test me

Site Search:

ICND1 break down -- TCP and UDP

The transport Layer is residing between the application and Internet layers. TCP and UDP are the most important Transport Layer protocol. Their purpose is to identify the application from which the message was received and create segments to be passed down to the Internet layer. TCP protocol also provide two additional functions:

  • Flow Control: a mechanism that enables the communicating hosts to negotiate how much data is transmitted each time with sliding window.  

  • Reliability service: a mechanism that guarantee the delivery of each packet by using sequence numbers and acknowledgments.


UDP is a connectionless and unacknowledged protocol. UDP only transmitts messages with "best effort", it does not check the delivery for segments. UDP depends on upper-layer protocols for reliability. Note that broadcast and unicast messages are carried by UDP. The protocols that use UDP include TFTP, SNMP, NFS and DNS.

The following is UPD segment structure.

bits0 - 1516 - 31
0Source PortDestination Port
64 Data 

The UDP header consists of only 4 fields. The use of two of those is optional (pink background in table). The following list is a brief explaination of the UDP header fields, here is the detailed explaination.

  • Source port -- ID of the calling port.

  • Destination port -- ID of the called port.

  • Length  -- Length of UDP header and UDP data.

  • Checksum  -- Calculated checksum of the header and data fields.


TCP is a connection-oriented, reliable protocol. TCP must establish a connection (a virtual circuit) between both ends user applications before transfer of information can begin. The services provided by TCP is running in the host computers at either end of a connection, not in the network. Therefore, TCP is a protocol for managing end-to-end connections. TCP is responsible for

  1. breaking a message passed down from the session layer into multiple segments, 

  2. attaching a sequence number to each segment,

  3. passing the segments down to the network layer at the source station,

  4. veryfying each segment passed up from the network layer at the destination station, 

  5. reassembling received segments into a message,

  6. and finally passing the message up to the session layer.

For a connection to be established, the two end stations must synchronize on each other's initial TCP sequence numbers. This initial exchange ensures that lost data can be recovered.

The following steps are followed in this initial synchronization:

  1. A --> B SYN - My sequence number is X

  2. A <-- B ACK - Your sequence number is X -1; expect X + 1 next

  3. A <-- B SYN - My sequence number is Y

  4. A --> B ACK - Your sequence number is Y -1; expect Y + 1 next

Because step 2 and 3 are combined into one message, it is called a three-way handshake.  The following diagram might better illustrate this process.

three way handshake
three way handshake

TCP will return an acknowledgment to the sender upon receipt of one or more segments. There is a field called Acknowledgment number in the TCP segment. The receiving TCP use this field to tell the sending TCP which segment to receiving TCP expecting to receive next.

In case the sender transmitting too fast, the receiver will use a TCP flow control mechanism.

  1. Drop the segments: Failed acknowledgments alert the sender to slow down or stop sending.

  2. Set a smaller window size: Each TCP acknowledgement contains a field called window Size, which specifies the number of bytes that the receiving TCP is currently prepared to receive. Setting the window size to a smaller value allows less data to be processed in the future. More specific, the widow size is the number of data segments the sender is allowed to send before getting acknoledgment from the receiver. A smaller window size means the sending TCP has to wait for more acknowledgement in order to send the same amount of data, as a result, the time cause by these extra acknowledgment slows down the data transmission process.

tcp/ip windowing
tcp/ip windowing

TCP segment structure

Bit offset0–34–78–1516–31
0Source portDestination port
32Sequence number
64Acknowledgment number
96Data offsetReservedCWRECEURGACKPSHRSTSYNFINWindow Size
128ChecksumUrgent pointer
160Options (optional)
160/192+ Data 

The TCP header consists of 11 fields, of which only 10 are required. The eleventh field is optional (pink background in table) and is aptly named "options". The following list is a brief explaination of the TCP header fields, here is the detailed explaination.

  • Source port (16 bits) – identifies the sending port

  • Destination port (16 bits) – identifies the receiving port

  • Sequence number (32 bits) – used to ensure correct sequencing of the arriving data

  • Acknowledgment number (32 bits) – next expected TCP octet.

  • Reserved (4 bits) – for future use and should be set to zero

  • Flags (8 bits) (aka Control bits) – contains 8 1-bit flags

  • Window (16 bits) – specifies the number of bytes that the receiver is currently willing to receive

  • Checksum (16 bits) – The 16-bit checksum field is used for error-checking of the header and data

  • Urgent pointer (16 bits) – Indicates the end of urgent data

  • Options (Variable 0-320 bits, divisible by 32) – The length of this field is determined by the data offset field. Options 0 and 1 are a single byte (8 bits) in length. The remaining options indicate the total length of the option (expressed in bytes) in the second byte.


As seen in the above TCP and UDP segment diagrams, both use port numbers in the source and destination fields, not IP addresses.  These port numbers are used to pass information to upper layers and also to keep track of different simultaneous network conversations.  Port numbers identify the upper layer protocol that is using the transport.

port numbers
port numbers

IANA controlled some well-known port numbers which programmers agree to use. In the above example, some of the famous well known ports are displayed. port 21 for FTP, port 23 for Telnet, port 25 for SMPT, port 53 for DNS, port 69 for TFTP and port 161 for SNMP.

There are many difference between TCP and UDP.


  • Guaranteed delivery

  • Error detection and recovery: Sequence numbers and acknowledgments cover discarding duplicate packets, retransmission of lost packets, and ordered-data transfer. To assure correctness a checksum field is included.

  • Windowing: the receiver specifies in the receive window field the amount of additional received data (in bytes) that it is willing to buffer for the connection. The sending host can send only up to that amount of data before it must wait for an acknowledgment and window update from the receiving host.

  • Connection-oriented: use three-way handshake (SYN, SYN/ACK, ACK)

  • no broadcasting and unicasting service


  • best-effort delivery

  • No error detection and recovery

  • No windowing

  • Connectionless

  • support broadcasting and multicasting

ICND1 and ICND2 break down

No comments:

Post a Comment