TCP
The Transmission Control Protocol (TCP) is a core protocol of the Internet Protocol Suite (TCP/IP). It provides reliable, ordered, and error-checked delivery of data between applications running on hosts in a network. TCP is widely used for applications where data integrity and order are critical, such as web browsing, email, and file transfers.
🌐 TCP in the OSI Model
TCP operates at the Transport Layer (Layer 4) of the OSI model, providing end-to-end communication services for applications. It works closely with the Internet Protocol (IP), which operates at the Network Layer (Layer 3).
🤝 The TCP 3-Way Handshake
The 3-way handshake is the process used by TCP to establish a reliable connection between a client and a server:
- SYN: The client sends a SYN (synchronize) packet to the server to initiate a connection.
- SYN-ACK: The server responds with a SYN-ACK (synchronize-acknowledge) packet.
- ACK: The client sends an ACK (acknowledge) packet back to the server, completing the handshake.
Client Server
| SYN --->|
|<--- SYN-ACK |
| ACK --->|
This process ensures both sides are ready to transmit data and agree on initial sequence numbers.
🛠️ Capturing TCP Traffic: tcpdump & Wireshark
tcpdump
tcpdump is a command-line packet analyzer useful for capturing and inspecting TCP traffic.
sudo tcpdump tcp
# Capture all TCP packets
sudo tcpdump -i eth0 port 80
# Capture TCP traffic on interface eth0, port 80 (HTTP)
sudo tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0'
# Capture only TCP SYN packets (start of handshake)
sudo tcpdump -w capture.pcap
# Write captured packets to a file for later analysis
Wireshark
Wireshark is a graphical network protocol analyzer, ideal for deep inspection and visualization.
- Start a capture: Open Wireshark, select your network interface, and click "Start Capturing Packets".
- Filter TCP traffic:
Entertcpin the filter bar to show only TCP packets. - Filter by port:
tcp.port == 443(shows only TCP packets on port 443) - Follow a TCP stream:
Right-click a packet and select "Follow" > "TCP Stream" to see the full conversation.
📚 Recommended Books & Resources
- TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens – A classic, in-depth guide to TCP/IP networking.
- Transmission Control Protocol (RFC 9293)
- Computer Networking: A Top-Down Approach
- Beej's Guide to Network Programming
🛠️ Useful Tools & Links
- tcpdump – Powerful command-line packet analyzer (Web) (Tutorial with examples)
- Wireshark – Graphical network protocol analyzer (User Guide)
- What I learned attempting the TCP Reset attack
- Transmission Control Protocol (RFC 9293)
📝 Notes
- TCP ensures reliable, in-order delivery of data using sequence numbers, acknowledgments, and retransmissions.
- Other transport protocols like UDP offer faster, connectionless communication but without reliability guarantees.
- Understanding TCP is essential for network troubleshooting, performance tuning, and cybersecurity.