TCP

TCP (transmission control protocol) actualizes streams, transport benefits and got to by sockets.
TCP is helpful to characterize how the electronic gadgets functions when we joined with the
web world, and how the information transmission running between them. The principle work of
TCP is it separate the information into little bundles before they can sent over the system and
after that again it reassembles the information in the matter of beneficiary.

In today's reality every last web applications, for example, www (world wide web),email and so
forth utilizes TCP as a part of request to exchange information back and forth from customer
and server frameworks.
TCP/IP is present in the Transport layer of the OSI (Open Systems interconnection) model.
It is present in Layer four.

In order to send a file from workstation A to workstation B, first TCP fragments the data into
pieces so as it will be easier to transfer. Each fragment is labelled with a unique number so that
it will be easier at the workstation B to re-assemble in the correct order.

TCP segment structure: TCP accepts data from a data stream, divides in to pieces, and adds
a TCP header to create a TCP segment. TCP segments are sent as internet datagrams .the
internet protocol header carries several information fields including the source and destination
addresses. a TCP header follows the internet header, supplying information specific to the TCP
protocol.

TCP header format:

Source port: the size allocated for source port number is 16 bits.it identifies the sending port.
Destination port: the size allocated for destination port number is also 16 bits.it identifies
receiving port.
Sequence number:
The sequence number of the first data octet in this segment ,if SYN is set(1) then the sequence
number is initial sequence number and the first data octet is ISN+1.if SYN flag is
cleared(0),then this is the accumulated sequence number of the first data byte of this segment
for the current session.
Acknowledgement number: the size allocated for the acknowledgement number is 32-bit. If the
ACK control bit is set this field contains the value of the next sequence number the sender of
the segment is expecting to receive. Once a connection is established this is always sent.
Data offset :(4-bit)
The number of 32 bit words in the TCP Header. This indicates where the data begins. The
TCP header (even one including options) is an integral number of 32 bits long.
Reserved: (3-bit)
This block is reserved for future use and should be set to zero.
Flags: it contains 9 one bit flags.

NS (1 bit) ECN-nonce concealment protection. it simply not return congestion controls

to the sender.

CWR (1 bit) Congestion Window Reduced (CWR) flag is set by the sending host to
indicate that it received a TCP segment with the ECE flag set and had responded in
congestion control mechanism.

ECE (1 bit) ECN-Echo has a dual role, depending on the value of the SYN flag. It
indicates:

If the SYN flag is set (1), that the TCP peer is ECN capable.

If the SYN flag is clear (0), that a packet with Congestion Experienced flag in IP
header set is received during normal transmission.

URG (1 bit) indicates that the Urgent pointer field is significant

ACK (1 bit) indicates that the Acknowledgment field is significant. All packets after
the initial SYN packet sent by the client should have this flag set.
PSH (1 bit) Push function. Asks to push the buffered data to the receiving application.
RST (1 bit) Reset the connection
SYN (1 bit) Synchronize sequence numbers. Only the first packet sent from each end
should have this flag set. Some other flags and fields change meaning based on this
flag, and some are only valid for when it is set, and others when it is clear.
FIN (1 bit) No more data from sender.

Window: it occupies 16-bits,which specifies the number of window size units that the sender of
this segment is currently willing to receive.
Checksum: the 16-bit checksum field is used for error checking.
Urgent pointer: (16-bit)
If URG flag is set then this 16-bit is an offset from the sequence number indicating the last
urgent byte.
Options: The length of this field is determined by the data offset field. Options have up to three
fields: Option-Kind (1 byte), Option-Length (1 byte), Option-Data (variable). The Option-Kind
field indicates the type of option, and is the only field that is not optional. Depending on what
kind of option we are dealing with, the next two fields may be set: the Option-Length field
indicates the total length of the option, and the Option-Data field contains the value of the
option, if applicable.
TCP over wired network:
In a wired network Host remains at a fixed position and carry a solid, steady download
and transfer speed unaffected by nature. There is no need to give wireless access password.
As these systems are shut off and don't go through the air, they aren't helpless to variances in
velocity or impedance from different remote gadgets. In the event that you need to keep your
system as shut and secure, then a wired system is the best approach.
TCP over wireless network:

In a wireless communication there are chances of packet missing. The main reason is
due to fading channels and user mobility, transmission losses are more frequent. Error rates on
wireless links are higher when compared to fixed network. This makes compensation for
packet loss by TCP quite difficult. Congestion control is more in wireless network. This
affects TCP throughput and increases the interaction delay to deliver the packet to receiver
end.The lost packet creates a congestion avoidance mechanism, which essentially makes the
sender window smaller, which leads TCP to back off too much and unable to reach the
expected level

3 Way hand shake diagram:TCP stages: Association setup, information transmission, association discharge.
Utilizing 3-way handshake needs 3 bundles for setup and discharge individually.
In this way, even short messages require at least 7 parcels!

Connection establishment:To set up a connection, TCP utilizes a three-way handshake. Before a host establishes a
connection with a server, the server should first tie to and listen at a port to open it up for active
listeners this is known as a passive open. Once the connection is built up, data transfer may
start up. To set up an association, the three-way (or 3-stage) handshake happens:

1.) SYN: The connection is opened by the client sending a SYN to the server.
The client sets the sequence number as A.
2.) SYN-ACK: In return the server replies with a SYN-ACK. The
acknowledgement number is set to one more than the received sequence

number i.e., A+1. And now the sequence number that the server chooses
for the packet is another random number, B.
3.) ACK: Finally, the client sends an ACK back to the server. The progression
number is set to the A+1, and the confirmation number is set to one more
than the got gathering number i.e. B+1.
Now that both the client and server have received an acknowledgement of the connection. A
complete connection is established.

Connection Termination:The connection termination utilizes a four-way handshake, with every side of the
association ending freely. At the point when an endpoint wishes to stop its half of the
association, it transmits a FIN parcel, which the other end recognizes with an ACK. Hence, a
common tear-down requires a couple of FIN and ACK sections from every TCP endpoint. After
the side that sent the first FIN has reacted with the last ACK, it sits tight for a timeout before at
long last shutting the connection.
Connection can also be terminated using a 3 way handshake. First host A sends a FIN and host
B answers with a FIN and ACK and host A answers with an ACK. Now the connection is
terminated.

Split TCP connection:Split TCP is used to solve complicated TCP problems with large RTTs (round-triptime: is the time taken for a signal to be sent plus time taken for an acknowledgement of that
signal received). A complicated system uses Split TCP PEPs to improve TCP. Performance
over a satellite link. Split TCP functions by breaking the end-to-end connection into multiple
connections and using different parameters to transfer data across the different legs. The end
systems use standard TCP with no modifications, and do not need to know of the existence of
the PEPs in between. Split TCP intercepts TCP connections from the end systems and
terminate them. This allows the end systems to run unmodified and can overcome some
problems with TCP window sizes on the end systems being set too low for satellite
communications.

Features of TCP:
1) Multi-Vendor Support. TCP/IP is implemented by many hardware and software vendors. It is
an industry standard and not limited to any specific vendor.
2) Interoperability. Today we can work in a heterogeneous network because of TCP/IP. A user
who is sitting on a Windows box can download files from a Linux machine, because both
Operating Systems support TCP/IP. TCP/IP eliminates the cross-platform boundaries.
3) Logical Addressing. Every network adapter has a globally unique and permanent physical
address, which is known as MAC address (or hardware address). The physical address is burnt
into the card while manufacturing. Low-lying hardware-conscious protocols on a LAN deliver

data packets using the adapter's physical address. The network adapter of each computer listens
to every transmission on the local network to determine whether a message is addressed to its
own physical address.

For a small LAN, this will work well. But when your computer is connected to a big network like
internet, it may need to listen to millions of transmissions per second. This may cause your
network connection to stop functioning.
To avoid this, network administrators often segment (divide) big networks into smaller networks
using devices such as routers to reduce network traffic, so that the unwanted data traffic from one
network may not create problem in another network. A network can be again subdivided into
smaller subnets so that a message can travel efficiently from its source to the destination. TCP/IP
has a robust sub netting capability achieved using logical addressing. A logical address is an
address configured through the network software. The logical addressing system used in TCP/IP
protocol suit is known as IP address.
4) Routability A router is a network infrastructure device which can read logical addressing
information and direct data across the network to its destination .TCP/IP is a routable protocol,
which means the TCP/IP data packets can be moved from one network segment to another.
5) Name Resolution. IP addresses are designed for the computers and it is difficult for humans to
remember many IP addresses. TCP/IP allows us to use human-friendly names, which are very
easy to remember. Name Resolutions servers (DNS Servers) are used to resolve a human
readable name (also known as Fully Qualified Domain Names (FQDN)) to an IP address and vice
versa.
6) Error Control and Flow Control. The TCP/IP protocol has features that ensure the reliable
delivery of data from source computer to the destination computer. TCP (Transmission Control
Protocol) defines many of these error-checking, flow-control, and acknowledgement functions.
7) Multiplexing/De-multiplexing. Multiplexing means accepting data from different applications
and directing that data to different applications listening on different receiving computers. On the
receiving side the data need to be directed to the correct application, for that data was meant for.
This is called De-multiplexing. We can run many network applications on the same computer. By
using logical channels called ports, TCP/IP provides means for delivering packets to the correct
application. In TCP/IP, ports are identified by using TCP or UDP port numbers.
8) Congestion Control: Blockage may happen once in a while even in a precisely outlined
networks. The data packets of a switch are filled and the switch can't forward the packets quickly
enough because the data's whole rates of bundles bound for one yield connection is higher than
the capacity of the receiver. To overcome this problem, the switch drops the packets. A dropped
packet is lost for the transmission, and the recipient sees a breach in the packet stream. Now the
receiver does not specifically tell the sender which packet is missing, however proceeds to
acknowledge all in a group bundles up to the missing one. The sender sees the missing packet
acknowledgement for the lost packet and expect a packet misfortune because of congestion.
Retransmitting the missing packet and proceeding at full flow would now be possible, as this
may just build the blockage. To relieve this congestion, TCP backs off the transmission rate
drastically. All other TCP associations encountering the same congestion do the same thing, so
the blockage is resolved.

Explicit Congestion Notification:Explicit Congestion Notification (ECN) is an extension to the Internet Protocol and to the
Transmission Control Protocol. ECN permits end-to-end notification of system clog without
dropping packets. ECN is a discretionary component that is utilized between two ECNendpoints. In TCP/IP, switches work inside the Internet layer, while the transmission rate is taken
care by the endpoints at the transport layer.
Operation of ECN with IP:ECN uses two least significant bits of the field in the IPV4 or IPV6 header to encode four
different code points:

00 - Non ECN-Capable Transport Non-ECT

10 - ECN Capable Transport ECT(0)

01 - ECN Capable Transport ECT(1)

11 - Congestion Encountered CE.

At the point when both endpoints support ECN they stamp their packets with ECT(0) or
ECT(1). In the event that the packet crosses a Active Queue Management (AQM) line that is
encountering congestion and the relating switch underpins ECN, it may change the codepoint to
CE rather than dropping the packet. This process is referred to as marking and its purpose is to
inform the other endpoint of impending congestion. At the receiving end,this congestion is
handled by transport layer, and needs to inform the transmitting node to signal to reduce the
transmitting speed.
Operation of ECN with TCP:
TCP supports ECN using 3 flags in the TCP header.
1.) Nonce Sum (NS)
2.) ECN-Echo.
3.) Congestion window reduced (CWR).
1.) Nonce Sum :- It is used to protect from malicious packets from TCP sender.
2.) ECN-ECHO :- It is used to send a signal to sender in order to reduce the amount of
packets it sends.
3.) CWR :- It is a place where the transmitting rate is controlled between sender and
receiver. This window is maintained by sender.

Dependable byte stream administration:TCP conveys all the information correctly, without any lapses despite the fact that the ip is
unreliable. The information which is transferring is broken into little fragments. In TCP segment
is an information bundle which comprise of header and some application information.

TCP Timestamps:TCP time stamps, help TCP determine in which order packets were sent. TCP timestamps are not
normally aligned to the system clock and start at some random value.
There are 2 timestamp fields:4 byte sender timestamp value
4 byte echo reply timestamp value
And also these timestamps are used in an algorithm known as Protection Against Wrapped
Sequence numbers (PAWS), to determine if retransmissions are occurring because packets are
lost or simply out of order.

TCP port numbers:

TCP uses port numbers to distinguish sending and accepting application end-focuses on a host,
frequently called Internet attachments. Every side of a TCP association has a related 16-bit
unsigned port number (0-65535) held by the sending or accepting application. Arriving TCP
parcels are distinguished as fitting in with a particular TCP association by its attachments, that
is, the mix of source host location, source port, destination host location, and destination port.

This implies that a server PC can give a few customers a few administrations all the
while, the length of a customer deals with starting any synchronous associations with one
destination port from diverse source ports.

Port numbers are ordered into three essential classifications: understood, enlisted, and
dynamic/private. The surely understood ports are relegated by the Internet Assigned Numbers
Authority (IANA) and are regularly utilized by framework level or root forms. Surely understood
applications running as servers and inactively listening for associations ordinarily utilize these
ports.

A few examples: FTP (20 and 21), SSH (22), TELNET (23), SMTP (25), SSL (443) and
HTTP (80). Enlisted ports are commonly utilized by end client applications as transient source
ports while reaching servers, yet they can likewise recognize named administrations that have
been enrolled by an outsider. Dynamic/private ports can likewise be utilized by end client
applications.

Advantages:
1.

TCP provides reliable communication between two ends. It transfers data to the
destination in time without any duplication of data.
2. In TCP all the work is done by the operating system (OS) including debugging also.
3. It transmits data by splitting in to packets. In further we will know how it is going to
split the data and how it helps for a perfect communication.
4. It consequently separates information into parcels for you.
5. It is slower in functioning compared to UDP, so that TCP can re transmit the missing
packets of data.

Disadvantages:
1. Sometimes advantages also become as disadvantage. In TCP all the work is done by
OS, so if there is any bugs in our operating system then we may face problems in surfing
and downloading data from the internet.
2. TCP cannot used for broadcast and multicast transmission.

Wire shark-Introduction:
Wire shark is free and open-source packet analyzer. It is mainly used for network
troubleshooting. Wire shark is like a measuring device used to examine what's going inside a
network cable. Wire shark can be available for both UNIX and windows, we can capture live
packet data from a network interface, we can also save captured data and we can also search
for a particular packet on many.

Advantages:

System heads use it to investigate system issues.

System security architects use it to look at security issues.
Engineers use it to troubleshoot convention executions.
Individuals use it to learn system convention internals.

Packet Capturing using Wireshark:Wire shark, a network analysis tool captures packets in real time and display them in
human-readable format. Wire shark includes filters, color-coding and other features that let us
get deep into network traffic and inspect individual packet. Here are the some examples of
captured files.

Conclusion:

From all these points we can conclude that TCP is a very important protocol. Without
TCP there is no proper transmission between two ends and we also included authors view on
TCP. In our point of view with all the above discussions everyone can understand what TCP
means, how it works, and how important it is. We also included few details regarding wire
shark, how it is helpful to us in capturing and filtering the data packet