How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 793 http://tools.ietf.org/html/rfc793
RFC 1146 http://tools.ietf.org/html/rfc1146
RFC 1072 http://tools.ietf.org/html/rfc1072
RFC 1323 http://tools.ietf.org/html/rfc1323
RFC 1693 http://tools.ietf.org/html/rfc1693

IETF RFC793 defines the Transmission Control Protocol (TCP). TCP provides a reliable stream delivery and virtual connection service to applications through the use of sequenced acknowledgment with retransmission of packets when necessary.

The TCP header structure is as follows:

16
32 bits

Source port

Destination port

Sequence number

Acknowledgement number

Offset

Resrvd

U

A

P

R

S

F

Window

Checksum

Urgent pointer

Option + Padding

Data

TCP header structure

Source port
Source port number.

Destination port
Destination port number.

Sequence number
The sequence number of the first data octet in this segment (except when SYN is present). If SYN is present, the sequence number is the initial sequence number (ISN) and the first data octet is ISN+1.

Acknowledgment number
If the ACK control bit is set, this field contains the value of the next sequence number which the sender of the segment is expecting to receive. Once a connection is established, this value is always sent.

Data offset
4 bits. The number of 32-bit words in the TCP header, which indicates where the data begins. The TCP header (even one including options) has a length which is an integral number of 32 bits.

Reserved
6 bits. Reserved for future use. Must be zero.

Control bits
6 bits. The control bits may be (from right to left):

U (URG) Urgent pointer field significant.
A (ACK) Acknowledgment field significant.
P (PSH) Push function.
R (RST) Reset the connection.
S (SYN) Synchronize sequence numbers.
F (FIN) No more data from sender.

Window
16 bits. The number of data octets which the sender of this segment is willing to accept, beginning with the octet indicated in the acknowledgment field.

Checksum
16 bits. The checksum field is the 16 bit ones complement of the ones complement sum of all 16-bit words in the header and text. If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16-bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.

Urgent Pointer
16 bits. This field communicates the current value of the urgent pointer as a positive offset from the sequence number in this segment. The urgent pointer points to the sequence number of the octet following the urgent data. This field can only be interpreted in segments for which the URG control bit has been set.

Options
Options may be transmitted at the end of the TCP header and always have a length which is a multiple of 8 bits. All options are included in the checksum. An option may begin on any octet boundary.

There are two possible formats for an option:
  • A single octet of option type.
  • An octet of option type, an octet of option length, and the actual option data octets.

The option length includes the option type and option length, as well as the option data octets.

The list of options may be shorter than that designated by the data offset field because the contents of the header beyond the End-of-Option option must be header padding i.e., zero.

A TCP must implement all options.

Data
TCP data or higher layer protocol.

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT