TCP header format
tcp data is encapsulated in an IP packet, udp and the like, in the data portion of the IP packet. Tcp packet format is as follows:
Source port number and destination port number (address) and the like udp, the originating and terminating looking for the application process. Adding these two values in the IP header source IP address and destination IP address is a uniquely determined , network programming, typically a combination of IP address and a port number is called a socket (Socket) .
Number (SEQ) : used for identifying originating from the TCP receiving side sends a TCP data stream of bytes, which indicates the first data byte in this segment of . Tcp tcp in the sequence number with each byte count (the value of the transmission frame number does not matter, but a relationship between the number of bytes of data sent will be described later).
Acknowledgment sequence number (SEQ +. 1) : comprising one end of a transmission acknowledgment sequence number of the next expected received . Thus, it should be the last acknowledgment sequence number have been successfully received byte of data plus a number (not a simple number plus 1, further comprising a number of data bytes).
Header length: length of the header portion of a recording tcp packets, typically 20 bytes, the actual value is divided by 4 led portion length.
The following is a sign bit corresponding to a function:
the URG: Urgent Pointer (urgent pointer) effective.
ACK: acknowledgment number is valid.
PSH: receiver should this segment to the application layer as soon as possible.
RST: reconnection.
SYN: Synchronous serial number to initiate a connection.
FIN: start to finish sending.
Window size: used for flow control.
And inspection: Inspection and covering the whole of the TCP segment: TCP header and TCP data, and udp similar need to calculate the pseudo-header.
(1) Each segment includes a TCP source and destination port number, and for finding application process of sending and receiving ends . These two values together with the source IP address and the IP header destination IP address to uniquely identify a TCP connection.
(2) from the number used to identify the TCP sender to the receiver sends the data byte stream, which represents the first data byte in this segment of. If viewed as a stream of bytes between the two one-way flow of the application, the TCP counted for each byte sequence number (SEQ) .
(3) when establishing a new connection, SYN flag becomes 1. The sequence number field contains the sequence number of the host to select an initial connection ISN, the first byte of the data to be transmitted to the host for the ISN sequence number plus 1, because the use of a SYN flag number.
The next received sequence number (4) Since each byte to be transferred are counted, the acknowledgment number of acknowledgment comprises transmitting a desired end. Thus, when the acknowledgment number should be the last data byte has been successfully received sequence number by 1. 1 only the ACK flag acknowledgment number field is valid. (ACK)
(. 5) sends an ACK without any cost, since the same 32-bit acknowledgment number field and ACK flags, always a part of TCP header. Thus, once a connection is established, this field is always set, the ACK flag is always set to 1.
(6) TCP provides full-duplex service to the application layer . Thus, each end of the connection must transfer data number in each direction.
(7) TCP can be described as a no choice to confirm or deny the sliding window protocol . Thus the acknowledgment sequence number TCP header indicates the sender has successfully received byte, but not containing the byte sequence number acknowledgment refers. The current can not confirm the selected portion of the data stream.
(8) to set the header length, because the length of the optional field is variable. TCP header up to 60 bytes.
(9) 6 flag bits in the plurality may be simultaneously set. 1
◆ URG- urgent pointer is valid
◆ ACK-valid confirmation number
◆ PSH - recipient shall this segment as soon as possible to the application layer
◆ RST- reconnection
◆ SYN- to initiate a connection sequence number synchronization
◆ FIN- finish sending the sending end
(10) TCP's flow control is connected at each end by a window size is provided by declaration . Window size is the number of bytes starting at the confirmation value field indicates the sequence number, this value is the desired number of bytes received by the receiving end. 16 is a window size field, and thus the maximum window size is 65535 bytes.
(11) Inspection and covering the entire TCP packet end: TCP header and TCP data. This is a mandatory field, it must be calculated and stored by the sender, verification by the receiving end. TCP and UDP checksum calculation and header checksum calculation, as also the use of pseudo-header.
(12) the urgent pointer is a positive offset value is added to the sequence number field indicates the last byte of urgent data number. Emergency mode is a TCP transmitting side to the other end of the transmission of emergency data in a way .
(13) The most common optional field is the longest packet size of the MMS , connecting each side are typically specified in the option in the first communication segment. It indicates the maximum length of the segment can receive this end.
Wireshark packet capture TCP structure
Using a tcp wireshark fetch packet, to view the detailed data and the actual data structures:
TCP is a connection-oriented, reliable transport layer protocol is byte-oriented.
Connection-oriented: Connection-oriented means that applications using tcp must first establish a connection before transmitting data, such as phone calls, first dial and wait for a response before beginning to speak.
Reliability: tcp agreement to improve the reliability of the following ways:
· 1. The application data is divided into TCP deemed most appropriate data blocks sent . This is completely different UDP datagram length generated by the application will remain unchanged. Passed by the TCP to IP information units called segment or segments. (Fixed length)
· 2. When TCP sends a segment, it starts a timer and wait for the destination to acknowledge receipt of this segment. If you can not receive a confirmation, it will retransmit this segment. (Retransmission timer)
· 3. When the TCP connection is received from the bottom of the other end of the TCP data, it sends an acknowledgment. This acknowledgment is not sent immediately, usually postpone fraction of a second. (Acknowledgments)
· 4.TCP test and it will keep the header and data. This test is an end and the aim of detecting any change in the data transmission process. If you receive a section of the test and an error, TCP discards this segment and do not acknowledge receipt of this segment (want to start a timeout and retransmits). (Inspection and longer inspection)
· 5. Since the TCP segment as the IP datagram transmission, to reach the IP datagram may be out of order, so the arrival of TCP segments may also be out of order. If necessary, the data received by the TCP will reorder the data will be received in the correct order to the application layer. (Reorder if necessary)
· 6. Repeat Since IP datagrams can occur, the receiving TCP must discard duplicate data. (De-emphasis)
· 7.TCP also provides flow control. Each TCP connection has a fixed side buffer space size. Receiving TCP only allows the other end of the transmitting and receiving end can receive the data buffer. This will prevent the buffer faster host resulting in slower host overflow. (flow control)
Byte stream : two applications exchanging connection via TCP byte stream consisting of 8 bit bytes.
Further, TCP byte stream of the content without any explanation. TCP byte stream does not know the data transmission of binary data or ASCII characters or other types of data. Interpretation of the byte stream from the TCP application layer both connected explained.
