TCP
TCP (Transmission Control Protocol) operates at the Transport Layer (Layer 4) of the OSI model, providing end-to-end communication services for applications. It works closely with the Internet Protocol (IP), which operates at the Network Layer (Layer 3).
The TCP 3-Way Handshake​
The 3-way handshake is the process used by TCP to establish a reliable connection between a client and a server:
- SYN: The client sends a SYN (synchronize) packet to the server to initiate a connection.
- SYN-ACK: The server responds with a SYN-ACK (synchronize-acknowledge) packet.
- ACK: The client sends an ACK (acknowledge) packet back to the server, completing the handshake.
Client Server
| SYN --->|
|<--- SYN-ACK |
| ACK --->|
| HTTP Req --->|
To do:
- add photo of wireshark capture of TCP handshake
This process ensures both sides are ready to transmit data and agree on initial sequence numbers.
Capturing TCP Traffic: tcpdump & Wireshark​
tcpdump​
tcpdump is a command-line packet analyzer useful for capturing and inspecting TCP traffic.
sudo tcpdump tcp
# Capture all TCP packets
sudo tcpdump -i eth0 port 80
# Capture TCP traffic on interface eth0, port 80 (HTTP)
sudo tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0'
# Capture only TCP SYN packets (start of handshake)
sudo tcpdump -w capture.pcap
# Write captured packets to a file for later analysis
Wireshark​
Wireshark is a graphical network protocol analyzer, ideal for deep inspection and visualization.
- Start a capture: Open Wireshark, select your network interface, and click "Start Capturing Packets".
- Filter TCP traffic:
Entertcpin the filter bar to show only TCP packets. - Filter by port:
tcp.port == 443(shows only TCP packets on port 443) - Follow a TCP stream:
Right-click a packet and select "Follow" > "TCP Stream" to see the full conversation.
Recommended Books & Resources​
- TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens – A classic, in-depth guide to TCP/IP networking.
- Transmission Control Protocol (RFC 9293)
- Computer Networking: A Top-Down Approach
- Beej's Guide to Network Programming
Useful Tools & Links​
- tcpdump – Powerful command-line packet analyzer (Web) (Tutorial with examples)
- Wireshark – Graphical network protocol analyzer (User Guide)
- What I learned attempting the TCP Reset attack
- Transmission Control Protocol (RFC 9293)
Notes​
- TCP ensures reliable, in-order delivery of data using sequence numbers, acknowledgments, and retransmissions.
- Other transport protocols like UDP offer faster, connectionless communication but without reliability guarantees.
- Understanding TCP is essential for network troubleshooting, performance tuning, and cybersecurity.