6 Packet Analysis TCP – Headers, Tools and notes

TCP Header

Transmission Control Protocol (TCP) is a reliable and error-free communication between systems. It performs sequencing and segmentation of the data. TCP is a transport communication protocol. The total length of a TCP header is 20 bytes; four bytes for each row.

Source Port is 2 bytes (16 bits), it identifies the source user process. Example, if a source port is 80. The service is web HTTP.
Destination Port is 2 bytes (16 bits), similarly if a destination port is 80, then the sender is going to a web server running on port 80.

Sequence number 4 bytes (32 bits) is the first byte in the segment. If the syn flag is present, this is the initial sequence number and the first data byte.
Acknowledge Number is 4 bytes (32 bits) is the expected value.

Data offset – 4 bits – location of the start of the data

Reserved is 6 bits
Control Flags is 6 bits –  URG/ACK/PSH/RST/SYN/FIN
Windows  size is 2 bytes (16 bits)  – size of data

Checksum is 2 bytes (16 bits) covers the segment

Urgent Pointer is 2 bytes (16 bits) Lets receiver know how much data it should deliver

Sequence number and Acknowledge number are how TCP keeps tracks of packets in order.  Along with the Seq# and Ack#, the checksum provides the reliable (guarantee) of packet.

To establish a TCP connection, the two nodes must work out a three way handshake.

The connection is established by the sender first sending an SYN flag, then the receiver response with a ACK and SYN, then finally the sender sends an ACK to establish the connection. After the ACK, data between the sender and receiver will begin, until a final flag of FIN.

In encapsulation, for TCP/IP network. The IP header will add the TCP header for a TCP segment.



TCP and IP encapulations


Icon for the Public Domain license

This work (Introduction to intrusion detection system by Sung Lee) is free of known copyright restrictions.

Share This Book