Mastering TCP & UDP: Headers, Flow Control, Handshakes, and Congestion Explained

TCP Overview

TCP (Transmission Control Protocol) provides reliable, connection‑oriented communication. It ensures data correctness through error detection, sequencing, acknowledgments, and retransmission mechanisms, while employing flow control and congestion control to adapt transmission rates.

TCP Header

Source port

Destination port

32‑bit sequence number

32‑bit acknowledgment number

Header length (in 4‑byte words, default 5 → 20 bytes)

Reserved bits (6 bits)

Control flags: SYN, ACK, FIN, PUSH, URG, RST

Window size (16 bits)

Checksum (16 bits) for error detection

Urgent pointer (16 bits, valid when URG=1)

Flow Control

Flow control limits the sender’s rate so the receiver can keep up.

TCP uses a sliding‑window mechanism: the receiver advertises its available buffer size, and the sender adjusts its transmission window accordingly. Zero‑window probes and persistent timers handle cases where the receiver’s window temporarily closes.

Congestion Control

Congestion control reduces transmission when the network is congested. The sender’s congestion window (cwnd) is limited by the minimum of its own congestion window and the receiver’s advertised window.

Key algorithms include:

Slow start

Congestion avoidance

Fast retransmit

Fast recovery

Three‑Way Handshake

1. Client → Server: SYN=1, seq=x

2. Server → Client: SYN=1, ACK=1, seq=y, ack=x+1

3. Client → Server: ACK=1, seq=x+1, ack=y+1

SYN and FIN flags each consume one sequence number even when no data is carried.

Four‑Way Termination

1. Client → Server: FIN=1, ACK=1, seq=u, ack=v

2. Server → Client: ACK=1, ack=u+1, seq=v

3. Server → Client: FIN=1, ACK=1, seq=w, ack=u+1

4. Client → Server: ACK=1, ack=w+1, seq=u+1

The Maximum Segment Lifetime (MSL) is typically set to 2 minutes; waiting 2 MSL ensures all delayed packets are discarded before the connection is fully closed.

SYN Flood Attack

Attackers send a flood of SYN packets with spoofed source addresses. The server allocates resources for each half‑opened connection, filling the SYN queue and preventing legitimate connections, leading to denial‑of‑service.

UDP Overview

UDP (User Datagram Protocol) is connection‑less, provides no reliability guarantees, and has a fixed 8‑byte header. It is suitable for real‑time applications such as VoIP and video conferencing.

TCP vs UDP Comparison

Connection orientation

TCP: connection‑oriented (three‑way handshake, four‑way termination)

UDP: connection‑less

Broadcast/Multicast support

UDP supports one‑to‑many, many‑to‑many communication; TCP supports only one‑to‑one.

Application‑layer message handling

UDP is message‑oriented; TCP is byte‑stream oriented.

Reliability

TCP provides reliable, ordered delivery; UDP provides best‑effort delivery.

Header overhead

UDP header: 8 bytes

TCP header: 20–60 bytes

Overall, TCP is chosen for applications requiring reliable data transfer, while UDP is preferred for latency‑sensitive scenarios where occasional loss is acceptable.