1. TCP header
1.1 Source Port and Target Port
Each TCP segment contains the source and destination port numbers, which are used to find the originating and ending application processes. These two values together with the source IP address and destination IP address in the IP header uniquely determine a TCP connection
Port number classification
- Well-known port number
- Registered Port (Registered Port)
- Ephemeral Port
1.1.1 Well-known Port
It is well known that port numbers are assigned and controlled by IANA by a specialized agency and range from 0 to 1023. In order for the client to be able to find it at any time, the port of the server application must be fixed. Many familiar port numbers are already used and assigned to specific applications, such as HTTP using port 80, HTTPS using port 443, and SSH using port 22.
1.1.2 Registered Ports (Registered Ports)
Registered ports are not controlled by IANA, but IANA registers them and provides a list of their usage. The value ranges from 1024 to 49151.
1.1.3 Ephemeral Port
If the application does not call bind() to bind the socket to a specific port, TCP and UDP assign a unique temporary port to the socket. IANA refers to ports in the range 49152 to 65535 as ephemeral ports or Dynamic ports, also known as private ports, which are used by local applications for temporary allocation of ports.
1.2 the serial number
TCP is a byte stream oriented protocol. Each byte of the byte stream transmitted over TCP is assigned a Sequence number. The Sequence number refers to the Sequence number of the first byte of the packet
The serial number is used to identify the byte stream of data sent from T C P source to T C P receiver. It represents the first byte of data in this packet segment. If the byte stream is considered as a one-way flow between two applications, each byte is counted in line with the ordinal number. The serial number is an unsigned 32-bit number that starts at 0 when it reaches 23, 2-1.
1.2.1 Initial Sequence Number, ISN
At the beginning of establishing a connection, both parties choose a serial number, which is called the initial serial number. During the establishment of a connection, the two parties exchange the ISN with SYN packets
When a new connection is established, the S Y N flag changes to 1. The ordinal Number field contains the Initial Sequence Number (I S N) selected by the host for the connection. The first byte of data that the host sends is numbered I S N plus 1, because the S Y N flag consumes an numbered number
1.3 confirmation number
This Acknowledgment number (ACK) is used by TCP to tell the other party the next expected Acknowledgment number, and that any bytes smaller than this Acknowledgment number have been received.
Since each byte transmitted is counted, the acknowledgment sequence number contains the next sequence number that the end that sent the acknowledgment expects to receive. Therefore, the confirmation sequence number should be the last successfully received data byte sequence number plus 1. The confirmation sequence number field is valid only when the A, C, and K flags (described below) are 1.
1.4 the TCP Flags
TCP has a number of flags, some to initiate a connection to synchronize the initial sequence number, some to acknowledge the packet, and some to end the connection. TCP defines an 8-bit field for flags, and most use the last six
- U R G U rgent Pointer is valid (see section 20.8).
- A C K Confirm that the serial number is valid.
- The receiver should deliver the packet segment to the application layer as soon as possible.
- R S T Reestablishes the connection.
- S Y N Sync serial number is used to initiate a connection. This and the next flag are described in Chapter 18.
- F I N The sending task is complete.
1.5 Window Size
Flow control is provided by the declared window size at each end of the connection. The window size is the number of bytes, starting with the value indicated by the acknowledgement sequence number field, which is the byte that the receiver expects to receive. The window size is a 16-bit field, so the maximum window size is 6, 5, 5, 3, 5 bytes.
TCP introduces the TCP window scaling option as the scaling factor of the window. The scaling factor value ranges from 0 to 14. The minimum value 0 indicates no scaling, and the maximum value 14. Scale factor can expand the window to the original 2 n power, for example, the window size before scaling is 1050, scaling factor is 7, then the real window size is 1050 * 128 = 134400. If the SYN packet is not captured, the Wireshark does not know the true window zoom value.
1.6 Emergency Pointers
The emergency pointer is valid only when the U R G flag is set to 1. The emergency pointer is a positive offset that is added to the value in the ordinal field to indicate the ordinal number of the last byte of the emergency data. Emergency mode is a way for the sender to send emergency data to the other end.
1.7 inspection and
Check and cover the entire T C P message segment: T C P header and T C P data. This is a mandatory field that must be computed and stored by the originator and validated by the receiver.
1.8 options
Common options are as follows:
- MSS: Indicates the maximum segment size that TCP allows to receive packets from the peer
The most common optional field is the Maximum Segment Size (MSS). Each connector typically specifies this option in the first message segment of the communication (the segment where the S Y N flag is set for establishing the connection). It indicates the maximum length of the packet segment that can be received by the local end.
- SACK: Select the confirmation option
- Window Scale: Window scaling option
The resources
Understanding TCP in Depth: From Principle to Action