Computer Networks. Marwan Al- Namari Week 6. TCP operation. TCP is a reliable, connection-oriented delivery service. The data is transmitted in segments.
TCP is a reliable, connection-oriented delivery service. The data is transmitted in segments.
Connection-oriented means that a connection must be established before hosts can exchange data. Reliability is achieved by assigning a sequence number to each segment transmitted. An acknowledgement is used to verify that the data was received by the other host. For each segment sent, the receiving host must return an acknowledgement (ACK) within a specified period for bytes received. If an ACK is not received, the data is retransmitted. TCP uses byte-stream communications, wherein data within the TCP segment is treated as a sequence of bytes with no record or field boundaries.
Following table describes the key fields in the TCP header.
TCP port of sending host.
TCP port of destination host.
Sequence number of the first byte of data in the TCP segment.
Sequence number of the byte the sender expects to receive next from the other side of the connection.
Current size of a TCP buffer on the host sending this TCP segment to store incoming segments.
Verifies the integrity of the TCP header and the TCP data.TCP header
A TCP connection is initialized through a three-way handshake. The purpose of the three-way handshake is to synchronize the sequence number and acknowledgement numbers of both sides of the connection and exchange TCP Window sizes. The following steps outline the process:
The client sends a TCP segment to the server with an initial Sequence Number for the connection and a Window size indicating the size of a buffer on the client to store incoming segments from the server.
The server sends back a TCP segment containing its chosen initial Sequence Number, an acknowledgement of the client’s Sequence Number, and a Window size indicating the size of a buffer on the server to store incoming segments from the client.
The client sends a TCP segment to the server containing an acknowledgement of the server’s Sequence Number.
N.B. TCP uses a similar handshake process to end a connection. This guarantees that both hosts have finished transmitting and that all data was received.
A useful TCP/IP diagnostic utility which shows the ports in use
Proto Local Address Foreign Address State
TCP 126.96.36.199:1028 188.8.131.52:80 CLOSE_WAIT
TCP 184.108.40.206:1029 220.127.116.11:80 CLOSE_WAIT
TCP 18.104.22.168:1031 22.214.171.124:80 CLOSE_WAIT
TCP 126.96.36.199:1032 188.8.131.52:80 CLOSE_WAIT
TCP 184.108.40.206:1037 220.127.116.11:80 ESTABLISHED
TCP 18.104.22.168:1040 22.214.171.124:80 TIME_WAIT
TCP 126.96.36.199:1041 188.8.131.52:80 TIME_WAIT
TCP 184.108.40.206:1042 220.127.116.11:80 SYN_SENT
Will show the listening ports
This is a good check to see if you have a Trojan programme running which opens a port as a ‘backdoor’ for hackers.
When a TCP connection is closed, the socket pair is placed into a state known as TIME-WAIT
This is so that a new connection does not use the same protocol, source IP address, destination IP address, source port, and destination port
until enough time has passed to ensure that any segments that have been misrouted or delayed will not be delivered unexpectedly.