# How does TCP work?

· ·

Today we are tackling a big piece, the TCP protocol, are you ready? Here we go !) TCP (= Transmission Control Protocol) is the most used layer 4 protocol and it is an integral part of our lives without us realizing it. TCP was created to address a simple problem, to enable reliable communication between two machines. TCP is based, like many protocols, on a client-server architecture. The data is broken down into blocks called segments.

The communication is made in three parts: the establishment of the connection, the transfer of the data, the end of the connection. Let's start with the establishment of the connection, it is done thanks to a three-way handshake, the first step is named SYN (synchronized), the client will send a SYN packet to the server with which it wishes to start the communication, it also randomly generates a sequence number which is transmitted in this packet. The server then replies with a SYN-ACK (synchronize, acknowledge) packet, literally acknowledgement of the synchronization request, the server's sequence number is randomly generated, the acknowledgement number corresponds to the client's sequence number incremented by one. Finally, the client sends a last ACK packet to the server to confirm that it has received the SYN-ACK packet, the sequence number of this packet is equal to the one generated by the client earlier + one, the acknowledgement number is equal to the sequence number of the server increased by 1.

Don't worry, we will see more precisely what the acknowledgement and sequence numbers correspond to ;).

Once this initialization is done, the communication can start, so let's have a closer look at the content of a TCP packet, hang on there is a lot of content 😄. This part is largely based on the wikipedia article of TCP. We will not detail the usefulness of each of these information, only the most important ones in our eyes.

Acknowledgement and sequence numbers are two random values that are incremented with the number of data received to verify that all packets have arrived in order. The initial acknowledgement and sequence numbers are generated randomly during the connection initialization sequence we saw earlier, the three way handshaking.

The "Checksum" part is in fact a condensation of the transmitted data which is calculated by the server and verified by the client in order to guarantee the integrity of the packets. If the hashes match then the packet is considered to have been transmitted without error.

The PSH (push) flag indicates that data is being sent.

The URG flag indicates the presence of urgent data.

The ECN/NS flag is used to indicate the presence of congestion on the network.

In the Options part we could for example quote the MSS (Maximum Segment Size) which corresponds to the maximum size of the data part.

We have seen the most important parts of a TCP frame, now let's study how to close a session with the TCP protocol.

To close a TCP session, it's quite simple, the first device sends a FIN packet to the second one with its sequence number, in order to check that all packets have been received before closing the communication. The server then replies with a ACK to confirm receipt of the message. The same exchange then takes place in the other direction, with the server sending a FIN packet and the client responding with a ACK.

Phew, that's a lot of stuff at once 😅. Now let's put it all into practice, if you've made it this far, you've done the hard part, well done 🎉.

You will probably notice the presence of Win; TSval and TSecr, let's look at what they correspond to

Win is the window, simply put, the maximum size of a package.

TSval and TSecr are simply timestamps, TSval is the time the packet was sent and TSecr is the time it was received, each of the two participants in the conversation can subtract these two values to determine the Round Trip Time (RTT), the time it takes for a packet to be exchanged.

If you want to inspect this simple tcp exchange yourself, the file is available here, I recommend the [Wireshark] tool (https://www.wireshark.org/) if you want to inspect packets of this type.

As you may have noticed, the TCP protocol was designed to minimize data loss, thanks to features like ACK and checksum. But these features pose a problem, the packets become heavier, the checksum part alone weighs 16 bits for example, another example, for each data sending packet (PSH), an additional ACK packet is necessary, each time! This heaviness is a problem for real time applications, other protocols like UDP that we will study soon have been created to solve this problem.

Thank you very much for coming so far, this article was rather complex I'm aware, if you have any question don't hesitate to ask them, if you want to comment don't forget that you can connect (with the Log In button) via Github, Twitter and Gitlab.

See you tomorrow !