Welcome to tcpipworld.com Blog Post # 2
Act as if what you do makes a difference. It does. – William James
In this blog post, we will discuss TCP Header (Port Number, Sequence Number & Acknowledgement)
- TCP Header
- TCP Encapsulation
1. Let’s begin with TCP header & TCP encapsulation
Compare to the UDP header we have a lot more fields in TCP Header.
Header means whenever we send data through TCP at Transport Layer, TCP adds its header along with the data, so header provides a lot of functionality.
What are the properties of each and every field of this Header, that we will discuss in this blog?
1.1 Port Number
It is 16 bits field. Total 65535 ports can be used.
- 0 – 1023 port number are well-known ports
- 1024 – 49151 are registered ports
- 49152 – 65535 are Dynamic assigned ports.
1.1.1 Well Known port numbers are used by standard applications.
220.127.116.11 For example :
HTTP Port 80, SMTP Port 25, FTP Port 21. Basically standard protocol.
1.1.2 Dynamic Port Number is assigned by the operating system.
18.104.22.168 For example:
When you browse anything on the web. Application Layer wants to communicate with the transport layer. It requires a socket to talk to the transport layer.
Sockets are nothing but a combination of Source port, Source IP, Destination Port, and Destination IP.
The Dynamic port 49152 – 65535.
A Socket is a unique identification of each TCP connection on the Internet.
22.214.171.124 Example :
- When a client with port number 52222, assigned from a dynamic port range wants to communicate to HTTP Server, using Well Known port 80.
- Client process creates a socket communicate to the Transport Layer. Source Port 52222 and Destination Port 80 use in TCP Header to communicated to Server.
1.2 Sequence Number :
In TCP each byte has a sequence number. As TCP is a byte stream protocol.
1.2.1 For Example :
- From the Application Layer, we are getting continuous data. TCP converts those data into bytes and the collection of bytes is called a Segment.
- If we have a segment that is the collection of bytes. Remember each byte in the segment has a number which is referred to as Sequence Number.
- Basically, TCP assigns Sequence Number randomly and then we start adding each byte in Sequence Number.
- Now we have a segment it carries some data in the form of Bytes and each Bytes has a number which is a sequence number.
- So in TCP sequence numbers always represent the first bytes of the data.
1.3 Acknowledgment number is going to Acknowledge the data received at the receiver.
1.3.1 From the previous Example :
- We sent 50 Bytes of data, the starting number is 201 + 50. When data receives at the other end it will add it 251 + 1 = 252
- So this 252 carried by ACK will be my next sequence number. Again represent the first bytes of that segment.
- Another trust factor with respect to TCP is the ACK field is going to carry the sequence number of the next bytes that this particular sender is sending.
TCP Acknowledgment is cumulative.
1.3.2 For Example :
- To understand the details, A & B want to exchange data. In the past 3 Way Handshake already happens, this example is completely based on data flow.
- The segment data is 517 Bytes which is the payload.
- Data received at B. B sent an Acknowledgment as previous ACK = 1 +517 bytes of data = 518 Bytes
- Sequence Number of B is 111, which represents the particular host stream. Then it sends data of 1412.
- Next data now Sequence Number change to 1414 + 111 = 1523
- This 1523 represents the 1st Byte of 1412 bytes of data which is sending now.
- Next Sequence number 1523 + 1412 = 2935, so 2935 represents the 1st byte of 709 Bytes of data.
- Here TCP so a cumulative ACK and ACK all the previous learn bytes from other ends.
- Now A sends data of 80 Bytes and sequence 518 represents the 1st byte of 80 Bytes of data.
Also, note ACK number is carrying the next expected sequence number.
In this capture for packet number 247 observed, a mark which represents packet no 251 Ack that packet.
1.3.2 In the Capture:
What is this relative sequence number, instead of showing the true value, that 4 Bytes value in TCP header, instead of its starts with Zero?
It’s a little bit easier to understand that number. If we need that original number back, what we need to do, in TCP header protocol preference, uncheck the relative sequence number. You will get the exact value. Which is the long convocating number.
Basically, the function is exactly the same.
Sequence numbers track bytes in each direction of the connection, so this is a way a client or server connection sending data onto the wire and keeps track of what has been sent. And also what been acknowledge
In this way, we can retransmit something that is lost, and we can keep track of how much data has been sent.
When taking that sequence number 1, add the TCP segment length, now it will give the next sequence number that we will be sending in that direction.
When TCP segment length is 0, So when I send the next packet it will be the same. These are the useful features provide by Wireshark.
1.3.3 For example :
If we see a gap in the sequence number, Wireshark can let me know, these segments “TCP previous segment not captured”. Fundamentally client knows something is missing.