IP has many weaknesses, one of which is unreliable packet delivery—packets may be dropped due to transmission errors, bad routes, and/or throughput degradation. The Transmission Control Protocol (TCP) helps reconcile these issues by providing reliable, stream-oriented connections. In fact, TCP/IP is predominantly based on TCP functionality, which is based on IP, to make up the TCP/IP suite. These features describe a connection-oriented process of communication establishment.

There are many components that result in TCP’s reliable service delivery. Following are some of the main points:

• Streams. Data is systematized and transferred as a stream of bits, organized into 8-bit octets or bytes. As these bits are received, they are passed on in the same manner.

• Buffer Flow Control. As data is passed in streams, protocol software may divide the stream to fill specific buffer sizes. TCP manages this process, and assures avoidance of a buffer overflow. During this process, fast-sending stations may be stopped periodically to keep up with slow-receiving stations.

• Virtual Circuits. When one station requests communication with another, both stations
inform their application programs, and agree to communicate. If the link or communications between these stations fail, both stations are made aware of the breakdown and inform their respective software applications. In this case, a coordinated retry is attempted.

• Full Duplex Connectivity. Stream transfer occurs in both directions, simultaneously, to reduce overall network traffic.

TCP organizes and counts bytes in the data stream using a 32-bit sequence number. Every TCP packet contains a starting sequence number (first byte) and an acknowledgment number (last byte). A concept known as a sliding window is implemented to make stream transmissions more efficient. The sliding window uses bandwidth more effectively, because it will allow the transmission of multiple packets before an acknowledgment is required.

TCP Packet Format and Header Snapshots

Keeping in mind that it is important to differentiate between captured packets—whether they are TCP, UDP, ARP, and so on. The components are defined in the following list:

Source Port. Specifies the port at which the source processes send/receive TCP services.

Destination Port. Specifies the port at which the destination processes send/receive TCP services.

Sequence Number. Specifies the first byte of data or a reserved sequence number for a future process.

Acknowledgment Number. The sequence number of the very next byte of data the sender should receive.

Data Offset. The number of 32-bit words in the header.

Reserved. Held for future use.

Flags. Control information, such as SYN, ACK, and FIN bits, for connection establishment and termination.

Window Size. The sender’s receive window or available buffer space.

Checksum. Specifies any damage to the header that occurred during transmission.

Urgent Pointer. The optional first urgent byte in a packet, which indicates the end of urgent data.

Options. TCP options, such as the maximum TCP segment size.

Data. Upper-layer information.

Ports, Endpoints, Connection Establishment

TCP enables simultaneous communication between different application programs on a single machine. TCP uses port numbers to distinguish each of the receiving station’s destinations. A pair of endpoints identifies the connection between the two stations, as mentioned earlier. Colloquially, these endpoints are defined as the connection between the two stations’ applications as they communicate; they are defined by TCP as a pair of integers in this format: (host, port). The host is the station’s IP address, and port is the TCP port number on that station. An example of a station’s endpoint is:

206.0.125.81:1026 
       (host)(port)  

An example of two stations’ endpoints during communication is: 
STATION 1 206.0.125.81:1022 
   (host)(port)

STATION 2 207.63.129.2:26 
   (host)(port) 

This technology is very important in TCP, as it allows simultaneous communications by assigning separate ports for each station connection.

When a connection is established between two nodes during a TCP session, a three-way handshake is used. This process starts with a one -node TCP request by a SYN/ACK bit, and the second node TCP response with a SYN/ACK bit. At this point, as described previously, communication between the two nodes will proceed. When there is no more data to send, a TCP node may send a FIN bit, indicating a close control signal. At this intersection, both nodes will close simultaneously.

The User Datagram Protocol (UDP) operates in a connectionless fashion; that is, it provides the same unreliable, datagram delivery service as IP. Unlike TCP, UDP does not send SYN/ACK bits to assure delivery and reliability of transmissions. Moreover, UDP does not include flow control or error recovery functionality. Consequently, UDP messages can be lost, duplicated, or arrive in the wrong order. And because UDP contains smaller headers, it expends less network throughput than TCP and so can arrive faster than the receiving station can process them.

UDP is typically utilized where higher-layer protocols provide necessary error recovery and flow control. Popular server daemons that employ UDP include Network File System (NFS), Simple Network Management Protocol (SNMP), Trivial File Transfer Protocol (TFTP), and Domain Name System (DNS), to name a few.

UDP does not include flow control or error recovery, and can be easily duplicated.

UDP Formatting, Encapsulation, and Header Snapshots

UDP messages are called user datagrams. These datagrams are encapsulated in IP, including the UDP header and data, as it travels across the Internet. Basically, UDP adds a header to the data that a user sends, and passes it along to IP. The IP layer then adds a header to what it receives from UDP. Finally, the network interface layer inserts the datagram in a frame before sending it from one machine to another.

As just mentioned, UDP messages contain smaller headers and consume fewer overheads than TCP. The components are defined in the following list.

Source/Destination Port. A 16-bit UDP port number used for datagram processing.

Message Length. Specifies the number of octets in the UDP datagram.

Checksum. An optional field to verify datagram delivery.

Data. The data handed down to the TCP protocol, including upper-layer headers.

UDP provides multiplexing (the method for multiple signals to be transmitted concurrently into an input stream, across a single physical channe l) and demultiplexing (the actual separation of the streams that have been multiplexed into a common stream back into multiple output streams) between protocol and application software.

Multiplexing and demultiplexing, as they pertain to UDP, transpire through ports. Each station application must negotiate a port number before sending a UDP datagram. When UDP is on the receiving side of a datagram, it checks the header (destination port field) to determine whether it matches one of station’s ports currently in use. If the port is in use by a listening application, the transmission proceeds; if the port is not in use, an ICMP error message is generated, and the datagram is discarded.