tcp fundamentals - core concepts and service model

published: September 28, 2025

learning objectives

after this guide, you will understand:

  • tcp’s service model and core guarantees
  • the tcp header structure and key fields
  • how tcp differs from udp
  • the byte-stream abstraction
  • sequence and acknowledgment number semantics

why tcp exists

the internet protocol (ip) provides best-effort packet delivery - packets can be:

  • lost (dropped by congested routers)
  • duplicated (retransmission ambiguities)
  • reordered (different paths through network)
  • corrupted (bit errors)

many applications need reliable, ordered data delivery. tcp solves this by adding:

  • sequencing - data bytes are numbered
  • acknowledgments - receiver confirms receipt
  • retransmission - lost data is resent
  • flow control - receiver controls sender rate
  • congestion control - adapts to network conditions

tcp service model

guarantees provided

tl;dr

Reliable DeliveryAll data sent is eventually delivered (or connection fails)
In-Order DeliveryBytes arrive in same order they were sent
No DuplicatesEach byte delivered exactly once
Data IntegrityChecksums detect corruption
Connection-OrientedExplicit setup and teardown phases
Full-DuplexBidirectional data flow
Byte StreamNo message boundaries preserved

what tcp does not provide

  • message boundaries - application must add framing
  • timing guarantees - no real-time delivery promises
  • minimum throughput - best-effort bandwidth
  • security - no encryption or authentication (use tls)

tcp vs udp comparison

tl;dr

FeatureTCPUDP
ConnectionConnection-orientedConnectionless
ReliabilityGuaranteed deliveryBest-effort
OrderingIn-order deliveryNo ordering
Header Size20-60 bytes8 bytes
OverheadHigh (acks, retransmits)Low
LatencyHigher (handshake, retransmits)Lower
Use CasesWeb, email, file transferDNS, gaming, streaming

tcp header structure

the tcp header is minimum 20 bytes, with up to 40 bytes of options:

0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          Source Port          |       Destination Port        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Sequence Number                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Acknowledgment Number                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Data |           |U|A|P|R|S|F|                               |
   | Offset| Reserved  |R|C|S|S|Y|I|            Window             |
   |       |           |G|K|H|T|N|N|                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Checksum            |         Urgent Pointer        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

header fields explained

identification fields:

  • source port (16 bits) - sender’s port number
  • destination port (16 bits) - receiver’s port number

sequence control:

  • sequence number (32 bits) - first byte’s position in stream
  • acknowledgment number (32 bits) - next expected byte

control fields:

  • data offset (4 bits) - header length in 32-bit words
  • reserved (3 bits) - must be zero
  • flags (9 bits) - control bits (see below)
  • window (16 bits) - receive window size

error detection:

  • checksum (16 bits) - covers header + data + pseudo-header
  • urgent pointer (16 bits) - offset to urgent data

tcp flags

tl;dr

FlagNamePurpose
SYNSynchronizeInitiate connection, synchronize sequence numbers
ACKAcknowledgmentAcknowledgment field is valid
FINFinishNo more data from sender
RSTResetAbort connection
PSHPushPush data to application immediately
URGUrgentUrgent pointer field is valid
ECEECN EchoECN-Echo (congestion experienced)
CWRCongestion Window ReducedSender reduced congestion window
NSNonce SumECN nonce concealment protection

byte stream abstraction

tcp provides a byte stream service, not a message service:

what this means

  1. no message boundaries - tcp doesn’t preserve application message boundaries
  2. byte numbering - every byte has a sequence number
  3. segmentation - tcp breaks stream into segments for transmission
  4. reassembly - receiver reassembles segments into continuous stream

example

# application writes
send("Hello ")  # 6 bytes
send("World")   # 5 bytes

# tcp might transmit as:
# Segment 1: "Hello Wo"  (8 bytes)
# Segment 2: "rld"       (3 bytes)

# receiver gets continuous stream
recv(1024) -> "Hello World"  # all 11 bytes

implications for applications

  • must add own message framing if needed
  • can’t assume write boundaries match read boundaries
  • may need to buffer partial messages

sequence and acknowledgment numbers

sequence numbers

  • initial sequence number (isn) - randomly chosen at connection start
  • byte position - each byte gets sequential number
  • wrapping - 32-bit field wraps around at 2^32

acknowledgment semantics

  • cumulative acks - ack number = next expected byte
  • acknowledges all prior bytes - ack of 1000 means bytes 0-999 received
  • piggybacking - acks carried with data segments

example exchange

Client                          Server
------                          ------
SEQ=1000, DATA="Hello" (5 bytes)  -->
                                   <-- ACK=1005
SEQ=1005, DATA="World" (5 bytes)  -->
                                   <-- ACK=1010

maximum segment size (mss)

what is mss

  • maximum tcp payload in single segment
  • negotiated during connection establishment
  • typically derived from mtu minus headers

calculation

MTU (Maximum Transmission Unit)     = 1500 bytes (ethernet)
- IP header                          = 20 bytes
- TCP header                         = 20 bytes
----------------------------------------
MSS (Maximum Segment Size)          = 1460 bytes

path mtu discovery

  • determines smallest mtu along path
  • avoids ip fragmentation
  • uses icmp “fragmentation needed” messages

tcp timers

tcp uses several timers to ensure reliability and performance:

tl;dr

TimerPurposeTypical Value
Retransmission (RTO)Retransmit unacked dataDynamic (RTT-based)
Delayed ACKBatch acknowledgments40-200ms
PersistProbe zero window5-60 seconds
Keep-AliveDetect dead connections2 hours (if enabled)
TIME-WAITEnsure connection cleanup2*MSL (60-240s)

typical tcp applications

well-suited for tcp

Key Highlights

  • web (http/https) - reliable page delivery
  • email (smtp/imap/pop3) - message integrity critical
  • file transfer (ftp/sftp) - complete file required
  • remote access (ssh/telnet) - ordered keystrokes
  • database connections - query/response integrity

better with udp

Key Highlights

  • real-time video/audio - old data becomes useless
  • online gaming - latency more important than reliability
  • dns queries - simple request/response
  • dhcp - stateless configuration
  • iot sensors - periodic updates, loss acceptable

practical implications

for developers

  1. don’t assume message boundaries - add framing if needed
  2. handle partial reads/writes - tcp is stream-oriented
  3. tune socket buffers - affects throughput
  4. consider nagle’s algorithm - may delay small writes
  5. understand time-wait - affects rapid connection cycling

for operators

  1. monitor retransmission rates - indicates network problems
  2. check window sizes - may limit throughput
  3. watch for syn floods - dos attack vector
  4. tune kernel parameters - optimize for workload
  5. understand connection states - aids troubleshooting

key takeaways

  • tcp provides reliable, ordered byte-stream delivery over unreliable ip
  • adds significant complexity for reliability guarantees
  • header overhead and control mechanisms trade efficiency for reliability
  • applications must understand byte-stream semantics
  • choice between tcp and udp depends on application requirements

next steps

on this page