TCP

Transmission Control Protocol — reliable, ordered, connection-oriented transport

TCP Header RFC 9293

0 15 16 31 Source Port Dest Port 16 bits each Sequence Number 32 bits Acknowledgment Number 32 bits Off Rsv Flags Window Size 4 + 4 + 8 + 16 bits Checksum Urgent Pointer 16 bits each Options (variable, if Data Offset > 5) 
20 bytes minimum header (Data Offset = 5)
+--------+--------+--------+--------+
|     Source Port |    Dest Port    |  0-3
+--------+--------+--------+--------+
|         Sequence Number           |  4-7
+--------+--------+--------+--------+
|      Acknowledgment Number        |  8-11
+--------+--------+--------+--------+
|Off|Rsv|Flags|   Window Size       | 12-15
+--------+--------+--------+--------+
|     Checksum    |  Urgent Pointer | 16-19
+--------+--------+--------+--------+

Control Flags 8 bits

CWR ECE URG ACK PSH RST SYN FIN 7 6 5 4 3 2 1 0
FlagNamePurpose
SYNSynchronizeInitiate connection, synchronize sequence numbers
ACKAcknowledgmentAcknowledgment field is valid
FINFinishNo more data from sender, close connection
RSTResetAbort connection immediately
PSHPushPush data to application immediately
URGUrgentUrgent pointer field is valid
ECEECN-EchoECN capability or congestion indication
CWRCongestion Window ReducedSender reduced congestion window

Three-Way Handshake Connection Establishment

Client Server SYN, Seq=x 1. Client initiates SYN+ACK, Seq=y, Ack=x+1 2. Server responds ACK, Seq=x+1, Ack=y+1 3. Connection established ESTABLISHED ESTABLISHED 
Client                              Server
  |                                    |
  |--- SYN, Seq=1000 ----------------->|  LISTEN
  |                                    |  SYN-RECEIVED
  |<-- SYN+ACK, Seq=2000, Ack=1001 ----|
  |                                    |
  |--- ACK, Seq=1001, Ack=2001 ------->|  ESTABLISHED
  |                                    |
  ESTABLISHED                          |

Connection Termination Four-Way Handshake

Client Server FIN, Seq=x FIN-WAIT-1 ACK, Ack=x+1 FIN-WAIT-2 CLOSE-WAIT FIN, Seq=y LAST-ACK ACK, Ack=y+1 TIME-WAIT CLOSED CLOSED

Connection States State Machine

StateDescription
CLOSEDNo connection exists
LISTENServer waiting for incoming connections
SYN-SENTClient sent SYN, waiting for SYN-ACK
SYN-RECEIVEDServer received SYN, sent SYN-ACK, waiting for ACK
ESTABLISHEDConnection open, data transfer in progress
FIN-WAIT-1Sent FIN, waiting for ACK or FIN
FIN-WAIT-2Received ACK for FIN, waiting for FIN
CLOSE-WAITReceived FIN, waiting for application to close
CLOSINGBoth sides sent FIN simultaneously
LAST-ACKSent FIN after receiving FIN, waiting for ACK
TIME-WAITWaiting 2*MSL before closing (ensures ACK received)

Defaults Common Parameters

ParameterDefaultNotes
MSS536 bytesMaximum Segment Size (default if not negotiated)
MSS (Ethernet)1460 bytes1500 MTU - 20 IP - 20 TCP
Window Size65535 bytesMax without window scaling
Window Scale0-14Multiplier: 2^scale (RFC 7323)
MSL2 minutesMaximum Segment Lifetime
TIME-WAIT2 * MSLTypically 1-4 minutes
Initial RTO1 secondRetransmission timeout
keepalive time2 hoursIdle time before probe (if enabled)

Well-Known Ports 0-1023 Reserved

PortServiceDescription
20FTP DataFile Transfer Protocol (data)
21FTP ControlFile Transfer Protocol (control)
22SSHSecure Shell
23TelnetUnencrypted text communications
25SMTPSimple Mail Transfer Protocol
53DNSDomain Name System (also UDP)
80HTTPHypertext Transfer Protocol
110POP3Post Office Protocol v3
143IMAPInternet Message Access Protocol
443HTTPSHTTP over TLS/SSL
587SMTPMail submission (with auth)
993IMAPSIMAP over TLS
3306MySQLMySQL database
5432PostgreSQLPostgreSQL database

Common Options Variable Length

KindLengthOptionPurpose
01End of OptionsMarks end of options list
11No-OpPadding for alignment
24MSSMaximum Segment Size
33Window ScaleWindow scaling factor (RFC 7323)
42SACK PermittedSelective ACK allowed
5varSACKSelective ACK blocks
810TimestampsRTT measurement, PAWS (RFC 7323)