6 Packet Analysis TCP – Headers, Tools and notes

Transmission Control Protocol (TCP) is a reliable and error-free communication between systems. It performs sequencing and segmentation of the data. TCP is a transport communication protocol. The total length of a TCP header is 20 bytes; four bytes for each row.

Source Port is 2 bytes (16 bits), it identifies the source user process. Example, if a source port is 80. The service is web HTTP.
Destination Port is 2 bytes (16 bits), similarly if a destination port is 80, then the sender is going to a web server running on port 80.

Sequence number 4 bytes (32 bits) is the first byte in the segment. If the syn flag is present, this is the initial sequence number and the first data byte.
Acknowledge Number is 4 bytes (32 bits) is the expected value.

Data offset – 4 bits – location of the start of the data

Reserved is 6 bits
Control Flags is 6 bits –  URG/ACK/PSH/RST/SYN/FIN
Windows  size is 2 bytes (16 bits)  – size of data

Checksum is 2 bytes (16 bits) covers the segment

Urgent Pointer is 2 bytes (16 bits) Lets receiver know how much data it should deliver

Sequence number and Acknowledge number are how TCP keeps tracks of packets in order.  Along with the Seq# and Ack#, the checksum provides the reliable (guarantee) of packet.

To establish a TCP connection, the two nodes must work out a three way handshake.

The connection is established by the sender first sending an SYN flag, then the receiver response with a ACK and SYN, then finally the sender sends an ACK to establish the connection. After the ACK, data between the sender and receiver will begin, until a final flag of FIN.

In encapsulation, for TCP/IP network. The IP header will add the TCP header for a TCP segment.