TCP: Transmission Control Protocol

The reliable, connection-oriented transport protocol that powers the internet. TCP guarantees ordered delivery of data between applications, making it the backbone of HTTP, HTTPS, SSH, FTP, and countless other protocols.

Type

Transport Layer

Port Range

0-65535

Header Size

20-60 bytes

Standard

RFC 9293

What is TCP?

TCP (Transmission Control Protocol) is the core transport layer protocol of the internet. It provides reliable, ordered, and error-checked delivery of data between applications running on hosts connected by an IP network. When you browse the web, send an email, or transfer a file, TCP is working behind the scenes to ensure every byte arrives correctly and in order.

TCP is a connection-oriented protocol, meaning two hosts must establish a connection before exchanging data. This stands in contrast to connectionless protocols like UDP, which send data without establishing a session first.

Originally defined in RFC 793 (1981), TCP is one of the oldest and most important protocols in the TCP/IP suite. It has been refined over decades, with the most recent comprehensive update published as RFC 9293 (2022). Nearly every major application protocol relies on TCP for transport, including HTTP, HTTPS, SSH, FTP, SMTP, and many more.

How TCP Works: The 3-Way Handshake

Before any data can be sent, TCP requires both endpoints to agree on a connection through a process called the 3-way handshake. This process synchronizes sequence numbers and confirms that both sides are ready to communicate.

The handshake works in three steps. First, the client sends a SYN (synchronize) segment to the server, proposing an initial sequence number. Second, the server responds with a SYN-ACKsegment, acknowledging the client's sequence number and proposing its own. Third, the client sends an ACKsegment to acknowledge the server's sequence number. At this point, the connection is fully established and data transfer can begin.

Sequence numbers are critical to TCP's reliability. Each byte of data is assigned a sequence number, allowing the receiver to reassemble segments in the correct order and detect any missing data. The initial sequence numbers chosen during the handshake are randomized to prevent spoofing attacks.

TCP 3-Way HandshakeClientServerSYN, Seq=100SYN-ACK, Seq=300, Ack=101ACK, Ack=301Connection EstablishedData TransferData TransferTCP 3-way handshake establishes a reliable connection before data transfer
The TCP 3-way handshake (SYN, SYN-ACK, ACK) establishes a reliable, bidirectional connection between client and server before any data is exchanged.

TCP Segment Structure

Every TCP segment consists of a header followed by an optional data payload. The header is at least 20 bytes long and can extend up to 60 bytes when options are included. Understanding the header fields is essential for anyone working with network protocols, packet analysis, or troubleshooting.

The key header fields are: Source Port and Destination Port (16 bits each) identify the sending and receiving applications. Sequence Number (32 bits) tracks the position of the first data byte in this segment. Acknowledgment Number (32 bits) tells the sender which byte the receiver expects next. Data Offset (4 bits) indicates the header length. Flags (9 bits) control connection state and data handling. Window Size (16 bits) advertises how much data the receiver can accept.

Additional fields include the Checksum for error detection, the Urgent Pointer for priority data, and a variable-length Options field. Common options include Maximum Segment Size (MSS), window scaling for high-bandwidth connections, Selective Acknowledgment (SACK) for efficient retransmission, and timestamps for round-trip time measurement.

TCP Segment Structure0151631Source Port (16 bits)Destination Port (16 bits)Sequence Number (32 bits)Acknowledgment Number (32 bits)Data Offset(4 bits)Rsrvd(3 bits)Flags (9 bits)URGACKPSHRSTSYNFINWindow Size (16 bits)Checksum (16 bits)Urgent Pointer (16 bits)Options (variable length, padded to 32-bit boundary)Data / Payload (variable length)Minimum header size: 20 bytes (without options) | Maximum: 60 bytes
TCP segment structure showing the header fields that enable reliable, ordered delivery of data including sequence numbers, acknowledgments, flow control, and flags.

TCP Flags Explained

TCP flags are single-bit fields in the segment header that control how the segment should be processed. Multiple flags can be set simultaneously (for example, SYN and ACK are both set in the second step of the handshake). Here are the six primary flags and their purposes.

FlagNamePurpose
SYNSynchronizeInitiate a connection and synchronize sequence numbers
ACKAcknowledgeAcknowledge received data; the acknowledgment number field is valid
FINFinishGracefully close the connection; no more data from sender
RSTResetAbort the connection immediately due to an error or unexpected segment
PSHPushPush buffered data to the receiving application immediately
URGUrgentIndicates the urgent pointer field is valid; prioritized data follows

Flow Control and Window Size

TCP uses a sliding window mechanismfor flow control. The receiver advertises how much buffer space it has available by setting the Window Size field in each acknowledgment segment. The sender is not allowed to have more unacknowledged data in flight than the receiver's advertised window permits.

This mechanism prevents a fast sender from overwhelming a slow receiver. If the receiver's buffer fills up, it advertises a window size of zero, which tells the sender to pause. Once the receiver processes some data and frees buffer space, it sends an updated window size and the sender resumes transmission.

The original 16-bit window size field limits the window to 65,535 bytes, which is insufficient for high-bandwidth, high-latency links (such as satellite connections or transcontinental fiber). The Window Scaling option, defined in RFC 7323, allows the window to be scaled by a factor of up to 2^14, supporting effective window sizes over 1 gigabyte.

Congestion Control

While flow control prevents the sender from overwhelming the receiver, congestion control prevents the sender from overwhelming the network itself. TCP dynamically adjusts its sending rate based on detected network conditions, using several interrelated algorithms.

Slow Start: when a connection begins, TCP sends data conservatively and doubles its sending rate with each round trip until it detects congestion or reaches a threshold. Congestion Avoidance: after reaching the threshold, TCP increases its rate more gradually, adding roughly one segment per round trip.

Fast Retransmit: when the sender receives three duplicate acknowledgments for the same data, it retransmits the missing segment immediately without waiting for a timeout. Fast Recovery: after a fast retransmit, TCP reduces its sending rate by half rather than restarting from slow start, allowing faster recovery from isolated packet losses.

Modern TCP implementations use advanced algorithms like CUBIC (default on Linux) and BBR (developed by Google) that further optimize throughput and latency across diverse network conditions.

TCP Connection Teardown

Closing a TCP connection requires a 4-way handshake to ensure both sides finish transmitting all data. Either endpoint can initiate the close. The initiator sends a FIN segment, signaling it has no more data to send. The other side responds with an ACK. When the second side is also done sending data, it sends its own FIN, and the initiator responds with a final ACK.

TCP also supports a half-close state, where one side has finished sending but can still receive data. This is useful for protocols where the client sends a request, closes its end, and then waits for the server to stream a response.

After closing, the initiating side enters the TIME_WAIT state, which lasts for twice the maximum segment lifetime (typically 60 seconds). This ensures that any delayed segments from the old connection are discarded before a new connection reuses the same port pair. TIME_WAIT can consume resources on busy servers, which is why options like SO_REUSEADDR exist to mitigate the impact.

Common Use Cases for TCP

  • Web browsing: HTTP and HTTPS rely on TCP for reliable page and resource delivery
  • Email: SMTP, IMAP, and POP3 all use TCP to ensure messages are delivered completely and in order
  • File transfer: FTP and SFTP depend on TCP to guarantee that files arrive intact without corruption
  • Remote access: SSH uses TCP to provide reliable, encrypted terminal sessions
  • Database connections: MySQL, PostgreSQL, and most database systems communicate over TCP
  • Industrial automation: Modbus TCP carries industrial control data over TCP/IP networks

Frequently Asked Questions About TCP

What is the difference between TCP and UDP?

TCP is connection-oriented and guarantees reliable, ordered delivery of data. It uses handshakes, acknowledgments, and retransmissions to ensure nothing is lost. UDP is connectionless and offers no delivery guarantees. UDP is faster and has less overhead, making it ideal for real-time applications like video streaming, gaming, and DNS lookups where occasional packet loss is acceptable.

Why does TCP use a 3-way handshake?

The 3-way handshake ensures that both sides can send and receive data, and that both agree on initial sequence numbers. A two-step handshake would not confirm that the initiator can receive the responder's data. The three steps also help prevent old, duplicate connection requests from being accepted as new connections.

What happens when a TCP packet is lost?

When a segment is lost, the receiver will not acknowledge it. The sender detects the loss either through a retransmission timeout or by receiving three duplicate ACKs for the preceding data. In either case, the sender retransmits the missing segment. TCP guarantees that the application eventually receives all data in the correct order, even if retransmissions are needed.

What is TCP window scaling?

Window scaling is a TCP option (RFC 7323) that extends the 16-bit window size field beyond its 65,535-byte limit. During the handshake, both sides negotiate a scaling factor. This allows effective window sizes of over 1 gigabyte, which is essential for high-bandwidth, high-latency links where large amounts of data need to be in flight simultaneously.

What is the TCP TIME_WAIT state?

TIME_WAIT is a state entered by the side that initiates connection closure. It lasts for twice the maximum segment lifetime (usually about 60 seconds). The purpose is to ensure that any delayed segments from the closed connection are not mistakenly delivered to a new connection using the same source and destination port pair.

Can TCP and UDP use the same port number?

Yes. TCP and UDP maintain separate port number spaces. A server can listen on TCP port 53 and UDP port 53 simultaneously, which is exactly what DNS servers do. The transport protocol (TCP or UDP) and the port number together identify a unique endpoint.

Related Protocols

  • UDP: connectionless transport protocol offering speed over reliability
  • HTTP: application layer protocol that relies on TCP for web communication
  • HTTPS: HTTP with TLS encryption, built on top of TCP connections
  • Modbus TCP: industrial protocol that carries Modbus data over TCP/IP networks