TCP: reliable delivery

Цели урока

• Understand the TCP model: connection-oriented byte stream, reliability layered over unreliable IP
• Read a TCP header: SYN, ACK, FIN, RST, sequence/ack number, window
• Walk through the three-way handshake: SYN, SYN-ACK, ACK and why each step exists
• Explain how TCP detects loss: cumulative ACK, retransmit on timeout, fast retransmit
• Tell apart sequence number, acknowledgement number, and window size in a real capture

Every time you download a file and it arrives intact - that's TCP's doing. Every web page, every email, every bank transaction - TCP silently ensures that not a single byte is lost. How does it do this over unreliable communication channels?

• **Web:** HTTP/1.1 and HTTP/2 run over TCP - pages load completely
• **Email:** SMTP, IMAP, POP3 - messages arrive without losing characters
• **Files:** FTP, SFTP, rsync - files transfer without corruption

Предварительные знания

• Ports: doors into a computer

Transmission Control Protocol

**TCP** (Transmission Control Protocol) is a reliable, connection-oriented transport layer protocol. It guarantees delivery of data in the correct order, without losses or duplicates.

TCP creates the **illusion of a byte stream** between two applications. The application writes data to a socket - TCP cuts it into segments, sends them, monitors delivery, and reassembles them.

**Stream vs Datagram:** TCP is a stream protocol. There are no boundaries between messages. If you send 100 bytes, then 200 - the receiver may get 150 + 150. The application defines its own boundaries (e.g., `\n` at the end of a line).

Three-way handshake

Before data transfer, TCP establishes a connection via the **three-way handshake**. Three packets: SYN, SYN-ACK, ACK. After that - the connection is established.

**SYN flood attack:** An attacker sends thousands of SYNs without ACKs. The server wastes memory on half-open connections. Defense: SYN cookies - the server doesn't store state until it receives an ACK.

Sequence and Acknowledgment numbers

**Sequence Number (seq)** - the number of the first byte in a segment. **Acknowledgment Number (ack)** - the number of the next expected byte. Together they ensure ordering and reliability.

**ISN (Initial Sequence Number):** The initial seq is chosen randomly, not from zero. Protection against: 1) confusion with packets from old connections, 2) TCP spoofing attacks (harder to guess seq).

TCP connection states

A TCP connection goes through several states: from CLOSED through setup (SYN_SENT, ESTABLISHED) to teardown (FIN_WAIT, TIME_WAIT, CLOSED). These states are important for debugging.

**TIME_WAIT (2*MSL):** After closing, a connection stays in TIME_WAIT for 60-120 seconds. Why? To prevent old packets from that connection from entering a new one using the same ports. MSL = Maximum Segment Lifetime.

Key ideas

• **TCP** - reliable, connection-oriented, stream protocol
• **Three-way handshake:** SYN → SYN-ACK → ACK to establish
• **Seq/Ack:** byte numbering for ordering and acknowledgment
• **States:** LISTEN → ESTABLISHED → TIME_WAIT → CLOSED

Related topics

TCP is the basis of most internet protocols:

• TCP Flow Control — Sliding window - don't overwhelm the receiver
• TCP Congestion Control — Slow start, AIMD - don't overwhelm the network
• TLS — Encryption on top of TCP

Вопросы для размышления

• Why does the handshake take 1.5 RTT instead of 1 RTT?
• What happens if an ACK is lost?
• Why does TIME_WAIT last so long, and can it be disabled?

Связанные уроки

• net-14-udp — TCP vs UDP are two poles: reliability vs speed
• net-16-tcp-flow — Flow control is the next level of TCP
• net-17-tcp-congestion — Congestion control builds on top of basic TCP
• net-23-https-tls — TLS runs over TCP, adding encryption
• net-47-container-networking — Docker networking builds on the TCP/IP stack
• alg-21-dp — TCP sliding window is the same idea as DP sliding window
• bt-02-osi-tcp
• bt-24-connection-pooling