tcp fundamentals - core concepts and service model
on this page
learning objectives
after this guide, you will understand:
- tcp’s service model and core guarantees
- the tcp header structure and key fields
- how tcp differs from udp
- the byte-stream abstraction
- sequence and acknowledgment number semantics
why tcp exists
the internet protocol (ip) provides best-effort packet delivery - packets can be:
- lost (dropped by congested routers)
- duplicated (retransmission ambiguities)
- reordered (different paths through network)
- corrupted (bit errors)
many applications need reliable, ordered data delivery. tcp solves this by adding:
- sequencing - data bytes are numbered
- acknowledgments - receiver confirms receipt
- retransmission - lost data is resent
- flow control - receiver controls sender rate
- congestion control - adapts to network conditions
tcp service model
guarantees provided
tl;dr
| Reliable Delivery | All data sent is eventually delivered (or connection fails) |
| In-Order Delivery | Bytes arrive in same order they were sent |
| No Duplicates | Each byte delivered exactly once |
| Data Integrity | Checksums detect corruption |
| Connection-Oriented | Explicit setup and teardown phases |
| Full-Duplex | Bidirectional data flow |
| Byte Stream | No message boundaries preserved |
what tcp does not provide
- message boundaries - application must add framing
- timing guarantees - no real-time delivery promises
- minimum throughput - best-effort bandwidth
- security - no encryption or authentication (use tls)
tcp vs udp comparison
tl;dr
| Feature | TCP | UDP |
| Connection | Connection-oriented | Connectionless |
| Reliability | Guaranteed delivery | Best-effort |
| Ordering | In-order delivery | No ordering |
| Header Size | 20-60 bytes | 8 bytes |
| Overhead | High (acks, retransmits) | Low |
| Latency | Higher (handshake, retransmits) | Lower |
| Use Cases | Web, email, file transfer | DNS, gaming, streaming |
tcp header structure
the tcp header is minimum 20 bytes, with up to 40 bytes of options:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+header fields explained
identification fields:
- source port (16 bits) - sender’s port number
- destination port (16 bits) - receiver’s port number
sequence control:
- sequence number (32 bits) - first byte’s position in stream
- acknowledgment number (32 bits) - next expected byte
control fields:
- data offset (4 bits) - header length in 32-bit words
- reserved (3 bits) - must be zero
- flags (9 bits) - control bits (see below)
- window (16 bits) - receive window size
error detection:
- checksum (16 bits) - covers header + data + pseudo-header
- urgent pointer (16 bits) - offset to urgent data
tcp flags
tl;dr
| Flag | Name | Purpose |
| SYN | Synchronize | Initiate connection, synchronize sequence numbers |
| ACK | Acknowledgment | Acknowledgment field is valid |
| FIN | Finish | No more data from sender |
| RST | Reset | Abort connection |
| PSH | Push | Push data to application immediately |
| URG | Urgent | Urgent pointer field is valid |
| ECE | ECN Echo | ECN-Echo (congestion experienced) |
| CWR | Congestion Window Reduced | Sender reduced congestion window |
| NS | Nonce Sum | ECN nonce concealment protection |
byte stream abstraction
tcp provides a byte stream service, not a message service:
what this means
- no message boundaries - tcp doesn’t preserve application message boundaries
- byte numbering - every byte has a sequence number
- segmentation - tcp breaks stream into segments for transmission
- reassembly - receiver reassembles segments into continuous stream
example
# application writes
send("Hello ") # 6 bytes
send("World") # 5 bytes
# tcp might transmit as:
# Segment 1: "Hello Wo" (8 bytes)
# Segment 2: "rld" (3 bytes)
# receiver gets continuous stream
recv(1024) -> "Hello World" # all 11 bytesimplications for applications
- must add own message framing if needed
- can’t assume write boundaries match read boundaries
- may need to buffer partial messages
sequence and acknowledgment numbers
sequence numbers
- initial sequence number (isn) - randomly chosen at connection start
- byte position - each byte gets sequential number
- wrapping - 32-bit field wraps around at 2^32
acknowledgment semantics
- cumulative acks - ack number = next expected byte
- acknowledges all prior bytes - ack of 1000 means bytes 0-999 received
- piggybacking - acks carried with data segments
example exchange
Client Server
------ ------
SEQ=1000, DATA="Hello" (5 bytes) -->
<-- ACK=1005
SEQ=1005, DATA="World" (5 bytes) -->
<-- ACK=1010maximum segment size (mss)
what is mss
- maximum tcp payload in single segment
- negotiated during connection establishment
- typically derived from mtu minus headers
calculation
MTU (Maximum Transmission Unit) = 1500 bytes (ethernet)
- IP header = 20 bytes
- TCP header = 20 bytes
----------------------------------------
MSS (Maximum Segment Size) = 1460 bytespath mtu discovery
- determines smallest mtu along path
- avoids ip fragmentation
- uses icmp “fragmentation needed” messages
tcp timers
tcp uses several timers to ensure reliability and performance:
tl;dr
| Timer | Purpose | Typical Value |
| Retransmission (RTO) | Retransmit unacked data | Dynamic (RTT-based) |
| Delayed ACK | Batch acknowledgments | 40-200ms |
| Persist | Probe zero window | 5-60 seconds |
| Keep-Alive | Detect dead connections | 2 hours (if enabled) |
| TIME-WAIT | Ensure connection cleanup | 2*MSL (60-240s) |
typical tcp applications
well-suited for tcp
Key Highlights
- web (http/https) - reliable page delivery
- email (smtp/imap/pop3) - message integrity critical
- file transfer (ftp/sftp) - complete file required
- remote access (ssh/telnet) - ordered keystrokes
- database connections - query/response integrity
better with udp
Key Highlights
- real-time video/audio - old data becomes useless
- online gaming - latency more important than reliability
- dns queries - simple request/response
- dhcp - stateless configuration
- iot sensors - periodic updates, loss acceptable
practical implications
for developers
- don’t assume message boundaries - add framing if needed
- handle partial reads/writes - tcp is stream-oriented
- tune socket buffers - affects throughput
- consider nagle’s algorithm - may delay small writes
- understand time-wait - affects rapid connection cycling
for operators
- monitor retransmission rates - indicates network problems
- check window sizes - may limit throughput
- watch for syn floods - dos attack vector
- tune kernel parameters - optimize for workload
- understand connection states - aids troubleshooting
key takeaways
- tcp provides reliable, ordered byte-stream delivery over unreliable ip
- adds significant complexity for reliability guarantees
- header overhead and control mechanisms trade efficiency for reliability
- applications must understand byte-stream semantics
- choice between tcp and udp depends on application requirements
next steps
- explore connection lifecycle to understand establishment and termination
- study sequence and acknowledgment numbers for retransmission and acknowledgments
- examine sliding window protocol for receiver-paced transmission