP header. This indicates where the data begins. The length of the TCP header is always a multiple of 32 bits.

  • Reserved

    • 6 bits. Reserved for future use. Must be cleared to zero.

  • Control

    • 6 bits. The control bits may be (from right to left):
    U (URG)Urgent pointer field significant.
    A (ACK)Acknowledgment field significant.
    P (PSH)Push function.
    R (RST) Reset the connection.
    S (SYN)Synchronize sequence numbers.
    F (FIN)No more data from sender.

  • Window

    • 16 bits. It specifies the size of the sender's receive window, that is, the buffer space available in octets for incoming data.

  • Checksum

    • 16 bits. The checksum field is the 16 bit one¡¯s complement of the one¡¯s complement sum of all 16-bit words in the header and text. If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16-bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.

  • Urgent Pointer

    • 16 bits. This field communicates the current value of the urgent pointer as a positive offset from the sequence number in this segment. The urgent pointer points to the sequence number of the octet following the urgent data. This field can only be interpreted in segments for which the URG control bit has been set.

  • Options

    • Options may be transmitted at the end of the TCP header and always have a length which is a multiple of 8 bits. All options are included in the checksum. An option may begin on any octet boundary.
    There are two possible formats for an option:
    • A single octet of option type.

    • An octet of option type, an octet of option length, and the actual option data octets.

    The option length includes the option type and option length, as well as the option data octets. The list of options may be shorter than that designated by the data offset field because the contents of the header beyond the End-of-Option option must be header padding i.e., zero.

  • Padding

    • Variable length. The TCP header padding is used to ensure that the TCP header ends and data begins on a 32 bit boundary. The padding is composed of zeros. The TCP header must be padded with zeros to make the header length a multiple of 32 bits.
    KindLengthDescription
    01End of option list.
    11No operation.
    24Maximum Segment Size.
    33Window scale factor.
    42SACK permitted.
    5Variable.SACK.
    66Echo.
    76Echo reply.
    810Timestamp.
    92Partial Order Connection Permitted.
    103Partial Order Service Profile.
    116CC, Connection Count.
    126CC.NEW
    136CC.ECHO
    143TCP Alternate Checksum Request.
    15Variable.TCP Alternate Checksum Data.
    16 Skeeter.
    17 Bubba.
    183Trailer Checksum Option.
    1918MD5 signature.
    20 SCPS Capabilities.
    21 Selective Negative Acknowledgements.
    22 Record Boundaries.
    23 Corruption experienced.
    24 SNAP.
    25
    26 TCP Compression Filter.

  • Data

    • Variable length. TCP data or higher layer protocol.


TCP Connection State Diagram 

                              +---------+ ---------      active OPEN  

                              |  CLOSED |                -----------  

                              +---------+<---------      create TCB  

                                |     ^                   snd SYN    

                   passive OPEN |     |   CLOSE                      

                   ------------ |     | ----------                   

                    create TCB  |     | delete TCB                   

                                V     |                              

                              +---------+            CLOSE    |       

                              |  LISTEN |          ---------- |     |  

                              +---------+          delete TCB |     |  

                   rcv SYN      |     |     SEND              |     |  

                  -----------   |     |    -------            |     V  

 +---------+      snd SYN,ACK  /          snd SYN          +---------+

 |         |<-----------------           ------------------>|         |

 |   SYN   |                    rcv SYN                     |   SYN   |

 |   RCVD  |<-----------------------------------------------|   SENT  |

 |         |                    snd ACK                     |         |

 |         |------------------           -------------------|         |

 +---------+   rcv ACK of SYN         /  rcv SYN,ACK       +---------+

   |           --------------   |     |   -----------                  

   |                  x         |     |     snd ACK                    

   |                            V     V                                

   |  CLOSE                   +---------+                              

   | -------                  |  ESTAB  |                              

   | snd FIN                  +---------+                              

   |                   CLOSE    |     |    rcv FIN                     

   V                  -------   |     |    -------                     

 +---------+          snd FIN  /          snd ACK          +---------+

 |  FIN    |<-----------------           ------------------>|  CLOSE  |

 | WAIT-1  |------------------                              |   WAIT  |

 +---------+          rcv FIN                              +---------+

   | rcv ACK of FIN   -------   |                            CLOSE  |  

   | --------------   snd ACK   |                           ------- |  

   V        x                   V                           snd FIN V  

 +---------+                  +---------+                   +---------+

 |FINWAIT-2|                  | CLOSING |                   | LAST-ACK|

 +---------+                  +---------+                   +---------+

   |                rcv ACK of FIN |                 rcv ACK of FIN |  

   |  rcv FIN       -------------- |    Timeout=2MSL -------------- |  

   |  -------              x       V    ------------        x       V  

     snd ACK                 +---------+delete TCB         +---------+

     ------------------------>|TIME WAIT|------------------>| CLOSED  |

                              +---------+                   +---------+


Sequence Numbers
TCP uses a 32-bit sequence number that counts bytes in the data stream. Each TCP packet contains the starting sequence number of the data in that packet, and the sequence number (called the acknowledgment number) of the last byte received from the remote peer. With this information, a sliding-window protocol is implemented. Forward and reverse sequence numbers are completely independent, and each TCP peer must track both its own sequence numbering and the numbering being used by the remote peer.

TCP uses a number of control flags to manage the connection. Some of these flags pertain to a single packet, such as the URG flag indicating valid data in the Urgent Pointer field, but two flags (SYN and FIN), require reliable delivery as they mark the beginning and end of the data stream. In order to insure reliable delivery of these two flags, they are assigned spots in the sequence number space. Each flag occupies a single byte.

The typical kinds of sequence number comparisons which the TCP must perform include:
  • Determining that an acknowledgment refers to some sequence number sent but not yet acknowledged.

  • Determining that all sequence numbers occupied by a segment have been acknowledged (e.g., to remove the segment from a retransmission queue).

  • Determining that an incoming segment contains sequence numbers which are expected (i.e., that the segment "overlaps" the receive window).

In response to sending data the TCP will receive acknowledgments. The following comparisons are needed to process the acknowledgments.
    SND.UNA = oldest unacknowledged sequence number
    SND.NXT = next sequence number to be sent
    SEG.ACK = acknowledgment from the receiving TCP (next sequence number expected by the receiving TCP)
    SEG.SEQ = first sequence number of a segment
    SEG.LEN = the number of octets occupied by the data in the segment (counting SYN and FIN)
    SEG.SEQ+SEG.LEN-1 = last sequence number of a segment


A new acknowledgment (called an "acceptable ack"), is one for which the inequality below holds:
    SND.UNA < SEG.ACK =< SND.NXT

A segment on the retransmission queue is fully acknowledged if the sum of its sequence number and length is less or equal than the acknowledgment value in the incoming segment.

When data is received the following comparisons are needed:
    RCV.NXT = next sequence number expected on an incoming segments, and is the left or lower edge of the receive window
    RCV.NXT+RCV.WND-1 = last sequence number expected on an incoming segment, and is the right or upper edge of the receive window
    SEG.SEQ = first sequence number occupied by the incoming segment
    SEG.SEQ+SEG.LEN-1 = last sequence number occupied by the incoming segment


A segment is judged to occupy a portion of valid receive sequence space if
    RCV.NXT =< SEG.SEQ < RCV.NXT+RCV.WND

or
    RCV.NXT =< SEG.SEQ+SEG.LEN-1 < RCV.NXT+RCV.WND


The first part of this test checks to see if the beginning of the segment falls in the window, the second part of the test checks to see if the end of the segment falls in the window; if the segment passes either part of the test it contains data in the window.

Actually, it is a little more complicated than this. Due to zero windows and zero length segments, we have four cases for the acceptability of an incoming segment: 

          Segment Receive  Test

          Length  Window

          ------- -------  -------------------------------------------

             0       0     SEG.SEQ = RCV.NXT

             0      >0     RCV.NXT =< SEG.SEQ < RCV.NXT+RCV.WND

            >0       0     not acceptable

            >0      >0     RCV.NXT =< SEG.SEQ < RCV.NXT+RCV.WND

                        or RCV.NXT =< SEG.SEQ+SEG.LEN-1 < RCV.NXT+RCV.WND
Note that when the receive window is zero no segments should be acceptable except ACK segments. Thus, it is be possible for a TCP to maintain a zero receive window while transmitting data and receiving ACKs. However, even when the receive window is zero, a TCP must process the RST and URG fields of all incoming segments.

Establishing a Connection
The "three-way handshake" is the procedure used to establish a connection. This procedure normally is initiated by one TCP and responded to by another TCP. The procedure also works if two TCP simultaneously initiate the procedure. When simultaneous attempt occurs, each TCP receives a "SYN" segment which carries no acknowledgment after it has sent a "SYN". Of course, the arrival of an old duplicate "SYN" segment can potentially make it appear, to the recipient, that a simultaneous connection initiation is in progress. Proper use of "reset" segments can disambiguate these cases.

Closing a Connection
CLOSE is an operation meaning "I have no more data to send." The notion of closing a full-duplex connection is subject to ambiguous interpretation, of course, since it may not be obvious how to treat the receiving side of the connection.

There are essentially three cases:
  • The user initiates by telling the TCP to CLOSE the connection

  • The remote TCP initiates by sending a FIN control signal

  • Both users CLOSE simultaneously


      • Case 1: Local user initiates the close
      In this case, a FIN segment can be constructed and placed on the outgoing segment queue. No further SENDs from the user will be accepted by the TCP, and it enters the FIN-WAIT-1 state. RECEIVEs are allowed in this state. All segments preceding and including FIN will be retransmitted until acknowledged. When the other TCP has both acknowledged the FIN and sent a FIN of its own, the first TCP can ACK this FIN. Note that a TCP receiving a FIN will ACK but not send its own FIN until its user has CLOSED the connection also.

      Case 2: TCP receives a FIN from the network
      If an unsolicited FIN arrives from the network, the receiving TCP can ACK it and tell the user that the connection is closing. The user will respond with a CLOSE, upon which the TCP can send a FIN to the other TCP after sending any remaining data. The TCP then waits until its own FIN is acknowledged whereupon it deletes the connection. If an ACK is not forthcoming, after the user timeout the connection is aborted and the user is told.

      Case 3: both users close simultaneously
      A simultaneous CLOSE by users at both ends of a connection causes FIN segments to be exchanged. When all segments preceding the FINs have been processed and acknowledged, each TCP can ACK the FIN it has received. Both will, upon receiving these ACKs, delete the connection.


Precedence and Security
The intent is that connection be allowed only between ports operating with exactly the same security and compartment values and at the higher of the precedence level requested by the two ports. TCP modules which operate only at the default value of precedence will still have to check the precedence of incoming segments and possibly raise the precedence level they use on the connection.

Data Communication
Once the connection is established data is communicated by the exchange of segments. Because segments may be lost due to errors (checksum test failure), or network congestion, TCP uses retransmission (after a timeout) to ensure delivery of every segment. Duplicate segments may arrive due to network or TCP retransmission.

The sender of data keeps track of the next sequence number to use in the variable SND.NXT. The receiver of data keeps track of the next sequence number to expect in the variable RCV.NXT. The sender of data keeps track of the oldest unacknowledged sequence number in the variable SND.UNA. If the data flow is momentarily idle and all data sent has been acknowledged then the three variables will be equal.

When the sender creates a segment and transmits it the sender advances SND.NXT. When the receiver accepts a segment it advances RCV.NXT and sends an acknowledgment. When the data sender receives an acknowledgment it advances SND.UNA. The extent to which the values of these variables differ is a measure of the delay in the communication. The amount by which the variables are advanced is the length of the data in the segment. Note that once in the ESTABLISHED state all segments must carry current acknowledgment information.

Application Programming Interface
The TCP application programming interface is not fully defined. As is the case with most RFC s in the TCP/IP protocol suite, a great degree of freedom is left to the implementers, thereby allowing for optimal (operating system-dependent) implementations, resulting in better efficiency (greater throughput).

The following function calls are described in the RFC :
  • Open

    • To establish a connection, takes several parameters:
    Active/passive
    Foreign socket
    Local port number
    Timeout value (optional)
    And lots of other options
    Returns a local connection name, which is used to reference this particular connection in all other functions.

  • Send

    • Causes data in a referenced user buffer to be sent over the connection. Can optionally set the URGENT flag or the PUSH flag.

  • Receive

    • Copies incoming TCP data to a user buffer.

  • Close

    • Closes the connection; causes a push of all remaining data and a TCP segment with FIN flag set.

  • Status

    • Is an implementation-dependent call that could return information such as:
    Local and foreign socket
    Send and receive window sizes
    Connection state
    Local connection name

  • Abort

    • Causes all pending Send and Receive operations to be aborted, and a RESET to be sent to the foreign TCP.

Top of Page
EXAMPLES 
Example 1: Send Sequence Space



               1         2          3          4      

          ----------|----------|----------|---------- 

                 SND.UNA    SND.NXT    SND.UNA        

                                      +SND.WND       



          1 - Old sequence numbers which have been acknowledged.

          2 - Sequence numbers of unacknowledged data.

          3 - Sequence numbers allowed for new data transmission.

          4 - Future sequence numbers which are not yet allowed.
Example 2: Receive Sequence Space



            1          2          3      

          ----------|----------|---------- 

                 RCV.NXT    RCV.NXT        

                           +RCV.WND



          1 - Old sequence numbers which have been acknowledged.  

          2 - Sequence numbers allowed for new reception.         

          3 - Future sequence numbers which are not yet allowed.
Example 3: Basic 3-Way Handshake for Connection Synchronization



The three-way handshake reduces the possibility of false connections. It is the 

implementation of a trade-off between memory and messages to provide information for 

this checking.



              TCP A                                                TCP B

          1.  CLOSED                                               LISTEN

          2.  SYN-SENT    -->                --> SYN-RECEIVED

          3.  ESTABLISHED <--   <-- SYN-RECEIVED

          4.  ESTABLISHED -->        --> ESTABLISHED

          5.  ESTABLISHED -->  --> ESTABLISHED



Each line is numbered for reference purposes. Right arrows (-->) indicate departure 

of a TCP segment from TCP A to TCP B, or arrival of a segment at B from A. Left 

arrows (<--), indicate the reverse. Ellipsis (...) indicates a segment which is still 

in the network (delayed). An "XXX" indicates a segment which is lost or rejected. 

Comments appear in parentheses. TCP states represent the state AFTER the departure 

or arrival of the segment (whose contents are shown in the center of each line). 

Segment contents are shown in abbreviated form, with sequence number, control 

flags, and ACK field. Other fields such as window, addresses, lengths, and text 

have been left out in the interest of clarity.
Example 4: Simultaneous Connection Synchronization



Simultaneous initiation is only slightly more complex. Each TCP cycles from CLOSED 

to SYN-SENT to SYN-RECEIVED to ESTABLISHED.



              TCP A                                            TCP B

          1.  CLOSED                                           CLOSED

          2.  SYN-SENT     -->               ...

          3.  SYN-RECEIVED <--               <-- SYN-SENT

          4.               ...               --> SYN-RECEIVED

          5.  SYN-RECEIVED -->  ...

          6.  ESTABLISHED  <--  <-- SYN-RECEIVED

          7.               ...      --> ESTABLISHED
Example 5: Recovery from Old Duplicate SYN



As a simple example of recovery from old duplicates.



              TCP A                                                TCP B

          1.  CLOSED                                               LISTEN

          2.  SYN-SENT    -->                ...

          3.  (duplicate) ...                --> SYN-RECEIVED

          4.  SYN-SENT    <--   <-- SYN-RECEIVED

          5.  SYN-SENT    -->                --> LISTEN

          6.              ...                --> SYN-RECEIVED

          7.  SYN-SENT    <--   <-- SYN-RECEIVED

          8.  ESTABLISHED -->       --> ESTABLISHED
Example 6: Half-Open Connection Discovery



An established connection is said to be "half-open" if one of the TCPs has closed or 

aborted the connection at its end without the knowledge of the other, or if the two 

ends of the connection have become desynchronized owing to a crash that resulted 

in loss of memory. Such connections will automatically become reset if an attempt is 

made to send data in either direction. However, half-open connections are expected 

to be unusual, and the recovery procedure is mildly involved.



              TCP A                                           TCP B

          1.  (CRASH)                               (send 300,receive 100)

          2.  CLOSED                                           ESTABLISHED

          3.  SYN-SENT -->               --> (??)

          4.  (!!)     <--      <-- ESTABLISHED

          5.  SYN-SENT -->               --> (Abort!!)

          6.  SYN-SENT                                         CLOSED

          7.  SYN-SENT -->               -->
Example 7: Active Side Causes Half-Open Connection Discovery



An interesting alternative case occurs when TCP A crashes and TCP B tries to send 

data on what it thinks is a synchronized connection. The data arriving at TCP A 

from TCP B (line 2) is unacceptable because no such connection exists, so TCP A 

sends a RST. The RST is acceptable so TCP B processes it and aborts the connection.



                TCP A                                              TCP B

         1.  (CRASH)                                   (send 300,receive 100)

         2.  (??)    <--  <-- ESTABLISHED

         3.          -->                    --> (ABORT!!)
Example 8: Old Duplicate SYN Initiates a Reset on two Passive Sockets

The two TCPs A and B with passive connections wait for SYN.  An old duplicate 

arriving at TCP B (line 2) stirs B into action.  A SYN-ACK is returned (line 3) and 

causes TCP A to generate a RST (the ACK in line 3 is not acceptable).  TCP B 

accepts the reset and returns to its passive LISTEN state.



              TCP A                                         TCP B

          1.  LISTEN                                        LISTEN

          2.       ...                 -->  SYN-RECEIVED

          3.  (??) <--    <--  SYN-RECEIVED

          4.       -->               -->  (return to LISTEN!)

          5.  LISTEN                                        LISTEN
Example 9: Normal Close Sequence



              TCP A                                                TCP B

          1.  ESTABLISHED                                          ESTABLISHED

          2.  (Close)

                FIN-WAIT-1  -->   --> CLOSE-WAIT

          3.  FIN-WAIT-2  <--       <-- CLOSE-WAIT

          4.                                                       (Close)

                TIME-WAIT   <--   <-- LAST-ACK

          5.  TIME-WAIT   -->       --> CLOSED

          6.  (2 MSL)

                CLOSED
Simultaneous Close Sequence



              TCP A                                                TCP B

          1.  ESTABLISHED                                          ESTABLISHED

          2.  (Close)                                              (Close)

                FIN-WAIT-1  -->   ... FIN-WAIT-1

                            <--   <--

                            ...   -->

          3.  CLOSING     -->       ... CLOSING

                            <--       <--

                            ...       -->

          4.  TIME-WAIT                                            TIME-WAIT

                (2 MSL)                                              (2 MSL)

                CLOSED                                               CLOSED

Top of Page
PROTOCOL RELATIONS
Parent layer
Child layer
IP
TCP
SSH
Kerberos
DNS
BOOTP
HTTPS
Timbuktu
RTSP
L2TP
CSO
NetBIOS
CMIP Agent
Retrospect
RLOGIN
RSH
WINS
MSN
NFS
RPC
Lotus Notes
FileMaker
AOL
CU-SeeMe
HTTP Proxy
CIFS
SQL
NCP
SLP
PPTP
SIP
MGCP
SAP
H.323
H.225
Citrix ICA
GTP
LDAP
GroupWise
BitTorrent
HTTP
FTP
RTELNET
TELNET
SMTP
WhoIs
IMAP
BGP
IMAP3
Gopher
Finger
POP2
POP3
NNTP
AFP
Cayman IP ATalk
X-Windows
TNS
TDS
LDAPS
IMAPS
SCCP
Gnutella
iSCSI
LPD
ISO-8073
DCE
Fibre Channel
DAAP
WP DNX
POP3s
MSRDP
Shockwave
MSSQL
Goto MyPC
Srvc_registry
Other
COPS
Top of Page
GLOSSARY
Connection
A logical communication path identified by a pair of endpoints.

In dbAnywhere, a connection refers to the connection to the SQL Anywhere database.

LFN
LFN (Long Fat Network) is a communications path with a large bandwidth * delay product.

MSL
MSL(Maximum Segment Lifetime) is the maximum interval a TCP segment may life in the net. MSL is the time a TCP segment can exist in the internetwork system.

The MSL controls the maximum rate at which fragmented datagrams can be sent using distinct values of the 16-bit Ident field; a larger MSL lowers the maximum rate. The TCP specification [TCP:1] arbitrarily assumes a value of 2 minutes for MSL.

RTT
RTT(Round-trip Time), the time required for a network communication to travel from the source to the destination and back. RTT is used by some routing algorithms to aid in calculating optimal routes.

SACK
SACK(Selective Acknowledgement), this technique allows the data receiver to inform the sender about all segments that have arrived successfully, so the sender need retransmit only the segments that have actually been lost. This extension uses two TCP options. The first is an enabling option, SACK permitted, which may be sent in a SYN segment to indicate that the SACK option can be used once the connection is established. The other is the SACK option itself, which may be sent over an established connection once permission has been given.

Segment
In networks, a section of a network that is bounded by bridges, routers or switches. Dividing an Ethernet into multiple segments is one of the most common ways of increasing available bandwidth on the LAN. If segmented correctly, most network traffic will remain within a single segment, enjoying the full 10 Mbps bandwidth. Hubs and switches are used to connect each segment to the rest of the LAN.

In virtual memory systems, a variable-sized portion of data that is swapped in and out of main memory. Contrast with page.
In graphics, a piece of a polyline, which is a fixed-sized portion of data.

TTL
TTL (Time to Live) is a field in the Internet Protocol (IP) that specifies how many more hops a packet can travel before being discarded or returned.
Top of Page
REFERENCES
Related links:
                TCP option numbers
RFCs:
[IEN 2] Comments on Internet Protocol and TCP.
[IEN 12] Issues in Reliable Host-to-Host Protocols.
[IEN 45] TCP Checksum Function Design.
[IEN 74] Sequence Number Arithmetic.
[IEN 92] Protocol Options.
[IEN 98] TCP Implementation Status.
[IEN 114] PROTOCOL OPTIONS.
[IEN 124] DOD STANDARD TRANSMISSION CONTROL PROTOCOL.
                Obsoletes: IEN 5, IEN 21, IEN 27, IEN 40, IEN 44, IEN 55, IEN 81, IEN 112.
[IEN 150] TCP JSYS CALLING SEQUENCES.
[IEN 167] HP3000 TCP DESIGN DOCUMENT.
[RFC 721] Out-of-Band Control Signals in a Host-to-Host Protocol.
[RFC 761] DOD STANDARD TRANSMISSION CONTROL PROTOCOL.
[RFC 793] Transmission Control Protocol.
[RFC 801] NCP/TCP TRANSITION PLAN.
[RFC 813] WINDOW AND ACKNOWLEDGEMENT STRATEGY IN TCP.
[RFC 816] FAULT ISOLATION AND RECOVERY.
[RFC 832] Who Talks TCP?
[RFC 833] Who Talks TCP?
[RFC 834] Who Talks TCP?
[RFC 835] Who Talks TCP?
[RFC 836] Who Talks TCP?
[RFC 837] Who Talks TCP?
[RFC 838] Who Talks TCP?
[RFC 839] Who Talks TCP?
[RFC 842] Who Talks TCP? - Survey of 1 February 83.
[RFC 843] Who Talks TCP? -- Survey of 8 February 1983.
[RFC 845] Who Talks TCP? -- Survey of 15 February 1983.
[RFC 846] Who Talks TCP? -- Survey of 22 February 1983.
[RFC 872] TCP-ON-A-LAN.
[RFC 879] The TCP Maximum Segment Size and Related Topics.
[RFC 889] Internet Delay Experiments.
[RFC 896] Congestion Control in IP/TCP Internetworks.
[RFC 939] Executive Summary of the NRC Report on Transport Protocols for Department of Defense Data Networks.
[RFC 942] TRANSPORT PROTOCOLS FOR DEPARTMENT OF DEFENSE DATA NETWORKS.
[RFC 962] TCP-4 Prime.
[RFC 964] SOME PROBLEMS WITH THE SPECIFICATION OF THE MILITARY STANDARD TRANSMISSION CONTROL PROTOCOL.
[RFC 1025] TCP AND IP BAKE OFF.
[RFC 1106] TCP Big Window and Nak Options.
[RFC 1110] A Problem with the TCP Big Window Option.
[RFC 1122] Requirements for Internet Hosts -- Communication Layers.
[RFC 1144] Compressing TCP/IP Headers for Low-Speed Serial Links.
[RFC 1146] TCP Alternate Checksum Options.
                Obsoletes: RFC 1145.
[RFC 1156] Management Information Base for Network Management of TCP/IP-based internets.
                Obsoletes: RFC 1066.
[RFC 1158] Management Information Base for Network Management of TCP/IP-based internets: MIB-II.
[RFC 1180] A TCP/IP Tutorial.
[RFC 1191] Path MTU Discovery.
                Obsoletes: RFC 1063.
[RFC 1263] TCP EXTENSIONS CONSIDERED HARMFUL.
[RFC 1323] TCP Extensions for High Performance.
                Obsoletes: RFC 1072, RFC 1185.
[RFC 1337] TIME-WAIT Assassination Hazards in TCP.
[RFC 1347] TCP and UDP with Bigger Addresses (TUBA), A Simple Proposal for Internet Addressing and Routing.
[RFC 1379] Extending TCP for Transactions -- Concepts.
[RFC 1475] TP/IX: The Next Internet.
[RFC 1644] T/TCP -- TCP Extensions for Transactions Functional Specification.
[RFC 1693] An Extension to TCP : Partial Order Service.
[RFC 1705] Six Virtual Inches to the Left: The Problem with IPng.
[RFC 1791] TCP And UDP Over IPX Networks With Fixed Path MTU.
[RFC 1812] Requirements for IP Version 4 Routers.
[RFC 1858] Security Considerations for IP Fragment Filtering.
[RFC 1859] ISO Transport Class 2 Non-use of Explicit Flow Control over TCP RFC1006 extension.
[RFC 1948] Defending Against Sequence Number Attacks.
[RFC 1981] Path MTU Discovery for IP version 6.
[RFC 2012] SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2.
                Defines SNMP MIB iso.org.dod.internet.mgmt.mib-2.tcpMIB (1.3.6.1.2.1.49).
                Updates: RFC 1213.
[RFC 2018] TCP Selective Acknowledgment Options.
[RFC 2126] ISO Transport Service on top of TCP (ITOT).
[RFC 2140] TCP Control Block Interdependence.
[RFC 2385] Protection of BGP Sessions via the TCP MD5 Signature Option.
                Defines the MD5 signature option.
[RFC 2415] Simulation Studies of Increased Initial TCP Window Size.
[RFC 2416] When TCP Starts Up With Four Packets Into Only Three Buffers.
[RFC 2452] IP Version 6 Management Information Base for the Transmission Control Protocol.
[RFC 2460] Internet Protocol, Version 6 (IPv6) Specification.
[RFC 2488] Enhancing TCP Over Satellite Channels using Standard Mechanisms.
[RFC 2507] IP Header Compression.
[RFC 2525] Known TCP Implementation Problems.
[RFC 2581] TCP Congestion Control.
                Obsoletes: RFC 2001.
[RFC 2675] IPv6 Jumbograms.
                Obsoletes: RFC 2147.
[RFC 2757] Long Thin Networks.
[RFC 2760] Ongoing TCP Research Related to Satellites.
[RFC 2780] IANA Allocation Guidelines For Values In the Internet Protocol and Related Headers.
[RFC 2861] TCP Congestion Window Validation.
                Defines the TCP congestion control algorithm CWV.
[RFC 2873] TCP Processing of the IPv4 Precedence Field.
[RFC 2883] An Extension to the Selective Acknowledgement (SACK) Option for TCP.
[RFC 2884] Performance Evaluation of Explicit Congestion Notification (ECN) in IP Networks.
[RFC 2914] Congestion Control Principles.
[RFC 2923] TCP Problems with Path MTU Discovery.
[RFC 2988] Computing TCP's Retransmission Timer.
[RFC 2990] Next Steps for the IP QoS Architecture.
[RFC 3042] Enhancing TCP's Loss Recovery Using Limited Transmit.
[RFC 3081] Mapping the BEEP Core onto TCP.
[RFC 3128] Protection Against a Variant of the Tiny Fragment Attack.
                Updates: RFC 1858.
[RFC 3135] Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations.
[RFC 3148] A Framework for Defining Empirical Bulk Transfer Capacity Metrics.
[RFC 3150] End-to-end Performance Implications of Slow Links.
[RFC 3155] End-to-end Performance Implications of Links with Errors.
[RFC 3168] The Addition of Explicit Congestion Notification (ECN) to IP.
                Obsoletes: RFC 2481.
                Updates: RFC 793, RFC 2401, RFC 2474.
[RFC 3360] Inappropriate TCP Resets Considered Harmful.
[RFC 3390] Increasing TCP's Initial Window.
                Obsoletes: RFC 2414.
                Updates: RFC 2581.
[RFC 3430] Simple Network Management Protocol (SNMP) over Transmission Control Protocol (TCP) Transport Mapping.
                Defines the use of TCP as a transport protocol for SNMP.
[RFC 3448] TCP Friendly Rate Control (TFRC): Protocol Specification.
                Defines the TFRC algorithm.
[RFC 3449] TCP Performance Implications of Network Path Asymmetry.
                BCP: 69.
[RFC 3465] TCP Congestion Control with Appropriate Byte Counting (ABC).
                Defines the TCP congestion control algorithm ABC.
[RFC 3481] TCP over Second (2.5G) and Third (3G) Generation Wireless Networks.
                BCP: 71.
[RFC 3517] A Conservative Selective Acknowledgment (SACK)-based Loss Recovery Algorithm for TCP.
[RFC 3522] The Eifel Detection Algorithm for TCP.
[RFC 3540] Robust Explicit Congestion Notification (ECN) Signaling with Nonces.
                Defines ECN bit NS (Nonce Sum).
[RFC 3562] Key Management Considerations for the TCP MD5 Signature Option.
[RFC 3649] HighSpeed TCP for Large Congestion Windows.
[RFC 3708] Using TCP Duplicate Selective Acknowledgement (DSACKs) and Stream Control Transmission Protocol (SCTP) Duplicate Transmission Sequence Numbers (TSNs) to Detect Spurious Retransmissions.
[RFC 3742] Limited Slow-Start for TCP with Large Congestion Windows.
[RFC 3782] The NewReno Modification to TCP's Fast Recovery Algorithm.
                Obsoletes: RFC 2582.
Obsolete RFCs:
[IEN 112] TRANSMISSION CONTROL PROTOCOL.
                Obsoleted by: IEN 124.
                Obsoletes: IEN 5, IEN 21, IEN 27, IEN 40, IEN 44, IEN 55, IEN 81.
[RFC 1063] IP MTU Discovery Options.
                Obsoleted by: RFC 1191.
[RFC 1066] Management Information Base for Network Management of TCP/IP-based internets.
                Obsoleted by: RFC 1156.
[RFC 1072] TCP Extensions for Long-Delay Paths.
                Obsoleted by: RFC 1323, RFC 2018.
[RFC 1145] TCP Alternate Checksum Options.
                Obsoleted by: RFC 1146.
[RFC 1185] TCP Extension for High-Speed Paths.
                Obsoleted by: RFC 1323.
[RFC 2001] TCP Slow Start, Congestion Avoidance, Fast Retransmit, and Fast Recovery Algorithms.
                Obsoleted by: RFC 2581.
[RFC 2147] TCP and UDP over IPv6 Jumbograms.
                Obsoleted by: RFC 2675.
                Updates: RFC 1883.
[RFC 2414] Increasing TCP's Initial Window.
                Obsoleted by: RFC 3390.
[RFC 2481] A Proposal to add Explicit Congestion Notification (ECN) to IP.
                Obsoleted by: RFC 3168.
[RFC 2582] The NewReno Modification to TCP's Fast Recovery Algorithm.
                Obsoleted by: RFC 3782.
                


Top of Page
OTHER PROTOCOLS OF TCP/IP SUITE
AARP   RRP   RTP Video   RTP Audio   RTP   COPS   Gopher   HSRP   ICP   MPLS   IEEE 802.2   CIP   FTP - Data   FTP - Ctrl   IMAPS   IP Fragment   LDAPS   PUP   MSSQL   RSH   SQL   POP3s   RTELNET   RSVP   STP   VLAN   MSN   H.323   MSRDP   HTTPS   WINS   LPD   GTP   ICMPv6   POP   TELNET   H.225   VRRP   PIM   RARP   SAP   OSPF   RLOGIN   SCTP   SIP   RTCP   PPPoE   Mobile IP   IMAP3   WhoIs   SLP   NCP   PPTP   MGCP   LDAP   L2TP   Kerberos   IPv6   GRE   Ethernet SNAP   AFP   CIFS   IEEE 802.3   Finger   NBDGM   NetBEUI   NBSSN   ESP   EIGRP   EGP   DHCP   CGMP   CDP   BOOTP   AH   NBNS   EthernetII   ICQ   PPP   ARP   RIP   IPX   IGRP   IGMP   SSH   RPC   NetBIOS   TFTP   SNMP   SNA   SMB   RADIUS   NTP   NNTP   UDP   TCP   BGP   DNS   SOCKS   IMAP   RTSP   NFS   ICMP   IP   FTP   Telnet   POP3   SMTP   HTTP  
Search RFCs:

Advanced Search
Search Glossary:
Exact search
Fuzzy search


All Protocols
Submit a Request
Recommend an Article
 Layer 7 Application Layer
  AFP
  BOOTP
  CIFS
  CIP
  COPS
  DHCP
  DNS
  Finger
  FTP
  FTP - Ctrl
  FTP - Data
  Gopher
  HSRP
  HTTP
  HTTPS
  ICP
  ICQ
  IMAP
  IMAP3
  IMAPS
  Kerberos
  LPD
  MGCP
  MSN
  MSRDP
  MSSQL
  NCP
  NFS
  NNTP
  NTP
  POP
  POP3
  POP3s
  RADIUS
  RLOGIN
  RRP
  RSH
  RTCP
  RTELNET
  RTP
  RTP Audio
  RTP Video
  RTSP
  SAP
  SIP
  SLP
  SMB
  SMTP
  SNA
  SNMP
  SOCKS
  SSH
  Telnet
  TELNET
  TFTP
  WhoIs
  WINS
 Layer 6 Presentation Layer
  NBNS
  NBSSN
  NCP
  NetBIOS
 Layer 5 Session Layer
  LDAP
  LDAPS
  NCP
  NetBEUI
  RPC
 Layer 4 Transport Layer
  H.225
  H.323
  NBDGM
  NetBEUI
  PUP
  SCTP
  TCP
  UDP
 Layer 3 Network Layer
  AARP
  AH
  BGP
  EGP
  EIGRP
  ESP
  GRE
  GTP
  ICMP
  ICMPv6
  IGMP
  IGRP
  IP
  IP Fragment
  IPv6
  IPX
  Mobile IP
  MPLS
  OSPF
  PIM
  PPPoE
  RIP
  RSVP
  STP
  VRRP
 Layer 2 Data Link Layer
  ARP
  CDP
  CGMP
  Ethernet SNAP
  EthernetII
  IEEE 802.2
  IEEE 802.3
  L2TP
  PPP
  PPTP
  RARP
  SQL
  VLAN
 Layer 1 Physical Layer
© 2006 - 2007 Colasoft Co., Ltd. All rights reserved.