Introduction: The Detailed Instruction Manual for Data

Continuing our analogy from the TCP protocol, if the IP packet is the main envelope that gets a message to the right building (computer), then the TCP header is a detailed, multi-part instruction form attached to the contents inside. This form does not just specify the sender and receiver; it contains a wealth of control information that manages the entire lifecycle of a conversation, ensuring it is reliable, orderly, and efficient.

Before any application data is sent, the TCP software on the sending computer constructs this header. The header is prepended to the chunk of application data (the payload) to form what is known as a TCP segment. This complete segment is then handed down to the IP layer, which wraps it in an IP header to create a packet for its journey across the network.

Understanding each field of the TCP header is like learning the grammar and vocabulary of network reliability. Each field solves a specific problem related to ordering, error detection, flow control, and connection management.

Overall Structure of the TCP Header

The TCP header has a standardized structure. Its base size is 20 bytes (160 bits), but it can be larger if optional fields are included, up to a maximum of 60 bytes. The header is organized as a series of fields, each with a fixed size and specific purpose.

Let us examine each of these fields one by one, from top to bottom, as shown in the diagram.

Source Port and Destination Port

These two fields are the most fundamental addressing components within the TCP header.

• Source Port (16 bits): This field identifies the port number of the application that sent the segment on the source machine. When a client application like a web browser initiates a connection, the operating system assigns it a temporary, ephemeral port from the dynamic range. This number is placed in the source port field so that the server knows where to send its reply.
• Destination Port (16 bits): This field identifies the port number of the application that is meant to receive the segment on the destination machine. For server applications, this is typically a well-known port associated with a standard service, such as port 443 for a secure web server (HTTPS).

Together, the combination of source IP, source port, destination IP, and destination port creates a unique identifier for a specific TCP connection, allowing a single server to handle thousands of client connections simultaneously.

Sequence Number (32 bits)

This is one of the most critical fields for ensuring TCP's reliability and ordered delivery. Think of the entire stream of data an application wants to send as one very long text document. TCP numbers every single byte in that document.

The Sequence Number field in a given segment contains the number of the first byte of data in that segment's payload. For example, if a segment contains 100 bytes of data and its sequence number is 501, it means this segment carries bytes 501 through 600 of the total data stream.

The 32-bit size of this field is intentionally large. It allows TCP to number up to $2^{32}$ bytes, which is 4 Gigabytes, before the numbers have to wrap around and start again. This large range is essential on high-speed networks to prevent a phenomenon known as sequence number wraparound, where an old packet from a previous cycle could be mistaken for a new one.

During the connection setup (three-way handshake), both the client and server exchange a random Initial Sequence Number (ISN). All subsequent sequence numbers in the conversation are incremented from this starting point.

Acknowledgment Number (32 bits)

This field is the counterpart to the Sequence Number and is the mechanism for confirming the successful receipt of data. It is only considered valid if the ACK control flag is set.

The value of the Acknowledgment Number field indicates the sequence number of the next byte the sender is expecting from the other party. This acknowledgment is cumulative. For example, if the receiver sends back an acknowledgment number of 750, it is confirming that it has successfully and correctly received all data bytes up to sequence number 749, and it is now ready for byte 750.

This cumulative acknowledgment system is efficient but can lead to ambiguity if a single segment is lost. If segments 1, 2, and 4 arrive, but segment 3 is lost, the receiver will keep acknowledging the sequence number of the start of segment 3 until it arrives. More advanced options like Selective Acknowledgment (SACK) can address this.

Header Length (4 bits)

This field, sometimes called the Data Offset, is necessary because the TCP header is not always a fixed size. The base size is 20 bytes, but it can be extended by the TCP Options field. This 4-bit field specifies the total length of the header in 32-bit words (4-byte units).

The minimum value for this field is 5, which corresponds to the mandatory 20-byte header $(5 \times 4 \text{ bytes} = 20 \text{ bytes})$. The maximum value is 15, corresponding to the maximum header size of 60 bytes $(15 \times 4 \text{ bytes} = 60 \text{ bytes})$. This field tells the receiving computer exactly where the header ends and the actual application data begins.

Reserved (3 bits)

This 3-bit field (or sometimes shown as larger in older diagrams before some bits were repurposed) is set aside for future use. According to the standards, it must be set to zero by the sender and ignored by the receiver. Its purpose is to allow for future extensions to the protocol without breaking backward compatibility.

The Control Flags (9 bits)

This collection of single-bit flags acts as a set of on/off switches that control the state and behavior of the TCP connection. Each flag, when set to 1, activates a specific function. The nine flags are: NS, CWR, ECE, URG, ACK, PSH, RST, SYN, and FIN.

• NS (Nonce Sum): A one-bit flag used in an experimental congestion control mechanism to protect against accidental or malicious concealment of congestion notifications.

• CWR (Congestion Window Reduced): Set by the sender to indicate that it has reduced its sending rate in response to receiving a segment with the ECE flag set.

• ECE (ECN-Echo): Used in Explicit Congestion Notification (ECN). Set by a receiver to inform the sender that it received a signal of network congestion from a router.

• URG (Urgent): Indicates that the Urgent Pointer field is significant. This flag signals that some of the data in the segment is "urgent" and should be processed by the receiving application as soon as possible, bypassing the normal data buffer.

• ACK (Acknowledgment): Indicates that the Acknowledgment Number field is valid. Nearly all packets sent after the initial SYN packet will have this flag set.

• PSH (Push): A request from the sender to the receiver. When set, it tells the receiving TCP stack to immediately "push" the data it has received in this segment up to the waiting application, without waiting for its buffer to fill. This is useful for interactive applications like Telnet.

• RST (Reset): Immediately terminates a connection in response to an error. This is an abrupt way to end a session, for example, if one side receives a packet for a connection that no longer exists or if there is a fatal error.

• SYN (Synchronize): Used only in the first one or two packets of the three-way handshake to establish a connection. It synchronizes the initial sequence numbers between the two hosts.

• FIN (Finish): Used to gracefully terminate a connection when the sender has no more data to send. It signals the start of the four-way handshake to close the connection.

Window Size (16 bits)

This field is the core of TCP's flow control mechanism. It specifies the number of bytes, starting from the byte indicated in the Acknowledgment Number field, that the sender of this segment is currently willing to receive.

In essence, the receiver is saying: My receive buffer has X bytes of free space, so please do not send me more than X bytes until I give you another update. This prevents a fast sender from overwhelming a slow receiver. Since the field is 16 bits, the maximum window size that can be advertised is 65,535 bytes. This became a bottleneck on modern high-speed, long-distance networks, which led to the development of the Window Scale TCP option.

Checksum (16 bits)

The checksum field is used for basic error detection. The sender calculates a 16-bit checksum value based on the contents of the TCP header, the application data, and a special pseudo-header. The receiver performs the same calculation. If the results differ, the receiver knows the segment was corrupted in transit and discards it.

The pseudo-header is a conceptual structure that includes the source IP address, destination IP address, protocol number (6 for TCP), and the TCP segment length. Including the IP addresses in the checksum calculation provides an important protection: it helps detect cases where a packet was misdelivered by the IP layer to the wrong host or protocol.

Urgent Pointer (16 bits)

This field is only valid if the URG flag is set. It is a 16-bit offset from the current sequence number that points to the last byte of the urgent data. This allows the receiving system to quickly find and deliver "out-of-band" data to the application, for instance, a break command like Ctrl-C in a remote terminal session, without it having to wait in the regular data buffer.

TCP Options (Variable Length) and Padding

The base 20-byte TCP header provides the core functionality, but modern networking requires additional features. The Options field allows for this extensibility. It can be up to 40 bytes long. If options are used, the Header Length field will have a value greater than 5.

Some of the most important options include:

• Maximum Segment Size (MSS): This is one of the most common options, exchanged during the three-way handshake. Each side uses it to announce the largest chunk of data (segment) it is willing to receive. This helps to avoid IP fragmentation, which can degrade network performance.
• Window Scale: Solves the limitation of the 16-bit Window Size field. It is a scaling factor (a power of 2) that multiplies the value in the Window Size field, allowing for much larger receive windows (up to 1 Gigabyte), which is crucial for achieving high throughput on networks with a large Bandwidth-Delay Product.
• Selective Acknowledgment (SACK): Allows the receiver to acknowledge non-contiguous blocks of received data. This is much more efficient than the standard cumulative ACK when multiple packets are lost from a single window of data.
• Timestamps: Adds timestamp information to each segment, which helps with more accurate Round-Trip Time (RTT) calculations and provides another mechanism to protect against wrapped sequence numbers (PAWS - Protection Against Wrapped Sequence numbers).

Finally, Padding is used to ensure that the total length of the header is a multiple of 4 bytes. Since some options do not end on a 4-byte boundary, zero bytes are added as padding to fill out the last 32-bit word of the header.