How Does TCP Work: TCP IP Protocol Suite

TCP is a transport layer protocol in TCP/IP protocol suit which is used in computer networking. Its purpose is to ensure reliable communication between applications across a network.

It breaks down data chunks into small packets. It also has some rules and procedures for the packets to transmit and receive from one end to another.

In this article, I will explain packet level details of TCP protocol and how it works. First look at the diagram below, here a client is initiating a connection with the server. So client is an active opener and server is a passive opener.

TCP is a connection-oriented protocol, which means a secure connect is established between two host before sending and receiving the actual data packets between these two hosts. This is achieved by establishing a three-way handshake connections between sender and receiver. The following are the steps:

1. The host who wants to send data (client) first sends packet with a SYN flag to the receiving host in order to establish connection.

2. The receiving host responds (Server) with a packet having SYN-ACK flag and also acknowledging the request and indicating that it is ready to receive the data.

3. The sending host responds (Client) with an ACK packet, confirming that the connection has been established and data can now be sent.

The data can be send and received between the two host only when connections have been established using TCP packets.

Similarly whenever a host wants to terminates its connection with the other host, TCP uses a four-way handshake process to terminate connections.

1. One end sends a FIN packet to signal the end of the connection.

2. The other end responds with an ACK packet to confirm receipt of the FIN packet.

3. The other end sends its own FIN packet.

4. The original sender responds with an ACK packet to confirm receipt.

This completes the four-way handshake process, and the connection is closed. At packet level a TCP packet consists of many different fields and field has its own function as follows, here TCP packet header diagram for your reference

Source port: This is a 16-bit field that specifies the port number of the sending application. If application is HTTP and it is sending data then it's port number is 80.

Destination port: This is also a 16-bit field, but it specifies the port number of the receiving application. If the receiving application is SSH then it's port number is 22.

Sequence number: This is a 32-bit field that identifies the number of bytes in the data, data packet follows some order while sending and receiving so sequence number is used to keep track the order of packets. The initial data packet has a unique sequence number called ISN (Initial Sequence Number). The sending host used this number to send data while receiving host reassemble it and bring the packets in correct order.

Acknowledgment number: This is also a 32-bit field, but it is only used by the receiver. It contains the sequence number of the next expected packet, and it is used to acknowledge receipt of packets that have been successfully received.

Header length: This is a 4-bit field which specifies the TCP header length. The TCP header contains several different fields, and its length can vary depending on which fields are included.

Reserved: This is a 6-bit field that is reserved for future use and is currently set to zero.

Control bits: This is a 6-bit field contains several control flags that control packet processing. Flags like SYN, ACK, FIN, RST, PSH, and URG are used to establish and terminate connections and control how data is processed. Here is the brief explanation of thesse flags.

SYN (Synchronize) - Used to initiate a connection between two hosts.
ACK (Acknowledge) - Used to confirm receipt of a packet.
FIN (Finish) - Used to terminate a connection.
RST (Reset) - Used to reset a connection or signal an error.
PSH (Push) - Used to signal the receiving host to pass data directly to the application without buffering.
URG (Urgent) - Used to signal that a packet contains urgent data.

Window size: This is a 16-bit field and specifies the amount of data the receiving host can accept.

Checksum: This is a field 16-bit field used to verify packet integrity. Checksum uses various factors such as IP addresses and packet contents etc. to calculate its values.

Urgent pointer: This is a 16-bit field that is used in conjunction with the URG flag to indicate that certain data within the packet is urgent and should be processed immediately.

Options: This is an optional field which is mostly used to carry information like MSS i.e. Maximum Segment Size. It is the  maximum sized segment that the sender wants to receive.

When a TCP packet is sent from one host to other. It is first encapsulated with IP header which has the source and destination IP addresses. Using which a packet can be routed across the networks. In the transmitted network a packet can be delayed.

The TCP provides a reliable communication by using a variety of techniques to detect and correct errors that may occur during transmission. It uses acknowledgments, when a sender sends data packets it expects to receive an acknowledgement from the receiver if sender receives the acknowledgement within a specific time which ensures successful packet delivery and if acknowledgement is not received by the sender from receiver that means that packet is lost in transmission and the sender will send that data packet again.

TCP flow control is another important feature which prevents sender to send to much data which receiver can not accept. The receiver uses its window size field in the TCP header which specifies how much data it can accept from the receiver within a specific time. The receiver reduces its window size if sender is sending data too fast which forces sender to slow down.

TCP congestion control mechanisms to prevent network congestion and ensure efficient data transmission. One of the primary methods used by TCP for congestion control is called slow start. Slow start gradually increases the amount of data sent until the network reaches an equilibrium state. Once this happens, data transmission can occur more quickly.

In conclusion, TCP is a complex protocol that is essential for reliable communication between applications across a network. By breaking down data into small packets, providing error detection and correction mechanisms, and using techniques like flow control and congestion control, TCP ensures that data is transmitted efficiently and reliably.

In the past, I took a detailed live session on the TCP (in regards to the Load Balancer virtual servers) it should be very useful to understand how virtual servers establishes TCP connections with LTM, here is the video recording for the same. I hope this will help many of you who want to understand TCP in an easiest possible way.