Citizendia

The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. The Internet Protocol Suite (commonly TCP/IP) is the set of Communications protocols used for the Internet and other similar networks TCP provides reliable, in-order delivery of a stream of bytes, making it suitable for applications like file transfer and e-mail. File transfer is a generic term for the act of transmitting files over a Computer network or the Internet. Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving It is so important in the Internet protocol suite that sometimes the entire suite is referred to as "the TCP/IP protocol suite. " TCP is the transport protocol that manages the individual conversations between web servers and web clients. TCP divides the HTTP messages into smaller pieces, called segments, to be sent to the destination client. Hypertext Transfer Protocol ( HTTP) is a Communications protocol for the transfer of information on the Internet. Transmission Control Protocol (TCP accepts data from a data stream 'segments' it into chunks and adds a TCP header creating a TCP segment It is also responsible for controlling the size and rate at which messages are exchanged between the server and the client.

Contents

Reason for TCP

The Internet Protocol (IP) works by exchanging groups of information called packets. In Information technology, a packet is a formatted unit of Data carried by a Packet mode Computer network. Packets are short sequences of bytes consisting of a header and a body. A byte (pronounced "bite" baɪt is the basic unit of measurement of information storage in Computer science. The header describes the packet's destination, which routers on the Internet use to pass the packet along, generally in the right direction, until it arrives at its final destination. A router ('rautər in the USA 'rutər in the UK and Ireland, or either pronunciation in Australia and Canada is a Computer whose software and hardware are usually The body contains the application data.

In cases of congestion, the IP can discard packets, and, for efficiency reasons, two consecutive packets on the Internet can take different routes to the destination. Then, the packets can arrive at the destination in the wrong order.

The TCP software libraries use the IP and provide a simpler interface to applications by hiding most of the underlying packet structures, rearranging out-of-order packets, minimizing network congestion, and re-transmitting discarded packets. Thus, TCP very significantly simplifies the task of writing network applications.

Applicability of TCP

TCP is used extensively by many of the Internet's most popular application protocols and resulting applications, including the World Wide Web, E-mail, File Transfer Protocol, Secure Shell, and some streaming media applications. The World Wide Web (commonly shortened to the Web) is a system of interlinked Hypertext documents accessed via the Internet. Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving Secure Shell or SSH is a Network protocol that allows data to be exchanged using a Secure channel between two networked devices Streaming multimedia is Multimedia that is constantly received by and normally presented to an end-user while it is being delivered by a streaming provider (the

However, because TCP is optimized for accurate delivery rather than timely delivery, TCP sometimes incurs relatively long delays (in the order of seconds) while waiting for out-of-order messages or retransmissions of lost messages, and it is not particularly suitable for real-time applications such as Voice over IP. Voice-over-Internet protocol ( VoIP, vɔɪp is a protocol optimized for the transmission of voice through the Internet For such applications, protocols like the Real-time Transport Protocol (RTP) running over the User Datagram Protocol (UDP) are usually recommended instead. The Real-time Transport Protocol (or RTP) defines a standardized packet format for delivering audio and video over the Internet User Datagram Protocol ( UDP) is one of the core protocols of the Internet Protocol Suite. [1]

TCP is a reliable stream delivery service that guarantees to deliver a stream of data sent from one host to another without duplication or losing data. Since packet transfer is not reliable, a technique known as positive acknowledgment with retransmission is used to guarantee reliability of packet transfers. This fundamental technique requires the receiver to respond with an acknowledgment message as it receives the data. The sender keeps a record of each packet it sends, and waits for acknowledgment before sending the next packet. The sender also keeps a timer from when the packet was sent, and retransmits a packet if the timer expires. The timer is needed in case a packet becomes lost or corrupt. [1]

TCP (Transmission Control Protocol) consists of a set of rules, the protocol, that are used with the Internet Protocol, the IP, to send data “in a form of message units” between computers over the Internet. At the same time that the IP takes care of handling the actual delivery of the data, the TCP takes care of keeping track of the individual units of data “packets” that a message is divided into for efficient routing through the net. For example, when an HTML file is sent to you from a Web server, the TCP program layer of that server takes the file as a stream of bytes and divides it into packets, numbers the packets, and then forwards them individually to the IP program layer. Even though every packet has the same destination IP address, they can get routed differently through the network. When the client program in your computer gets them, the TCP stack (implementation) reassembles the individual packets and ensures they are correctly ordered as it streams them to an application.

TCP segment structure

A TCP segment consists of two sections:

The TCP header[2] consists of 11 fields, of which only 10 are required. The eleventh field is optional (pink background in table) and aptly named "options".

TCP Header
Bit offsetBits 0–34–78–1516–31
0Source portDestination port
32Sequence number
64Acknowledgment number
96Data offsetReservedCWRECEURGACKPSHRSTSYNFINWindow Size
128ChecksumUrgent pointer
160Options (optional)
160/192+ 
Data
 
  • If the SYN flag is present, then this is the initial sequence number and the first data byte is the sequence number plus 1
  • If the SYN flag is not present, then the first data byte is the sequence number
  • CWR (1 bit) – Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set (added to header by RFC 3168).
  • ECE (ECN-Echo) (1 bit) – indicate that the TCP peer is ECN capable during 3-way handshake (added to header by RFC 3168). Explicit Congestion Notification ( ECN) is an extension to the Internet Protocol and is defined in RFC 3168 (2001
  • URG (1 bit) – indicates that the URGent pointer field is significant
  • ACK (1 bit) – indicates that the ACKnowledgment field is significant
  • PSH (1 bit) – Push function
  • RST (1 bit) – Reset the connection
  • SYN (1 bit) – Synchronize sequence numbers
  • FIN (1 bit) – No more data from sender

The last field is not a part of the header. A checksum is a form of Redundancy check, a simple way to protect the integrity of data by detecting errors in data that are sent through space ( Telecommunications The contents of this field are whatever the upper layer protocol wants but this protocol is not set in the header and is presumed based on the port selection.

Protocol operation

Unlike TCP's traditional counterpart, User Datagram Protocol, which can immediately start sending packets, TCP provides connections that need to be established before sending data. User Datagram Protocol ( UDP) is one of the core protocols of the Internet Protocol Suite. TCP connections have three phases:

  1. connection establishment
  2. data transfer
  3. connection termination

Before describing these three phases, a note about the various states of a connection end-point or Internet socket:

  1. LISTEN
  2. SYN-SENT
  3. SYN-RECEIVED
  4. ESTABLISHED
  5. FIN-WAIT-1
  6. FIN-WAIT-2
  7. CLOSE-WAIT
  8. CLOSING
  9. LAST-ACK
  10. TIME-WAIT
  11. CLOSED
LISTEN 
represents waiting for a connection request from any remote TCP and port. In Computer science and Automata theory, a state is a unique configuration of information in a program or machine An Internet socket (or commonly a network socket or socket) is an end-point of a bidirectional process-to-process communication flow across an IP (usually set by TCP servers)
SYN-SENT 
represents waiting for the remote TCP to send back a TCP packet with the SYN and ACK flags set. (usually set by TCP clients)
SYN-RECEIVED 
represents waiting for the remote TCP to send back an acknowledgment after having sent back a connection acknowledgment to the remote TCP. (usually set by TCP servers)
ESTABLISHED 
represents that the port is ready to receive/send data from/to the remote TCP. (set by TCP clients and servers)
TIME-WAIT 
represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request. According to RFC 793 a connection can stay in TIME-WAIT for a maximum of four minutes.

Connection establishment

To establish a connection, TCP uses a three-way handshake. In Information technology, Telecommunications, and related fields handshaking is an automated process of negotiation that dynamically sets parameters of Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs:

  1. The active open is performed by the client sending a SYN to the server.
  2. In response, the server replies with a SYN-ACK.
  3. Finally the client sends an ACK back to the server.

At this point, both the client and server have received an acknowledgment of the connection.

Example:

  1. The initiating host (client) sends a synchronization packet (SYN flag set to 1) to initiate a connection. It sets the packet's sequence number to a random value x.
  2. The other host receives the packet, records the sequence number x from the client, and replies with an acknowledgment and synchronization (SYN-ACK). The Acknowledgment is a 32-bit field in TCP segment header. It contains the next sequence number that this host is expecting to receive (x + 1). The host also initiates a return session. This includes a TCP segment with its own initial Sequence Number of value y.
  3. The initiating host responds with the next Sequence Number (x + 1) and a simple Acknowledgment Number value of y + 1, which is the Sequence Number value of the other host + 1.

Data transfer

There are a few key features that set TCP apart from User Datagram Protocol:

Ordered data transfer, retransmission of lost packets and discarding duplicate packets

TCP uses a sequence number to identify each byte of data. The sequence number identifies the order of the bytes sent from each computer so that the data can be transferred reliably and in order, regardless of any fragmentation, disordering, or packet loss that occurs during transmission. Packet loss occurs when one or more packets of data traveling across a Computer network fail to reach their destination For every byte transmitted the sequence number must be incremented. In the first two steps of the 3-way handshaking, both computers exchange an initial sequence number (ISN). This number can be arbitrary, and should in fact be unpredictable, in order to avoid a TCP Sequence Prediction Attack. A TCP sequence prediction attack is an attempt to predict the sequence number used to identify the packets in a TCP connection

TCP primarily uses a cumulative acknowledgment scheme, where the receiver sends an acknowledgment signifying that the receiver has received all data preceding the acknowledged sequence number. Essentially, the first data byte in a segment is assigned a sequence number, which is inserted in the sequence number field, and the receiver sends an acknowledgment specifying the sequence number of the next byte they expect to receive. For example, if computer A sends 4 bytes with a sequence number of 100 (conceptually, the four bytes would have a sequence number of 100, 101, 102, & 103 assigned) then the receiver would send back an acknowledgment of 104 since that is the next byte it expects to receive in the next packet. By sending an acknowledgment of 104, the receiver is signaling that it received bytes 100, 101, 102, & 103 correctly. If, by some chance, the last two bytes were corrupted then an acknowledgment value of 102 would be sent since 100 & 101 were received successfully.

In addition to cumulative acknowledgments, TCP receivers can also send selective acknowledgments to provide further information (see selective acknowledgments).

If the sender infers that data has been lost in the network, it retransmits the data. Retransmission is the resending of packets which have been either damaged or lost

Error-free data transfer

Sequence numbers and acknowledgments cover discarding duplicate packets, retransmission of lost packets, and ordered-data transfer. To assure correctness a checksum field is included (see TCP segment structure for details on checksumming). A checksum is a form of Redundancy check, a simple way to protect the integrity of data by detecting errors in data that are sent through space ( Telecommunications

The TCP checksum is a quite weak check by modern standards. Data Link Layers with high bit error rates may require additional link error correction/detection capabilities. If TCP were to be redesigned today, it would most probably have a 32-bit cyclic redundancy check specified as an error check instead of the current checksum. A cyclic redundancy check (CRC is a type of function that takes as input a data stream of any length and produces as output a value of a certain space commonly a 32-bit integer The weak checksum is partially compensated for by the common use of a CRC or better integrity check at layer 2, below both TCP and IP, such as is used in PPP or the Ethernet frame. The Data Link Layer is Layer 2 of the seven-layer OSI model. It responds to service requests from the Network Layer and issues service requests to the In networking, the Point-to-Point Protocol, or PPP, is a data link protocol commonly used to establish a direct connection between two nodes Ethernet is a family of frame -based Computer networking technologies for Local area networks (LANs However, this does not mean that the 16-bit TCP checksum is redundant: remarkably, introduction of errors in packets between CRC-protected hops is common, but the end-to-end 16-bit TCP checksum catches most of these simple errors [2]. The end-to-end principle is one of the central design principles of the Transmission Control Protocol (TCP widely used on the Internet as well as in other protocols This is the end-to-end principle at work. The end-to-end principle is one of the central design principles of the Transmission Control Protocol (TCP widely used on the Internet as well as in other protocols

A Simplified TCP State Diagram. See * TCP EFSM diagram for a more detailed state diagram including the states inside the ESTABLISHED state.
A Simplified TCP State Diagram. See * TCP EFSM diagram for a more detailed state diagram including the states inside the ESTABLISHED state.

Flow control

TCP uses an end-to-end flow control protocol to avoid having the sender send data too fast for the TCP receiver to reliably receive and process it. In Computer networking, flow control is the process of managing the rate of data transmission between two nodes to prevent a fast sender from over running a slow receiver Having a mechanism for flow control is essential in an environment where machines of diverse network speeds communicate. For example, when a fast PC sends data to a slow hand-held PDA, the PDA needs to regulate the influx of data, or protocol software would be overrun quickly. [1] Similarly, flow control is essential if the application that is receiving the data is reading it more slowly than the sending application is sending it.

TCP uses a sliding window flow control protocol. Sliding Window Protocol is a bi-directional Data transmission Protocol in the Data link layer ( OSI model) In each TCP segment, the receiver specifies in the receive window field the amount of additional received data (in bytes) that it is willing to buffer for the connection. The sending host can send only up to that amount of data before it must wait for an acknowledgment and window update from the receiving host.

TCP sequence numbers and receive windows behave very much like a clock. The receive window shifts each time the receiver receives and acknowledges a new segment of data. Once it runs out of sequence numbers, the sequence number loops back to 0.
TCP sequence numbers and receive windows behave very much like a clock. The receive window shifts each time the receiver receives and acknowledges a new segment of data. Once it runs out of sequence numbers, the sequence number loops back to 0.

When a receiver advertises a window size of 0, the sender stops sending data and starts the persist timer. The persist timer is used to protect TCP from a deadlock situation that could arise if the window size update from the receiver is lost and the receiver has no more data to send while the sender is waiting for the new window size update. A deadlock is a situation wherein two or more competing actions are waiting for the other to finish and thus neither ever does When the persist timer expires the TCP sender sends a small packet so that the receiver sends an acknowledgement with the new window size.

If a receiver is processing incoming data in small increments, it may repeatedly advertise a small receive window. This referred to as the silly window syndrome, since it is inefficient to send only a few bytes of data in a TCP segment, given the relatively large overhead of the TCP header. Silly window syndrome is a problem in Computer networking caused by poorly-implemented TCP Flow control. TCP senders and receivers typically employ flow control logic to specifically avoid repeatedly sending small segments. The sender-side silly window syndrome avoidance logic is referred to as Nagle's algorithm. Nagle's algorithm, named after John Nagle is a means of improving the efficiency of TCP/IP networks by reducing the number of packets that need to be sent over the network

Congestion control

The final main aspect of TCP is congestion control. This article concerns telecommunications traffic For road traffic see Traffic congestion. TCP uses a number of mechanisms to achieve high performance and avoid 'congestion collapse', where network performance can fall by several orders of magnitude. Congestive collapse (or congestion collapse) is a condition which a Packet switched Computer network can reach when little or no useful communication is These mechanisms control the rate of data entering the network, keeping the data flow below a rate that would trigger collapse.

Acknowledgments for data sent, or lack of acknowledgments, are used by senders to infer network conditions between the TCP sender and receiver. Coupled with timers, TCP senders and receivers can alter the behavior of the flow of data. This is more generally referred to as congestion control and/or network congestion avoidance.

Modern implementations of TCP contain four intertwined algorithms: Slow-start, congestion avoidance, fast retransmit, and fast recovery (RFC2581). Slow-start is part of the Congestion control strategy used by TCP, the data transmission protocol used by many Internet applications such as HTTP The TCP uses a Network congestion avoidance algorithm that includes various aspects of an additive-increase-multiplicative-decrease (AIMD scheme with other Fast Retransmit is an enhancement to TCP which reduces the time a sender waits before retransmitting a lost segment. Slow-start is part of the Congestion control strategy used by TCP, the data transmission protocol used by many Internet applications such as HTTP

In addition, senders employ a retransmission timer that is based on the estimated round-trip time (or RTT) between the sender and receiver, as well as the variance in this round trip time. In Telecommunications the term round-trip delay time or round-trip time (RTT has the following meanings The elapsed Time for transit The behavior of this timer is specified in RFC 2988. There are subtleties in the estimation of RTT. For example, senders must be careful when calculating RTT samples for retransmitted packets; typically they use Karn's Algorithm or TCP timestamps (see RFC 1323). Karn's Algorithm addresses the problem of getting accurate estimates of the Round-trip time for messages when using TCP. These individual RTT samples are then averaged over time to create a Smoothed Round Trip Time (SRTT) using Jacobson's algorithm. This SRTT value is what is finally used as the round-trip time estimate.

Enhancing TCP to reliably handle loss, minimize errors, manage congestion and go fast in very high-speed environments are ongoing areas of research and standards development. As a result, there are a number of TCP congestion avoidance algorithm variations. The TCP uses a Network congestion avoidance algorithm that includes various aspects of an additive-increase-multiplicative-decrease (AIMD scheme with other

Maximum segment size

The Maximum segment size (MSS) is the largest amount of data, specified in bytes, that TCP is willing to send in a single segment. The maximum segment size ( MSS) is the largest amount of data specified in Bytes that a computer or communications device can handle in a single unfragmented For best performance, the MSS should be set small enough to avoid IP fragmentation, which can lead to excessive retransmissions if there is packet loss. The Internet Protocol allows IP fragmentation so that Datagrams can be fragmented into pieces small enough to pass over a link with a smaller MTU than the To try to accomplish this, typically the MSS is negotiated using the MSS option when the TCP connection is established, in which case it is determined by the maximum transmission unit (MTU) size of the data link layer of the networks to which the sender and receiver are directly attached. In Computer networking, the term Maximum Transmission Unit ( MTU) refers to the size (in Bytes of the largest packet or frame The Data Link Layer is Layer 2 of the seven-layer OSI model. It responds to service requests from the Network Layer and issues service requests to the Furthermore, TCP senders can use Path MTU discovery to infer the minimum MTU along the network path between the sender and receiver, and use this to dynamically adjust the MSS in order to avoid IP fragmentation within the network. Path MTU discovery ( PMTUD) is a technique in Computing for determining the Maximum transmission unit (MTU size on the network path between two IP hosts

Selective acknowledgments

Relying purely on the cumulative acknowledgment scheme employed by the original TCP protocol can lead to inefficiencies when packets are lost. For example, suppose 10,000 bytes are sent in 10 different TCP packets, and the first packet is lost during transmission. In a pure cumulative acknowledgment protocol, the receiver cannot say that it received bytes 1,000 to 9,999 but only that it failed to receive the first packet, containing bytes 0 to 999. Thus the sender would then have to resend all 10,000 bytes.

In order to solve this problem TCP employs the selective acknowledgment (SACK) option, defined in RFC 2018, which allows the receiver to acknowledge discontiguous blocks of packets that were received correctly, in addition to the sequence number of the last contiguous byte received successively, as in the basic TCP acknowledgment. The acknowledgement can specify a number of SACK blocks, where each SACK block is conveyed by the starting and ending sequence numbers of a contiguous range that the receiver correctly received. In the example above, the receiver would send SACK with sequence numbers 1,000 and 10,000. The sender will thus retransmit only the first packet, bytes 0 to 999.

The SACK option is not mandatory and it is used only if both parties support it. This is negotiated when connection is established. SACK uses the optional part of the TCP header (see TCP segment structure for details). The use of SACK is widespread - all popular TCP stacks support it. Selective acknowledgment is also used in SCTP. In Computer networking, the Stream Control Transmission Protocol (SCTP is a Transport Layer protocol, serving in a similar role as the popular protocols

Window scaling

Main article: TCP window scale option

For more efficient use of high bandwidth networks, a larger TCP window size may be used. The TCP window scale option is an option to increase the TCP receive window size above its maximum value of 65536 bytes The TCP window size field controls the flow of data and is limited to between 2 and 65,535 bytes.

Since the size field cannot be expanded, a scaling factor is used. The TCP window scale option, as defined in RFC 1323, is an option used to increase the maximum window size from 65,535 bytes to 1 Gigabyte. The TCP window scale option is an option to increase the TCP receive window size above its maximum value of 65536 bytes Scaling up to larger window sizes is a part of what is necessary for TCP Tuning. TCP tuning techniques adjust some parameters of TCP connection over high-bandwidth high-latency networks

The window scale option is used only during the TCP 3-way handshake. The window scale value represents the number of bits to left-shift the 16-bit window size field. The window scale value can be set from 0 (no shift) to 14.

Many routers and packet firewalls rewrite the window scaling factor during a transmission. This causes sending and receiving sides to assume different TCP window sizes. The result is non-stable traffic that is very slow. The problem is visible on some sending and receiving sites which are behind the path of broken routers.

TCP window scaling can be a particular problem on Linux and Windows Vista systems. Linux (commonly pronounced ˈlɪnəks Windows Vista (ˈvɪstə is a line of Operating systems developed by Microsoft for use on Personal computers including home and business desktops

TCP Timestamps

TCP timestamps, defined in RFC 1323, help TCP compute the round-trip time between the sender and receiver. In Telecommunications the term round-trip delay time or round-trip time (RTT has the following meanings The elapsed Time for transit Timestamp options include a 4-byte timestamp value, where the sender inserts its current value of its timestamp clock, and a 4-byte echo reply timestamp value, where the receiver generally inserts the most recent timestamp value that it has received. The sender uses the echo reply timestamp in an acknowledgment to compute the total elapsed time since the acknowledged segment was sent. [1]

TCP timestamps are also used to help in the case where TCP sequence numbers encounter their 232 bound and "wrap around" the sequence number space. This scheme is known as Protect Against Wrapped Sequence numbers, or PAWS (see RFC 1323 for details).

Out of Band Data

You are able to interrupt or abort the queued stream instead of waiting for the stream to finish. This is done by specifying the data as urgent. This will tell the receiving program to process it immediately, along with the rest of the urgent data. When finished, TCP informs the application and resumes back to the stream queue. An example is when TCP is used for a remote login session, the user can send a keyboard sequence that interrupts or aborts the program at the other end. These signals are most often needed when a program on the remote machine fails to operate correctly. The signals must be sent without waiting for the program to finish its current transfer. [1]

Unfortunately, TCP OOB data was not designed for the modern internet. The urgent pointer only alters the processing on the remote host and doesn't expedite any processing on the network itself. When it gets to the remote host there are two slightly different interpretations of the protocol which means only single bytes of OOB data are reliable. This is assuming it's reliable at all as it's one of the least commonly used protocol elements and tends to be poorly implemented.

Forcing Data Delivery

Normally, TCP waits for the buffer to exceed the maximum segment size before sending any data. This creates serious delays when the two sides of the connection are exchanging short messages and need to receive the response before continuing. For example, the login sequence at the beginning of a session begins with the short message "Login," and the session cannot make any progress until these five characters have been transmitted and the response has been received. This process can be seriously delayed by TCP's normal behavior.

However, an application can force delivery of octets to the output stream using a push operation provided by TCP to the application layer. [1] This operation also causes TCP to set the PSH flag or control bit to ensure that data will be delivered immediately to the application layer by the receiving transport layer.

In the most extreme cases, for example when a user expects each keystroke to be echoed by the receiving application, the push operation can be used each time a keystroke occurs. More generally, application programs use this function to force output to be sent after writing a character or line of characters. By forcing the data to be sent immediately, delays and wait time are reduced.

Connection termination

The connection termination phase uses, at most, a four-way handshake, with each side of the connection terminating independently. In Information technology, Telecommunications, and related fields handshaking is an automated process of negotiation that dynamically sets parameters of When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. Therefore, a typical tear down requires a pair of FIN and ACK segments from each TCP endpoint.

A connection can be "half-open", in which case one side has terminated its end, but the other has not. The side that has terminated can no longer send any data into the connection, but the other side can.

It is also possible to terminate the connection by a 3-way handshake, when host A sends a FIN and host B replies with a FIN & ACK (merely combines 2 steps into one) and host A replies with an ACK. [3] This is perhaps the most common method.

It is possible for both hosts to send FINs simultaneously then both just have to ACK. This could possibly be considered a 2-way handshake since the FIN/ACK sequence is done in parallel for both directions.

Some host TCP stacks may implement a "half-duplex" close sequence, as Linux or HP-UX do. Linux (commonly pronounced ˈlɪnəks HP-UX (Hewlett Packard UniX is Hewlett-Packard 's proprietary implementation of the Unix Operating system, based on System V (initially If such a host actively closes a connection but still has not read all the incoming data the stack already received from the link, this host will send a RST instead of a FIN (Section 4. 2. 2. 13 in RFC 1122). This allows a TCP application to be sure that the remote application has read all the data the former sent - waiting the FIN from the remote side when it will actively close the connection. Unfortunatelly, the remote TCP stack cannot distinguish between a Connection Aborting RST and this Data Loss RST - both will make the remote stack to throw away all the data it received, but the application still didn't read.

Some application protocols may violate the OSI model layers, using the TCP open/close handshaking for the application protocol open/close handshaking - these may find the RST problem on active close. The Open Systems Interconnection Basic Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer Network protocol As an example:

s = connect(remote);send (s, data);close(s);

For a usual program flow like above, a TCP/IP stack like that described above does not guarantee that all the data will arrive to the other application unless the programmer is sure that the remote side will not send anything.

Vulnerabilities

Vulnerability to Denial of Service

By using a spoofed IP address and repeatedly sending purposely assembled SYN packets attackers can cause the server to consume large amounts of resources keeping track of the bogus connections. In Computer networking, a mangled or invalid packet is a packet &mdashespecially IP packet&mdashwhich lacks sound order self-coherence or content This is known as a SYN flood attack. A SYN flood is a form of Denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system Proposed solutions to this problem include SYN cookies and Cryptographic puzzles. SYN Cookies are the key element of a technique used to guard against SYN flood attacks

Connection hijacking

An attacker who is able to eavesdrop a TCP session and redirect packets can hijack a TCP connection. To do so, the attacker learns the sequence number from the ongoing communication and forges a false packet that looks like the next packet in the stream. Such a simple hijack can result in one packet being erroneously accepted at one end. When the receiving host acknowledges the extra packet to the other side of the connection, synchronization is lost. Hijacking might be combined with ARP or routing attacks that allow taking control of the packet flow, so as to get permanent control of the hijacked TCP connection. [4]

Impersonating a different IP address was possible prior to RFC 1948, when the initial sequence number was easily guessable. That allowed an attacker to blindly send a sequence of packets that the receiver would believe to come from a different IP address, without the need to deploy ARP or routing attacks: it is enough to ensure that the legitimate host of the impersonated IP address is down, or bring it to that condition using denial of service attacks. This is why the sequence number is chosen at random.

TCP ports

TCP uses the notion of port numbers to identify sending and receiving application end-points on a host, or Internet sockets. In Computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint used by Transport Layer protocols An Internet socket (or commonly a network socket or socket) is an end-point of a bidirectional process-to-process communication flow across an IP Each side of a TCP connection has an associated 16-bit unsigned port number (1-65535) reserved by the sending or receiving application. Arriving TCP data packets are identified as belonging to a specific TCP connection by its sockets, that is, the combination of source host address, source port, destination host address, and destination port. This means that a server computer can provide several clients with several services simultaneously, as long as a client takes care of initiating any simultaneous connections to one destination port from different source ports.

Port numbers are categorized into three basic categories: well-known, registered, and dynamic/private. The well-known ports are assigned by the Internet Assigned Numbers Authority (IANA) and are typically used by system-level or root processes. The Internet Assigned Numbers Authority (IANA is the entity that oversees global IP address allocation, DNS root zone management, media types Well-known applications running as servers and passively listening for connections typically use these ports. Some examples include: FTP (21), ssh (22), TELNET (23), SMTP (25) and HTTP (80). Secure Shell or SSH is a Network protocol that allows data to be exchanged using a Secure channel between two networked devices Telnet ( Tel ecommunication net work is a Network protocol used on the Internet or local area network (LAN connections Simple Mail Transfer Protocol ( SMTP) is a De facto standard for electronic mail (e-mail transmissions across the Internet. Hypertext Transfer Protocol ( HTTP) is a Communications protocol for the transfer of information on the Internet. Registered ports are typically used by end user applications as ephemeral source ports when contacting servers, but they can also identify named services that have been registered by a third party. Dynamic/private ports can also be used by end user applications, but are less commonly so. Dynamic/private ports do not contain any meaning outside of any particular TCP connection.

Development of TCP

Main article: TCP congestion avoidance algorithm

TCP is a complex and evolving protocol. The TCP uses a Network congestion avoidance algorithm that includes various aspects of an additive-increase-multiplicative-decrease (AIMD scheme with other However, while significant enhancements have been made and proposed over the years, its most basic operation has not changed significantly since its first specification RFC 675 in 1974, and the v4 specification RFC 793, published in September 1981. Year 1981 ( MCMLXXXI) was a Common year starting on Thursday (link displays the 1981 [3] RFC 1122, Host Requirements for Internet Hosts, clarified a number of TCP protocol implementation requirements. RFC 2581, TCP Congestion Control, one of the most important TCP related RFCs in recent years, describes updated algorithms to be used in order to avoid undue congestion. In 2001, RFC 3168 was written to describe explicit congestion notification (ECN), a congestion avoidance signalling mechanism. Explicit Congestion Notification ( ECN) is an extension to the Internet Protocol and is defined in RFC 3168 (2001 Explicit Congestion Notification ( ECN) is an extension to the Internet Protocol and is defined in RFC 3168 (2001

The original TCP congestion avoidance algorithm was known as "TCP Tahoe", but many alternative algorithms have since been proposed (including TCP Reno, Vegas, FAST TCP, New Reno, and Hybla). The TCP uses a Network congestion avoidance algorithm that includes various aspects of an additive-increase-multiplicative-decrease (AIMD scheme with other The TCP uses a Network congestion avoidance algorithm that includes various aspects of an additive-increase-multiplicative-decrease (AIMD scheme with other TCP Vegas is a TCP Congestion control, or Network congestion avoidance, Algorithm that emphasizes packet delay rather than packet FAST TCP is a new TCP congestion avoidance algorithm especially targeted at high-speed long-distance links developed at the Netlab California Institute of Technology

Another scheme looked how to engineer various extensions into TCP. TCP Interactive (iTCP) allows applications to subscribe to TCP events and respond accordingly enabling various functional extensions to TCP from outside TCP layer including application assisted congestion control.

TCP over wireless

TCP has been optimized for wired networks. Any packet loss is considered to be the result of congestion and the congestion window size is reduced dramatically as a precaution. Packet loss occurs when one or more packets of data traveling across a Computer network fail to reach their destination However, wireless links are known to experience sporadic and usually temporary losses due to fading, shadowing, hand off, and other radio effects, that cannot be considered congestion. After the (erroneous) back-off of the congestion window size, due to wireless packet loss, there can be a congestion avoidance phase with a conservative decrease in window size. This causes the radio link to be underutilized. Extensive research has been done on the subject of how to combat these harmful effects. Suggested solutions can be categorized as end-to-end solutions (which require modifications at the client and/or server), link layer solutions (such as RLP in CDMA2000), or proxy based solutions (which require some changes in the network without modifying end nodes). Radio Link Protocol ( RLP) is an automatic repeat request ( ARQ) fragmentation protocol used over a wireless (typically cellular air interface CDMA2000 is a hybrid 25G / 3G technology of mobile Telecommunications standards that use CDMA, a multiple access scheme for Digital

Hardware TCP implementations

One way to overcome the processing power requirements of TCP is to build hardware implementations of it, widely known as TCP Offload Engines (TOE). TCP Offload Engine or TOE is a technology used in Network interface cards to offload processing of the entire TCP/IP stack to the network controller The main problem of TOEs is that they are hard to integrate into computing systems, requiring extensive changes in the operating system of the computer or device. The first company to develop such a device was Alacritech. Alacritech is a networking company based in the United States.

Debugging TCP

A packet sniffer, which intercepts TCP traffic on a network link, can be useful in debugging networks, network stacks and applications which use TCP by showing the user what packets are passing through a link. Some networking stacks support the SO_DEBUG socket option, which can be enabled on the socket using setsockopt. That option dumps all the packets, TCP states and events on that socket which will be helpful in debugging. netstat is another utility that can be used for debugging. netstat ( net work stat istics is a command-line tool that displays network connections (both incoming and outgoing routing

Alternatives to TCP

For many applications TCP is not appropriate. One big problem (at least with normal implementations) is that the application cannot get at the packets coming after a lost packet until the retransmitted copy of the lost packet is received. This causes problems for real-time applications such as streaming multimedia (such as Internet radio), real-time multiplayer games and voice over IP (VoIP) where it is sometimes more useful to get most of the data in a timely fashion than it is to get all of the data in order. Internet radio (also known as web radio, net radio, streaming radio and e-radio) is an audio Broadcasting service transmitted via Voice-over-Internet protocol ( VoIP, vɔɪp is a protocol optimized for the transmission of voice through the Internet

For both historical and performance reasons, most storage area networks (SANs) prefer to use Fibre Channel protocol (FCP) instead of TCP/IP. In Information technology, a storage area network ( SAN) is an architecture to attach remote computer storage devices (such as Disk arrays tape libraries Fibre Channel, or FC, is a Gigabit -speed network technology primarily used for Storage networking.

Also for embedded systems, network booting and servers that serve simple requests from huge numbers of clients (e. An embedded system is a special-purpose Computer system designed to perform one or a few dedicated functions often with Real-time computing constraints Network booting is the process of Booting a Computer from a network rather than a local drive g. DNS servers) the complexity of TCP can be a problem. The Domain Name System (DNS is a hierarchical naming system for computers services or any resource participating in the Internet. Finally some tricks such as transmitting data between two hosts that are both behind NAT (using STUN or similar systems) are far simpler without a relatively complex protocol like TCP in the way. In Computer networking network address translation (NAT is the process of modifying Network address information in datagram packet headers while in transit across Simple Traversal of User Datagram Protocol through Network Address Translators (NATs (abbreviated STUN) is a standards-based IP protocol used as one of the methods

Generally where TCP is unsuitable the User Datagram Protocol (UDP) is used. User Datagram Protocol ( UDP) is one of the core protocols of the Internet Protocol Suite. This provides the application multiplexing and checksums that TCP does, but does not handle building streams or retransmission giving the application developer the ability to code those in a way suitable for the situation and/or to replace them with other methods like forward error correction or interpolation. For multiplexing in electronics and signal processing see Multiplexer. In Telecommunication and Information theory, forward error correction (FEC is a System of Error control for Data transmission, whereby In the context of Computer animation, interpolation refers to the use of (usually piecewise Polynomial interpolation to draw images semi-automatically

SCTP is another IP protocol that provides reliable stream oriented services not so dissimilar from TCP. In Computer networking, the Stream Control Transmission Protocol (SCTP is a Transport Layer protocol, serving in a similar role as the popular protocols It is newer and considerably more complex than TCP so has not yet seen widespread deployment. However, it is especially designed to be used in situations where reliability and near-real-time considerations are important.

Venturi Transport Protocol (VTP) is a patented proprietary protocol that is designed to replace TCP transparently in order to overcome perceived inefficiencies related to wireless data transport. Venturi Transport Protocol ( VTP) is a patented proprietary Transport layer protocol that is designed to transparently replace TCP in order to overcome inefficiencies

TCP also has some issues in high bandwidth utilization environments. The TCP congestion avoidance algorithm works very well for ad-hoc environments where it is not known who will be sending data, but if the environment is predictable, a timing based protocol such as ATM can avoid the overhead of the retransmits that TCP needs. The TCP uses a Network congestion avoidance algorithm that includes various aspects of an additive-increase-multiplicative-decrease (AIMD scheme with other In electronic digital data transmission systems the Network protocol Asynchronous Transfer Mode (ATM encodes data traffic into small fixed-sized cells

Fields used to compute the checksum

TCP checksum using IPv4

When TCP runs over IPv4, the method used to compute the checksum is defined in RFC 793:

The checksum field is the 16 bit one's complement of the one's complement sum of all 16-bit words in the header and text. Internet Protocol version 4 ( IPv4) is the fourth revision in the development of the Internet Protocol (IP and it is the first version of the protocol to be widely If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16-bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.

In other words, all 16-bit words are summed together using one's complement (with the checksum field set to zero). In Mathematics, negative numbers in any base are represented in the usual way by prefixing them with a "&minus" sign The sum is then one's complemented. This final value is then inserted as the checksum field. Algorithmically speaking, this is the same as for IPv6. Internet Protocol version 6 ( IPv6) is an Internet Layer protocol for packet -switched internetworks. The difference is in the data used to make the checksum. When computing the checksum, a pseudo-header that mimics the IPv4 header is shown in the table below.

TCP pseudo-header (IPv4)
Bit offsetBits 0–34–78–1516–31
0Source address
32Destination address
64ZerosProtocolTCP length
96Source portDestination port
128Sequence number
160Acknowledgement number
192Data offsetReservedFlagsWindow
224ChecksumUrgent pointer
256Options (optional)
256/288+ 
Data
 

The source and destination addresses are those in the IPv4 header. The protocol is that for TCP (see List of IPv4 protocol numbers): 6. The TCP length field is the length of the TCP header and data.

TCP checksum using IPv6

When TCP runs over IPv6, the method used to compute the checksum is changed, as per RFC 2460:

Any transport or other upper-layer protocol that includes the addresses from the IP header in its checksum computation must be modified for use over IPv6, to include the 128-bit IPv6 addresses instead of 32-bit IPv4 addresses. Internet Protocol version 6 ( IPv6) is an Internet Layer protocol for packet -switched internetworks.

When computing the checksum, a pseudo-header that mimics the IPv6 header is shown in the table below.

TCP pseudo-header (IPv6)
Bit offsetBits 0 - 78–1516–2324–31
0Source address
32
64
96
128Destination address
160
192
224
256TCP length
288ZerosNext header
320Source portDestination port
352Sequence number
384Acknowledgement number
416Data offsetReservedFlagsWindow
448ChecksumUrgent pointer
480Options (optional)
480/512+ 
Data
 

See also

References

  1. ^ a b c d e f g h i j Comer, Douglas E. (2006). A Connection-oriented networking protocol is one that delivers a stream of data in the same order as it was sent after first establishing a Communication session. T/TCP (Transactional TCP) is a variant of the TCP protocolIt is an experimental TCP extension for efficient transaction-oriented (request/response service In Computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint used by Transport Layer protocols The Transmission Control Protocol ( TCP) and the User Datagram Protocol ( UDP) are Transport Layer protocols of the Internet Protocol The TCP uses a Network congestion avoidance algorithm that includes various aspects of an additive-increase-multiplicative-decrease (AIMD scheme with other Nagle's algorithm, named after John Nagle is a means of improving the efficiency of TCP/IP networks by reducing the number of packets that need to be sent over the network Karn's Algorithm addresses the problem of getting accurate estimates of the Round-trip time for messages when using TCP. In Computer networking, the term Maximum Transmission Unit ( MTU) refers to the size (in Bytes of the largest packet or frame The Internet Protocol allows IP fragmentation so that Datagrams can be fragmented into pieces small enough to pass over a link with a smaller MTU than the The maximum segment size ( MSS) is the largest amount of data specified in Bytes that a computer or communications device can handle in a single unfragmented Silly window syndrome is a problem in Computer networking caused by poorly-implemented TCP Flow control. Transmission Control Protocol (TCP accepts data from a data stream 'segments' it into chunks and adds a TCP header creating a TCP segment A TCP sequence prediction attack is an attempt to predict the sequence number used to identify the packets in a TCP connection A SYN flood is a form of Denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system SYN Cookies are the key element of a technique used to guard against SYN flood attacks TCP tuning techniques adjust some parameters of TCP connection over high-bandwidth high-latency networks Path MTU discovery ( PMTUD) is a technique in Computing for determining the Maximum transmission unit (MTU size on the network path between two IP hosts tcphdr is a Struct (structure in the C programming language. The tcphdr struct is used as a template to form a TCP header in a Raw socket tags please moot on the talk page first! --> In Computing, C is a general-purpose cross-platform block structured In Computer networking, the Stream Control Transmission Protocol (SCTP is a Transport Layer protocol, serving in a similar role as the popular protocols In Computer networking, the Transport Layer is a group of methods and protocols within a layered architecture of network components within which it is responsible for encapsulating Douglas Earl Comer (known as Douglas E Comer or Douglas Comer is a writer and professor best known for his work in the early development of the Internet. Internetworking with TCP/IP:Principles, Protocols, and Architecture, 5th 1, Prentice Hall. ISBN 0130905526.  
  2. ^ Stone & Partridge (2000), “When The CRC and TCP Checksum Disagree”, SIGCOMM, <http://citeseer.ist.psu.edu/stone00when.html> 
  3. ^ Tanenbaum, Andrew S. (2003-03-17). Andrew Stuart "Andy" Tanenbaum (sometimes referred to by the handle ast) (born 1944 is a Professor of Computer science at the Vrije Computer Networks, Fourth Edition, Prentice Hall. ISBN 0-13-066102-3.  
  4. ^ Laurent Joncheray, Simple Active Attack Against TCP, 1995 [1]

Further reading

External links

Dictionary

Transmission Control Protocol

-noun

  1. (computing) (Internet) A networking protocol, almost always layered on top of the Internet Protocol, that provides reliable, connection based communications.
© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
 Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic