TCP is a connection-oriented, reliable transport layer protocol. Stream delivery service - all packets belonging to same message travel together.
Buffers - sending and receiving buffers. 3 buffers at sending site - not sent, to be sent, sent but not acknowledged. 2 buffers at receiving site - empty waiting to receive, received waiting to be read.
TCP works on full duplex communication mode.
Segment - TCP groups number of bytes into segments and sends it to IP which encapsulates it in IP datagrams. Format of segment - 20-60 bytes header - 20 with no option bits, 60 with all option bits. Header fields - 1. Source port address 2. Destination port address 3. Sequence number 4. Acknowledgement number 5. Header Length 6. Reserved 7. Control 8. Window Size 9. Checksum 10. Urgent Pointer 11. Options
TCP Connection
3 phases
1. Connection Establishment
2. Data Transfer
3. Connection Termination
Connection Establishment
3 way handshaking. Client requests active open to TCP, if it wants to send data. Server requests passive open to TCP, if it ready to accept data.
1st Handshake - client sends SYN segment to server. SYN is for synchronization of sequence numbers. It consumes 1 sequence number (i.e., sequence number is incremented by 1).
2nd Handshake - server sends SYN + ACK segment, which consumes 1 sequence number. Dual purpose - SYN for communication in other direction, ACK for acknowledging receipt of previous SYN segment.
3rd Handshake - client sends ACK segment, no sequence number consumed.
Simultaneous Open - When both processes issue active open request. In this case both TCPs transmit SYN + ACK segment to each other, and single connection is established.
SYN Flodding Attack - Malicious attacker sends large number of SYN segments to server, pretending that each segment comes from different client, using fake source IP addresses in datagram. Server allocates resources, sends SYN + ACK segment, which are lost eventually. If number of fake SYN segments is large, server runs out of resources and crashes. It is a security attack, and comes under DOS (Denial of Service) Attack, as genuine SYN segments may not be served when server is busy or crashed.
Data Transfer
If data and acknowledgement are sent in same direction, ACK is piggybacked onto data. Buffers are used in data transfer. But, in interactive processes, or processes where time delay is not acceptable, PUSH request is used, to override the usage of buffers, and send and receive data simultaneously / directly.
Urgent data - When some data is to be sent urgently, out of order. Example, an abort command to stop reading data. A segment with URG bit set is sent.
Connection Termination
Can be initiated by client or server. 3 way or 4 way handshake, with half close.
3 way handshake -
1st Handshake - TCP receives close command from process, sends FIN segment, which may contain last chunk of data.
2nd Handshake - server sends FIN + ACK segment. If these segments don't carry data, it consumes only 1 sequence number.
3rd Handshake - client sends last segment - ACK segment. No data carried, no sequence number consumed.
Half Close - one end process can stop sending data while still receiving data. Example, client can stop sending data after it has sent all data to server, while server processes data and sends it back.
Flow Control
Sliding Window - byte oriented, variable size. 3 activities - opened, closed, shrunk. Opening window means allowing more new bytes in buffer for sending. Closing a window means some bytes have been acknowledged as sent. Shrinking window means revoking eligibility of some bytes for sending. Size of window is lesser of rwnd and cwnd (receiver window, congestion window respectively).
Error Control
3 methods - Checksum, acknowledgement, time-out.
Congestion Control
Sometimes, flow of data also depends on network's capability to transmit a given amount of data. Congestion policy based on 3 phases - slow start, congestion avoidance, congestion detection.
Slow Start - Exponential Increase. Initial sizze of congestion window is 1 MSS (Maximum Segment Size). Size of window increases 1 MSS every time ACK is received. Increase is limited by ssthresh (slow start threshold).
Congestion Avoidance - Additive Increase. Starts after slow start threshold is reached. Each time the whole window of segments is acknowledged, size increases by 1.
Congestion Detection - Multiplicative Decrease. Congestion is detected when retransmission is required. After detecting congestion, window size is dropped to one half. If detection is by time-out, new slow start phase start, if it is by 3 ACKs, new congestion avoidance phase starts.
