Computer Networks. Marwan Al- Namari Week 6. TCP operation. TCP is a reliable, connection-oriented delivery service. The data is transmitted in segments.
TCP is a reliable, connection-oriented delivery service. The data is transmitted in segments.
Connection-oriented means that a connection must be established before hosts can exchange data. Reliability is achieved by assigning a sequence number to each segment transmitted. An acknowledgement is used to verify that the data was received by the other host. For each segment sent, the receiving host must return an acknowledgement (ACK) within a specified period for bytes received. If an ACK is not received, the data is retransmitted. TCP uses byte-stream communications, wherein data within the TCP segment is treated as a sequence of bytes with no record or field boundaries.
Following table describes the key fields in the TCP header.
TCP port of sending host.
TCP port of destination host.
Sequence number of the first byte of data in the TCP segment.
Sequence number of the byte the sender expects to receive next from the other side of the connection.
Current size of a TCP buffer on the host sending this TCP segment to store incoming segments.
Verifies the integrity of the TCP header and the TCP data.TCP header
A TCP connection is initialized through a three-way handshake. The purpose of the three-way handshake is to synchronize the sequence number and acknowledgement numbers of both sides of the connection and exchange TCP Window sizes. The following steps outline the process:
The client sends a TCP segment to the server with an initial Sequence Number for the connection and a Window size indicating the size of a buffer on the client to store incoming segments from the server.
The server sends back a TCP segment containing its chosen initial Sequence Number, an acknowledgement of the client’s Sequence Number, and a Window size indicating the size of a buffer on the server to store incoming segments from the client.
The client sends a TCP segment to the server containing an acknowledgement of the server’s Sequence Number.
N.B. TCP uses a similar handshake process to end a connection. This guarantees that both hosts have finished transmitting and that all data was received.
FTP (Data Channel)
FTP (Control Channel)
HTTP used for the World Wide Web
NetBIOS session serviceWell Known TCP ports 1-1023
For a current list of TCP and UDP well known ports, see the Internet Assigned Numbers Authority (IANA)
A useful TCP/IP diagnostic utility which shows the ports in use
Proto Local Address Foreign Address State
TCP 22.214.171.124:1028 126.96.36.199:80 CLOSE_WAIT
TCP 188.8.131.52:1029 184.108.40.206:80 CLOSE_WAIT
TCP 220.127.116.11:1031 18.104.22.168:80 CLOSE_WAIT
TCP 22.214.171.124:1032 126.96.36.199:80 CLOSE_WAIT
TCP 188.8.131.52:1037 184.108.40.206:80 ESTABLISHED
TCP 220.127.116.11:1040 18.104.22.168:80 TIME_WAIT
TCP 22.214.171.124:1041 126.96.36.199:80 TIME_WAIT
TCP 188.8.131.52:1042 184.108.40.206:80 SYN_SENT
Will show the listening ports
This is a good check to see if you have a Trojan programme running which opens a port as a ‘backdoor’ for hackers.
When a TCP connection is closed, the socket pair is placed into a state known as TIME-WAIT
This is so that a new connection does not use the same protocol, source IP address, destination IP address, source port, and destination port
until enough time has passed to ensure that any segments that have been misrouted or delayed will not be delivered unexpectedly.