Skip to content
My Docs

Tcp Transmission Control Protocol

Category: Transport and Application Layer Protocols
Type: Network Concepts
Generated on: 2025-07-10 08:55:28
For: Network Engineering, Administration & Technical Interviews

TCP (Transmission Control Protocol) Cheatsheet

Section titled “TCP (Transmission Control Protocol) Cheatsheet”

What is TCP? Transmission Control Protocol (TCP) is a connection-oriented, reliable, byte-stream transport layer protocol. It provides guaranteed delivery of data, in order, and error-free, between applications on different hosts.

Why is it Important? TCP is the backbone of many internet applications, including web browsing (HTTP/HTTPS), email (SMTP/POP3/IMAP), file transfer (FTP), and remote access (SSH). Its reliability and flow control are critical for applications that need to ensure data integrity. Without TCP, applications would need to implement their own reliability mechanisms, leading to complexity and inconsistency.

  • Connection-Oriented: A connection must be established (three-way handshake) before data can be transferred.
  • Reliable: Guarantees data delivery through acknowledgments (ACKs), retransmissions, checksums, and sequence numbers.
  • Byte-Stream: Data is treated as a continuous stream of bytes, not as discrete packets.
  • Full-Duplex: Data can be transmitted in both directions simultaneously.
  • Flow Control: Prevents the sender from overwhelming the receiver using a sliding window mechanism.
  • Congestion Control: Adapts the sending rate to avoid network congestion.
  • Port Numbers: Uses port numbers (source and destination) to identify specific applications on the hosts.
  • Segmentation: Breaks large application data into smaller segments for transmission.
  • Reassembly: Reassembles segments at the receiver into the original data stream.
  • Sequence Numbers: Used to order segments and detect lost or duplicated segments.
  • Acknowledgment Numbers: Indicate the next expected sequence number from the receiver.
  • Window Size: Advertises the amount of receive buffer space available at the receiver.
  • Three-Way Handshake: Establishes a TCP connection.
  • Four-Way Handshake: Terminates a TCP connection.

3.1. Three-Way Handshake (Connection Establishment)

Section titled “3.1. Three-Way Handshake (Connection Establishment)”
Client                                                 Server
-------------------------------------------------------------------
SYN (SEQ=x) --------->
                                                     SYN (SEQ=y, ACK=x+1) <------- SYN/ACK
ACK (SEQ=x+1, ACK=y+1) --------->
-------------------------------------------------------------------
          Connection Established (Data Transfer can begin)
  1. SYN (Synchronize): The client sends a SYN segment to the server, indicating its desire to establish a connection. It includes a random initial sequence number (ISN) x.
  2. SYN/ACK (Synchronize/Acknowledge): The server responds with a SYN/ACK segment. It acknowledges the client’s SYN by setting the ACK number to x+1 and includes its own ISN y.
  3. ACK (Acknowledge): The client sends an ACK segment acknowledging the server’s SYN/ACK by setting the ACK number to y+1. Data transfer can now begin.

3.2. Data Transfer

Section titled “3.2. Data Transfer”

Data is transmitted in segments. Each segment contains a portion of the data, along with TCP header information. The receiver acknowledges each segment received, allowing the sender to track which data has been successfully delivered.

3.3. Four-Way Handshake (Connection Termination)

Section titled “3.3. Four-Way Handshake (Connection Termination)”
Client                                                 Server
-------------------------------------------------------------------
FIN (SEQ=z) --------->
                                                     ACK (SEQ=a, ACK=z+1) <-------
                                                     FIN (SEQ=b, ACK=z+1) <-------
ACK (SEQ=z+1, ACK=b+1) --------->
-------------------------------------------------------------------
          Connection Terminated
  1. FIN (Finish): The client (or server) sends a FIN segment to the server (or client), indicating that it has no more data to send. It includes a sequence number z.
  2. ACK (Acknowledge): The server acknowledges the FIN segment with an ACK segment, setting the ACK number to z+1.
  3. FIN (Finish): The server (if it hasn’t already) sends its own FIN segment to the client, indicating it has no more data to send. It includes a sequence number b.
  4. ACK (Acknowledge): The client acknowledges the server’s FIN segment with an ACK segment, setting the ACK number to b+1. The connection is now terminated.

4.1. TCP Header Format

Section titled “4.1. TCP Header Format”
   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |          Source Port          |       Destination Port        |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                        Sequence Number                        |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                    Acknowledgment Number                        |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |  Data |           |U|A|P|R|S|F|                               |
  | Offset| Reserved  |R|C|S|S|Y|I|         Window Size           |
  |       |           |G|K|H|T|N|N|                               |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |          Checksum             |       Urgent Pointer          |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                      Options                    |   Padding    |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                            Data                                |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  • Source Port (16 bits): The port number of the sending application.
  • Destination Port (16 bits): The port number of the receiving application.
  • Sequence Number (32 bits): The sequence number of the first byte in the segment.
  • Acknowledgment Number (32 bits): The next sequence number expected from the other end.
  • Data Offset (4 bits): The number of 32-bit words in the TCP header. Indicates where the data begins.
  • Reserved (3 bits): Reserved for future use (must be zero).
  • Flags (9 bits): Control bits:
    • URG (Urgent): Urgent pointer field significant.
    • ACK (Acknowledgment): Acknowledgment field significant.
    • PSH (Push): Push function. Indicates that the receiver should push the data to the application immediately.
    • RST (Reset): Reset the connection.
    • SYN (Synchronize): Synchronize sequence numbers to initiate a connection.
    • FIN (Finish): No more data from sender.
    • CWR (Congestion Window Reduced): Congestion window reduced by sender.
    • ECE (ECN-Echo): ECN-Echo indicates congestion avoidance feedback.
    • NS (Nonce Sum): Nonce sum.
  • Window Size (16 bits): The number of bytes the receiver is willing to accept.
  • Checksum (16 bits): Error detection for the header and data.
  • Urgent Pointer (16 bits): If the URG flag is set, this field indicates the offset from the current sequence number where urgent data ends.
  • Options (Variable): Optional parameters, such as Maximum Segment Size (MSS) and Window Scale.
  • Padding (Variable): Used to ensure the header ends on a 32-bit boundary.
  • Data (Variable): The actual application data being transmitted.

4.2. TCP State Diagram (Simplified)

Section titled “4.2. TCP State Diagram (Simplified)”
        +----------+          +----------+
        |  CLOSED  |--------->|  LISTEN  |
        +----------+          |          |
             |                |          |  Passive Open
             |  Active Open   |          |
             |  SYN          |          |  SYN
             v                |          |  +
        +----------+          |          |  |
        | SYN-SENT |<---------+          |  | SYN/ACK
        +----------+          |          |  |
             |                +----------+  |
             |                | SYN-RCVD |<--+
             |                +----------+
             |  ACK          |          |
             v                |          |  Active Open
        +----------+          |          |  +
        |ESTABLISHED|<---------+          |  |
        +----------+          +----------+  |
             |                |          |  | ACK
             |  FIN          |          |  |
             v                |          |  |
        +----------+          |          |  |
        |FIN-WAIT-1|--------->|CLOSE-WAIT|<--+
        +----------+          +----------+
             |                |          |  Close
             |  ACK          |          |  +
             v                |          |  |
        +----------+          |          |  | FIN
        |FIN-WAIT-2|          |          |  |
        +----------+          |          |  |
             |                v          |  |
             |                +----------+  |
             |                | LAST-ACK |<--+
             |                +----------+
             |                |          |  Close
             |                v          |
             |                +----------+
             +---------------->|  CLOSED  |
                              +----------+
  • Web Browsing (HTTP/HTTPS): When you access a website, your browser uses TCP to establish a connection with the web server. TCP ensures that the web page’s HTML, CSS, JavaScript, and images are delivered reliably and in the correct order.
  • Email (SMTP/POP3/IMAP): Email clients use TCP to send and receive emails. TCP guarantees that the entire email message, including attachments, is delivered without errors.
  • File Transfer (FTP): FTP relies on TCP for reliable file transfer between a client and a server.
  • Remote Access (SSH): SSH uses TCP to provide a secure and reliable connection for remote access to a server.
  • Database Connections: Many database clients use TCP to connect to database servers, ensuring data integrity during queries and updates.

Example Packet Capture (Wireshark):

No.     Time           Source                Destination           Protocol Length Info
      1 0.000000       192.168.1.100         192.168.1.1           TCP      60     50000 > 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460
      2 0.001000       192.168.1.1           192.168.1.100         TCP      60     80 > 50000 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
      3 0.001500       192.168.1.100         192.168.1.1           TCP      52     50000 > 80 [ACK] Seq=1 Ack=1 Win=64240 Len=0
      4 0.002000       192.168.1.1           192.168.1.100         HTTP     250    HTTP/1.1 200 OK (text/html)
      5 0.002500       192.168.1.100         192.168.1.1           TCP      52     80 > 50000 [ACK] Seq=199 Ack=199 Win=64240 Len=0

This capture shows the three-way handshake (packets 1-3) followed by HTTP data transfer (packets 4-5).

  • Connection Refused: The server is not listening on the specified port.

    • Troubleshooting: Verify the server is running and listening on the correct port. Use netstat -an (Linux/Unix) or netstat -an | findstr <port> (Windows) to check listening ports. Check firewall rules.

  • Connection Timeout: The client is unable to establish a connection with the server within a specific time.

    • Troubleshooting: Check network connectivity (ping the server). Verify firewall rules. Investigate potential routing issues. The server might be overloaded.

  • Slow Transfer Speeds: Congestion or network bottlenecks can lead to slow transfer speeds.

    • Troubleshooting: Use network monitoring tools (e.g., tcpdump, Wireshark) to identify packet loss or retransmissions. Check network bandwidth and latency. Consider TCP window scaling options.

  • High Retransmission Rate: Packets are being lost or corrupted, requiring retransmission.

    • Troubleshooting: Check for network congestion. Investigate potential hardware issues (e.g., faulty network card, cabling).

  • Reset Connection (RST Flag): The connection is being abruptly terminated.

    • Troubleshooting: Check for application errors that might be causing the reset. Firewall or intrusion detection systems might be interfering with the connection. A process might be trying to send data on a closed socket.

  • Zero Window Size: The receiver is advertising a zero window size, indicating it cannot accept any more data.

    • Troubleshooting: The receiving application might be overloaded or experiencing resource constraints. Check the receiver’s CPU and memory utilization.

  • Linux (sysctl):

    • Adjust TCP window size:

      Terminal window
      sysctl -w net.ipv4.tcp_rmem="4096 87380 6291456"  #Receiver receive buffer
      sysctl -w net.ipv4.tcp_wmem="4096 65536 6291456"  #Sender transmit buffer
      sysctl -w net.core.rmem_max=6291456 #Max size of receive buffer
      sysctl -w net.core.wmem_max=6291456 #Max size of transmit buffer

      To make these changes persistent, edit /etc/sysctl.conf and run sysctl -p.

    • Enable TCP window scaling:

      Terminal window
      sysctl -w net.ipv4.tcp_window_scaling=1

  • Windows (Registry):

    • Adjust TCP window size: (Requires reboot)
      • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
      • Create or modify the following DWORD values:
        • TcpWindowSize: Sets the TCP receive window size (in bytes). Recommended value: 65535 or higher.
        • GlobalMaxTcpWindowSize: Sets the maximum TCP receive window size (in bytes).
        • Tcp1323Opts: Set to 1 to enable window scaling, timestamps, and selective acknowledgments.

  • Firewall (iptables - Linux):

    • Allow incoming TCP connections on port 80:

      Terminal window
      iptables -A INPUT -p tcp --dport 80 -j ACCEPT

    • Allow outgoing TCP connections on port 443:

      Terminal window
      iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT

  • Q: Explain the TCP three-way handshake.

    • A: The three-way handshake is used to establish a TCP connection. The client sends a SYN segment to the server, the server responds with a SYN/ACK segment, and the client sends an ACK segment. This process synchronizes sequence numbers and establishes the connection.

  • Q: What is the difference between TCP and UDP?

    • A: TCP is connection-oriented, reliable, and provides flow control and congestion control. UDP is connectionless, unreliable, and doesn’t provide flow control or congestion control. TCP is suitable for applications that require guaranteed delivery, while UDP is suitable for applications that prioritize speed over reliability.

  • Q: How does TCP ensure reliability?

    • A: TCP ensures reliability through acknowledgments (ACKs), retransmissions, sequence numbers, checksums, and timers. If a segment is lost or corrupted, the sender will retransmit it. Sequence numbers are used to order segments, and checksums are used to detect errors.

  • Q: What is flow control in TCP? How does it work?

    • A: Flow control prevents the sender from overwhelming the receiver. The receiver advertises a window size, which indicates the amount of receive buffer space available. The sender can only send data up to the advertised window size. This mechanism prevents buffer overflows at the receiver.

  • Q: Explain the TCP congestion control mechanisms.

    • A: TCP uses several congestion control mechanisms, including:
      • Slow Start: The sender starts with a small congestion window and gradually increases it until congestion is detected.
      • Congestion Avoidance: After slow start, the sender increases the congestion window more cautiously.
      • Fast Retransmit: If the sender receives three duplicate ACKs, it retransmits the lost segment immediately without waiting for a timeout.
      • Fast Recovery: After a fast retransmit, the sender reduces the congestion window and enters a recovery phase to avoid further congestion.

  • Q: What is TCP window scaling? Why is it used?

    • A: TCP window scaling allows for window sizes larger than 65535 bytes. The window scale option is used in the TCP header to multiply the advertised window size. This is necessary for high-bandwidth networks to achieve optimal throughput. Without window scaling, TCP throughput is limited by the maximum window size.

  • Q: What are the different TCP flags and their purpose?

    • A: Refer to the TCP Header Format section (4.1) for a detailed explanation of each flag.

  • Q: What is the purpose of the Urgent Pointer in the TCP header?

    • A: The Urgent Pointer indicates the end of urgent data within the TCP segment. This allows applications to prioritize certain data even if other data is still being processed. The URG flag must be set for the Urgent Pointer field to be valid.

  • UDP (User Datagram Protocol): A connectionless, unreliable transport layer protocol.

  • IP (Internet Protocol): The network layer protocol that provides addressing and routing.

  • Sockets: An endpoint of a two-way communication link between two programs running on the network.

  • Network Address Translation (NAT): A technique used to map private IP addresses to public IP addresses.

  • Quality of Service (QoS): Mechanisms to prioritize network traffic based on application requirements.

  • Network Security: Firewalls, intrusion detection systems, and other security measures to protect networks and data.

  • Wireshark/tcpdump: Packet capture and analysis tools for network troubleshooting.

  • QUIC: A new transport protocol built on UDP that aims to improve performance and security compared to TCP.

This cheatsheet provides a comprehensive overview of TCP, covering its core concepts, operation, and practical applications. It should be a valuable resource for students, network professionals, and anyone interested in understanding this fundamental protocol.