tcp - transmission control protocol
published: September 28, 2025 •
on this page
tl;dr
| Protocol: | TCP (Transmission Control Protocol) |
| Layer: | Transport (Layer 4) |
| IP Protocol: | 6 |
| Service Model: | Reliable, ordered, byte-stream delivery |
| Key RFCs: | RFC 793, RFC 9293 (current standard) |
| Header Size: | 20-60 bytes (20 base + up to 40 options) |
overview
tcp provides a reliable, connection-oriented, byte-stream service atop the best-effort ip layer. it ensures ordered delivery, retransmission of lost data, flow control, and congestion control - making it the foundation for most internet applications requiring reliability.
this comprehensive guide covers:
- tcp fundamentals and service model
- connection lifecycle (establishment, data transfer, termination)
- reliability mechanisms and retransmission
- flow control and congestion control algorithms
- performance optimizations and extensions
- security considerations
- implementation details and troubleshooting
quick navigation
learning path
Key Highlights
- fundamentals - core concepts and service model
- connection lifecycle - establishment and termination
- reliability mechanisms - sequencing, acknowledgments, retransmission
- flow control - sliding window and receiver management
- congestion control - network-aware rate adaptation
protocol specifications
Key Highlights
- header format - detailed header structure
- state machine - connection states and transitions
- three-way handshake - connection establishment details
- sliding window - flow control mechanism
- congestion algorithms - slow start, congestion avoidance
advanced topics
Key Highlights
- performance extensions - window scaling, timestamps, sack (covered in protocol specs)
- tcp fast open - zero-rtt connection establishment
- ecn support - explicit congestion notification (see congestion control)
- security hardening - syn cookies, rst attacks, hijacking (see connection lifecycle)
- troubleshooting - debugging tools and techniques (see each guide section)
tcp header structure
tl;dr
| Offset | 0-15 | 16-31 |
|---|---|---|
| 0 | Source Port (16 bits) | Destination Port (16 bits) |
| 32 | Sequence Number (32 bits) | |
| 64 | Acknowledgment Number (32 bits) | |
| 96 | Data Offset (4) | Reserved (3) | Flags (9) | Window Size (16 bits) |
| 128 | Checksum (16 bits) | Urgent Pointer (16 bits) |
| 160+ | Options (0-320 bits) + Padding | |
tcp flags (9 bits)
tl;dr
| NS | ECN Nonce Sum | CWR | Congestion Window Reduced | ECE | ECN Echo |
| URG | Urgent | ACK | Acknowledgment | PSH | Push |
| RST | Reset | SYN | Synchronize | FIN | Finish |
key concepts
reliability guarantees
tcp provides several reliability guarantees that distinguish it from udp:
- ordered delivery - data arrives in the same order it was sent
- no loss - lost segments are detected and retransmitted
- no duplication - duplicate segments are detected and discarded
- no corruption - checksums ensure data integrity
- flow control - receiver controls sender’s rate to prevent overflow
- congestion control - adapts to network conditions
connection states
tcp connections progress through well-defined states:
tl;dr
| CLOSED | No connection exists |
| LISTEN | Server waiting for connection |
| SYN-SENT | Client initiated connection |
| SYN-RECEIVED | Server received SYN, sent SYN-ACK |
| ESTABLISHED | Connection open, data transfer |
| FIN-WAIT-1/2 | Closing states |
| TIME-WAIT | Ensuring remote received final ACK |
performance considerations
tcp performance depends on several factors:
- round-trip time (rtt) - affects acknowledgment timing
- bandwidth-delay product - determines optimal window size
- packet loss rate - triggers retransmissions and congestion control
- window size - limits outstanding unacknowledged data
- mss (maximum segment size) - affects efficiency
common tcp options
tl;dr
| MSS | Maximum Segment Size negotiation |
| Window Scale | Extend window beyond 64KB |
| SACK | Selective Acknowledgment |
| Timestamps | RTT measurement and PAWS |
| TFO | TCP Fast Open cookie |
implementation notes
socket api
tcp is typically accessed through the socket api:
// server
int listen_sock = socket(AF_INET, SOCK_STREAM, 0);
bind(listen_sock, ...);
listen(listen_sock, backlog);
int conn_sock = accept(listen_sock, ...);
// client
int sock = socket(AF_INET, SOCK_STREAM, 0);
connect(sock, server_addr, ...);
// data transfer
send(sock, data, len, flags);
recv(sock, buffer, size, flags);kernel parameters
key linux tcp parameters for tuning:
# congestion control algorithm
net.ipv4.tcp_congestion_control = cubic
# receive/send buffer sizing
net.ipv4.tcp_rmem = 4096 131072 6291456
net.ipv4.tcp_wmem = 4096 16384 4194304
# enable sack
net.ipv4.tcp_sack = 1
# enable window scaling
net.ipv4.tcp_window_scaling = 1
# syn backlog size
net.ipv4.tcp_max_syn_backlog = 4096debugging and analysis
essential tools
Key Highlights
- tcpdump/wireshark - packet capture and analysis
- ss/netstat - socket statistics
- nstat - network statistics
- tcptrace - tcp flow analysis
- iperf3 - performance testing
common issues
- connection timeouts - firewall, routing, or server issues
- poor performance - small windows, high loss, bufferbloat
- connection resets - application errors, timeouts, attacks
- syn floods - dos attacks overwhelming server
- time-wait accumulation - rapid connection churn
references and standards
core rfcs
- rfc 793 - original tcp specification (1981)
- rfc 9293 - tcp specification (2022, current)
- rfc 7323 - tcp extensions for high performance
- rfc 2018 - tcp selective acknowledgment
- rfc 5681 - tcp congestion control
- rfc 7413 - tcp fast open
learning resources
- tcp/ip illustrated - w. richard stevens
- high performance browser networking - ilya grigorik
- computer networking: a top-down approach - kurose & ross
next steps
start with tcp fundamentals to understand the core concepts, then progress through the connection lifecycle and reliability mechanisms. for implementation details, explore the protocol specifications section.
for practical experience, explore the debugging and monitoring sections in each guide, which provide hands-on exercises using tools like wireshark, tcpdump, and netcat.