Understanding TCP & UDP: Headers, Handshakes, Flow & Congestion Control

TCP Overview

Header fields

The TCP segment header is 20 bytes minimum (5 × 4‑byte words) and may be extended to 60 bytes with options. It contains the following fields:

Source port (16 bits)

Destination port (16 bits)

Sequence number (32 bits) – identifies the first byte of data in this segment.

Acknowledgment number (32 bits) – the next expected byte from the peer (valid when ACK=1).

Data offset (4 bits) – header length in 32‑bit words.

Reserved (6 bits) – set to zero.

Control flags (6 bits): SYN, ACK, FIN, PSH, URG, RST.

Window size (16 bits) – receiver’s advertised receive buffer (flow control).

Checksum (16 bits) – covers header, data and padding for error detection.

Urgent pointer (16 bits) – valid only when URG=1, points to the last urgent byte.

Flow control

TCP uses a sliding‑window mechanism. The sender’s effective send window is the minimum of its own congestion window (cwnd) and the receiver’s advertised window (rwnd): send_window = min(cwnd, rwnd) If rwnd becomes zero, the sender starts a persistent timer and periodically sends zero‑window probes to test whether the receiver has opened its window.

Congestion control

The classic congestion‑control algorithm consists of four phases:

Slow start : cwnd starts at one MSS (Maximum Segment Size) and doubles each RTT (exponential growth) until it reaches the slow‑start threshold (ssthresh).

Congestion avoidance : after cwnd ≥ ssthresh, cwnd grows linearly (≈ MSS per RTT).

Fast retransmit : upon receipt of three duplicate ACKs, the sender retransmits the missing segment without waiting for a timeout.

Fast recovery : cwnd is reduced (typically to ssthresh = cwnd/2) but not to the initial value, allowing quicker resumption of transmission.

Key parameters:

MSS – maximum segment size.

ssthresh – slow‑start threshold.

cwnd – congestion window (in MSS units).

rwnd – receiver’s advertised window.

RTT – round‑trip time, used for timeout calculation.

Connection establishment and termination

Three‑way handshake (client → server → client):

Client → Server: SYN=1, seq=x Server → Client: SYN=1, ACK=1, seq=y, ack=x+1 Client → Server: ACK=1, seq=x+1, ack=y+1 Both SYN and FIN flags consume one sequence number even when no payload is carried.

Four‑way termination :

Client → Server: FIN=1, ACK=1, seq=u, ack=v Server → Client: ACK=1, seq=v, ack=u+1 Server → Client: FIN=1, ACK=1, seq=w, ack=u+1 Client → Server: ACK=1, seq=u+1, ack=w+1 After the final ACK, each side waits for 2 × MSL (Maximum Segment Lifetime, typically 2 minutes) before discarding any delayed packets.

Half‑open (SYN) queue

When a SYN arrives, the server enters the SYN‑RCVD state and places the connection in the half‑open queue until the three‑way handshake completes. Resources are allocated only after the handshake succeeds.

SYN flood attack

An attacker sends a large number of forged SYN packets with spoofed source addresses. The server allocates a half‑open entry and replies with SYN‑ACK, then waits for the final ACK that never arrives. The backlog fills, causing legitimate connection attempts to be dropped (Denial‑of‑Service).

Data integrity mechanisms

Error control : the 16‑bit checksum is computed over the header, data and any padding. A mismatch causes the segment to be discarded.

Sequencing : each byte is numbered; the receiver reorders out‑of‑order segments before delivering a contiguous byte stream to the application.

Acknowledgment & timeout retransmission : after sending a segment, the sender starts a retransmission timer. If the timer expires before an ACK is received, the segment is retransmitted.

Flow and congestion control as described above ensure that the network is not overloaded and that the receiver’s buffer is not exceeded.

UDP Overview

UDP is a connectionless, best‑effort transport protocol. Its header is fixed at 8 bytes:

Source port (16 bits)

Destination port (16 bits)

Length (16 bits) – header plus data length

Checksum (16 bits) – optional error detection covering header and data

TCP vs UDP Comparison

Connection orientation : TCP is connection‑oriented (requires three‑way handshake and four‑way termination); UDP is connectionless.

Broadcast/Multicast support : UDP supports one‑to‑many and many‑to‑many communication; TCP supports only one‑to‑one.

Application‑layer interface : UDP delivers whole datagrams; TCP presents a reliable byte stream.

Reliability : TCP guarantees ordered delivery with retransmission; UDP provides no delivery guarantees.

Typical use cases : TCP – file transfer, email, web pages; UDP – real‑time media (VoIP, video conferencing).

Header overhead : UDP adds 8 bytes; TCP adds 20 bytes minimum, up to 60 bytes with options.