tcp - transmission control protocol

tl;dr

Protocol:TCP (Transmission Control Protocol)
Layer:Transport (Layer 4)
IP Protocol:6
Service Model:Reliable, ordered, byte-stream delivery
Key RFCs:RFC 793, RFC 9293 (current standard)
Header Size:20-60 bytes (20 base + up to 40 options)

overview

tcp provides a reliable, connection-oriented, byte-stream service atop the best-effort ip layer. it ensures ordered delivery, retransmission of lost data, flow control, and congestion control - making it the foundation for most internet applications requiring reliability.

this comprehensive guide covers:

  • tcp fundamentals and service model
  • connection lifecycle (establishment, data transfer, termination)
  • reliability mechanisms and retransmission
  • flow control and congestion control algorithms
  • performance optimizations and extensions
  • security considerations
  • implementation details and troubleshooting

quick navigation

learning path

Key Highlights

protocol specifications

Key Highlights

advanced topics

Key Highlights

  • performance extensions - window scaling, timestamps, sack (covered in protocol specs)
  • tcp fast open - zero-rtt connection establishment
  • ecn support - explicit congestion notification (see congestion control)
  • security hardening - syn cookies, rst attacks, hijacking (see connection lifecycle)
  • troubleshooting - debugging tools and techniques (see each guide section)

tcp header structure

tl;dr

Offset0-1516-31
0Source Port (16 bits)Destination Port (16 bits)
32Sequence Number (32 bits)
64Acknowledgment Number (32 bits)
96Data Offset (4) | Reserved (3) | Flags (9)Window Size (16 bits)
128Checksum (16 bits)Urgent Pointer (16 bits)
160+Options (0-320 bits) + Padding

tcp flags (9 bits)

tl;dr

NSECN Nonce SumCWRCongestion Window ReducedECEECN Echo
URGUrgentACKAcknowledgmentPSHPush
RSTResetSYNSynchronizeFINFinish

key concepts

reliability guarantees

tcp provides several reliability guarantees that distinguish it from udp:

  1. ordered delivery - data arrives in the same order it was sent
  2. no loss - lost segments are detected and retransmitted
  3. no duplication - duplicate segments are detected and discarded
  4. no corruption - checksums ensure data integrity
  5. flow control - receiver controls sender’s rate to prevent overflow
  6. congestion control - adapts to network conditions

connection states

tcp connections progress through well-defined states:

tl;dr

CLOSEDNo connection exists
LISTENServer waiting for connection
SYN-SENTClient initiated connection
SYN-RECEIVEDServer received SYN, sent SYN-ACK
ESTABLISHEDConnection open, data transfer
FIN-WAIT-1/2Closing states
TIME-WAITEnsuring remote received final ACK

performance considerations

tcp performance depends on several factors:

  • round-trip time (rtt) - affects acknowledgment timing
  • bandwidth-delay product - determines optimal window size
  • packet loss rate - triggers retransmissions and congestion control
  • window size - limits outstanding unacknowledged data
  • mss (maximum segment size) - affects efficiency

common tcp options

tl;dr

MSSMaximum Segment Size negotiation
Window ScaleExtend window beyond 64KB
SACKSelective Acknowledgment
TimestampsRTT measurement and PAWS
TFOTCP Fast Open cookie

implementation notes

socket api

tcp is typically accessed through the socket api:

// server
int listen_sock = socket(AF_INET, SOCK_STREAM, 0);
bind(listen_sock, ...);
listen(listen_sock, backlog);
int conn_sock = accept(listen_sock, ...);

// client
int sock = socket(AF_INET, SOCK_STREAM, 0);
connect(sock, server_addr, ...);

// data transfer
send(sock, data, len, flags);
recv(sock, buffer, size, flags);

kernel parameters

key linux tcp parameters for tuning:

# congestion control algorithm
net.ipv4.tcp_congestion_control = cubic

# receive/send buffer sizing
net.ipv4.tcp_rmem = 4096 131072 6291456
net.ipv4.tcp_wmem = 4096 16384 4194304

# enable sack
net.ipv4.tcp_sack = 1

# enable window scaling
net.ipv4.tcp_window_scaling = 1

# syn backlog size
net.ipv4.tcp_max_syn_backlog = 4096

debugging and analysis

essential tools

Key Highlights

  • tcpdump/wireshark - packet capture and analysis
  • ss/netstat - socket statistics
  • nstat - network statistics
  • tcptrace - tcp flow analysis
  • iperf3 - performance testing

common issues

  1. connection timeouts - firewall, routing, or server issues
  2. poor performance - small windows, high loss, bufferbloat
  3. connection resets - application errors, timeouts, attacks
  4. syn floods - dos attacks overwhelming server
  5. time-wait accumulation - rapid connection churn

references and standards

core rfcs

  • rfc 793 - original tcp specification (1981)
  • rfc 9293 - tcp specification (2022, current)
  • rfc 7323 - tcp extensions for high performance
  • rfc 2018 - tcp selective acknowledgment
  • rfc 5681 - tcp congestion control
  • rfc 7413 - tcp fast open

learning resources

next steps

start with tcp fundamentals to understand the core concepts, then progress through the connection lifecycle and reliability mechanisms. for implementation details, explore the protocol specifications section.

for practical experience, explore the debugging and monitoring sections in each guide, which provide hands-on exercises using tools like wireshark, tcpdump, and netcat.

on this page