TCP Talk Series – I

Posted by

TCP: very common protocol in the networking field and the most important one as well. In these posts, we are going to learn TCP in depth. I will be posting TCP in series covering below topics in this first post:

What makes TCP different from UDP ?


  • Connectionless
  • Excepts to receive small, discrete messages from upper Layer protocols, little blocks of data
  • No reliability or retransmission


  • Connection Oriented
  • Can work with any format of data (including a constant stream of bytes) from upper layer protocol
  • Reliability with ACK and Retransmission

What is meant by Connection Oriented ?

  • TCP verifies existence of peer prior to data exchange. (This implies the 3-Way handshake. To check whether the other end exists to establish. During the session establishment, they negotiate some parameters)
  • TCP peers negotiate parameters used to control data exchange.
  • TCP data is exchanged reliably using SEQ Numbers and ACK, flow control and retransmissions
  • TCP can gracefully inform peer of the need to close a connection.

TCP HEADER: Its 20 Bytes Long.


Below are the question that comes to our mind whenever we think about TCP:

  • What is the biggest Segment that need to create before it handed over to IP.
  • How many segments I can receive at a time.
  • How does a TCP know when to create the segment.

We will now discuss these with the help of TCP flags and TCP Options.


  • RESET TCP Reset flag used to indicate connection-problems when something unexpected occurs.


Most Common Reasons for generation of a “RESET”:

  1. Incoming TCP Segment (Without SYN Flag) from a previously unknown device.
    Example : In a Web Server there are 50 to 60 connection going on, and in a moment a TCP New connection comes. And their is no TCB information and no Socket info. With that TCP RST send back.
  2. Receipt of a message with an invalid or incorrect Sequence Number or ACK Number Filed.
  3. Receipt of a SYN message on a port where there is no process listening for connection.


If a TCP is in a particular state and a RESET comes in what will happen.

Screen Shot 2017-10-26 at 8.30.23 AM

If Device is in Establish State and  RESET is received then the device will immediately go to Close state.


QUES : Does TCP RESET get an ACK?

  • PUSH
    TCP Gets a Send Call message from the Upper Layer Protocol. The upper Layer informs the location of the data. This is the first Bytes and this is the last bytes. Now TCP will wait to start creating the segment. Sales Algorithm says Keep buffering the bytes as long as we didn’t receive any ACK for the data that is sent. Once the ACK
    received then stop the segment and start sending.

Screen Shot 2017-10-26 at 8.30.35 AM

For Example : Router is BUSY in processing the Data, or any debug is running. We issued a TELNET. For Every Stroke of letter, packet is sent to the router. Now, how the packet is processed? SO TCP PUSH Bit will come in picture. The Sending Application has to inform about this function. Cause sending to TCP to Immediately create segment Set the ‘PSH’ control flag Transmit segment

Receiving TCP process immediately pushes data to application.

Screen Shot 2017-10-26 at 8.30.50 AM

For Telnet Session every single packet contains PSH Flag.


Screen Shot 2017-10-26 at 8.31.33 AM

When a TCP segment is received with the “URGENT” flag set, receiving TCP process :

  1. Buffers all bytes received until the last byte of the TCP segment is received.
  2. TCP enters the “URGENT MODE” state
  3. The next time the upper layer application (on receiving device) enters the “read” state it will see that TCP is in “URGENT MODE”

What does the upper layer application do at this point. That is application dependent.
Once the last byte of the URGENT byte goes, it takes down that URGENT Flag.


TCP “URGENT FLAG” Function does not :

  • Cause the sender to immediately encapsulate bytes into a segment and transmit
  • Cause the receiver to immediately take all bytes out of buffers (even if it filled) and transmit up-the-stack
  • For this reason the TCP “URGENT FLAG” typically used in conjunction with the “PUSH” Flag
  • “PUSH” and “URGENT” Flag are mutually exclusive to each other.

The TCP header can contain options. The only options defined in the original TCP specification are




The maximum segment size (MSS) is the largest segment that a TCP is willing to receive form its peer and it consequently the largest size its peer should ever use when sending.
The MSS value counts only TCP data bytes and does not include the sizes of any associated TCP or IP header.
MSS Value carries in the SYN packet. If no MSS provided then default value will be 536 Bytes.
NOTE : MSS OPTION is not a negotiation between one TCP and its peer, it is a limit when one TCP gives its MSS option to other, it is indicating its unwillingness to accept any
segments larger than that size for the duration of the connections.

MTU – TCP (20 Bytes) – IP (20 bytes) = MSS (Maximum Segment Size)



  • The Window Scale option effectively increases the capacity of the TCP WIN Advertisement field from 16 to about 30 bits.
  • The factor effectively left-shifts the window field value by the scale factor.
  • This in effect multiplies the window value by the value 2**s.(S is the scale factor)
  • A shift count of 0 indicates no scaling.
  • The maximum scale value of 14 provides of a maximum window of 65535×2**14 close to 2**30-1. Effectively 1 GB

Counting Segments (WINDOW SIZE) :
If TCP sent a single segment, then waited for an “ACK” this would be slow and inefficient. TCP sender can transmit more than one segment without receiving an ACK upto a maximum accumulated byte limit. This limit is negotiated during handshake is called the WINDOW SIZE.
This value can dynamically changed during a TCP conversation

  1. RECEIVER WINDOW – Every time the packet exchange between each other. WINDOW SIZE negotiated.
  2. SENDER WINDOW – The congestion window TCP can monitor two Window (Receiver Window and Sender Window)


WINDOW SCALE : (Multiply by 2)
What if my LAPTOP or SERVER can able to buffer more than the assigned WINDOW SIZE (65535). For example 80000 or 200K. Then comes to “WINDOW SCALE”
Example :


If the end doing the active open sends a nonzero scale factor but does not receive a WINDOW SCALE option from the other end, it sets its send and receive scale values to 0.
This lets systems that do not understand the option interoperate with the systems that do. Every time we send a window advertisement to the other end, we tale out real 32 bit window size and right shift it S bit, placing the resulting 16 bit value in the TCP header.


  • The timestamps option lets the sender place two 4 bytes timestamp value in every segment.
  • The receiver reflects these values in the ACK.
  • Allows the sender to calculate an estimate of the connection
  • RTT for each ACK received.

In TIME OPTION WE have two values :


  • Using a time stamp Option the sender places a 32 bit values in the timestamp value field (TSV or TSval) in the first part of the TSOPT.
  • The receiver echoes this back unchanged in the second TSER (Timestamp Echo Retry field.)


  • TCP is a symmetric pool, allowing data to be sent at any time in either direction, and therefore timestamp echoing may occur in either direction.
  • For simplicity timestamp always be sent and echoed in both direction.
  • For efficiency, we combine the timestamp reply field into a single TCP timestamps Option.
  • The Time Stamp Option carries two four byte timestamp field.
  • The timestamp Value field (TSval) contain the current value of the timestamp clock of the TCP sending the option.
  • The Timestamp Echo Reply field (TSecr) is only valid if the ACK bit is set in the TCP header. 
  • When the TSer is not valid, its value mist be zero. The TSecr value will generally be the time stamp for the last in seq packet received.

To be continued……

TCP Talk Series:

  1. TCP Talk Series – I
  2. TCP Talk Series- II
  3. TCP Talk Series – III
  4. TCP Talk Series -IV
  5. TCP Talk Series- V


  1. hi sabyasachi, I wanted to read about tcp from 0 to 100. I am a network engineer by profession but consider myself a beginner in TCP concepts. So my question is: can I use this blog to read accordingly or you suggest some pre-requisite before this.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s