Transmission Control Protocol is a utility protocol that builds on IP that aims to address complexity of transmitting large amounts of data over IP. Since the IP segment size is low, data has to be split across multiple segments. This means:

  • there's an increased chance of segments being lost or dropped in transit; and
  • there's a risk of segments being delivered out of order, corrupting the transmitted data.

TCP guarantees reliable transmission and ordering of segments.


TCP segment structure

The header comprises:

  • Source port specifies the source of the traffic.
  • Destination port specifies the destination port of the traffic.
  • Sequence number assigns an in-flight identifier to each segment.
  • Acknowledgement number used in combination with the sequence number to ensure parity between client and server.
  • Header length specifies the length of the header section, or the offset to reach the segment's data.
  • Reserved for future use; should be zeroed.
  • Flags:
    • Primary flags:
      • Urgent (URG) is used to mark data as urgent, but usage is recommended against.
      • Acknowledgement (ACK) is used to acknowledge receipt.
      • Push (PSH) instructs the receiver to process the data without buffering.
      • Reset (RST) resets a connection, commonly because of a firewall.
      • Synchronise (SYN) initiates a connection, starting the three-way handshake.
      • Finish (FIN) initiates a graceful termination of a TCP session.
    • Extra flags:
      • ECN nonce is experimental, aiming to protect against malicious/accidental traffic.
      • Congestion Window Reduced announces traffic congestion, hopefully slowing down the rate of transmission.
      • ECN Echo acknowledges traffic congestion.
  • Window size enables flow control, allowing adjusting the amount of data that can be transmitted between acknowledgement.
  • Checksum contains a CRC for verifying integrity.
  • Options:
    • Maximum Segment Size (MSS)
    • No Option, Padding (NOP)
    • Window Scaling beyond mathematical limit.
    • Selective Acknowledgement SACK


TCP uses a three-way handshake to establish sessions:

  1. Client sends synchronise (SYN) to server with a randomly selected 32-bit sequence number.
  2. Server acknowledges synchronise by replying with SYN-ACK, incrementing the client-supplied sequence number and responding with its own for communications the other way.
  3. Client acknowledges ACK, with the server's SYN sequence number incremented.


Segmentation chunks a stream of data, wrapping it in a TCP segment containing a sequence number.


Clients can use the sequence number to reassemble TCP data streams using the segment sequence number.


In a functioning TCP session, acknowledgement numbers and sequence numbers remain in sync. Where a packet is lost in transmission and a subsequent packet is received with a greater sequence number than the expected value, a client can request retransmission from a server using selective acknowledgement.


If sessions were never closed, we'd quickly exhaust the ephemeral TCP port range and likely run out of memory used to maintain TCP session state.

  1. Server sends FIN-ACK.
  2. Client sends ACK.
  3. Client sends FIN-ACK.
  4. Server sends ACK.