Skip to content

TCP protocol basics

Transmission Control Protocol (TCP) is a protocol used daily by all of us. In this article, I’ll take a look at how it works, the header structure, operating mechanisms, and how it ensures reliable communication.

What is it?

TCP is a transport layer protocol in the OSI model, used for transferring data between applications. Its features are connection-oriented and reliabile communication-data reaches the receiver in the correct order, without duplicates, and with error control.

TCP operates above the IP protocol, together forming the well-known TCP/IP connection.

Connection establishment 3-way handshake

Every TCP communication starts with a three-step connection establishment:

  1. SYN - the client sends an initializing packet with the SYN flag set
  2. SYN-ACK - the server responds with a confirmation packet with SYN and ACK flags
  3. ACK - the client confirms receipt and the connection is established
sequenceDiagram
    participant Client
    participant Server

    Client->>Server: SYN
    Server->>Client: SYN + ACK
    Client->>Server: ACK
    Note over Client,Server: Connection established

This mechanism prevents accidental connections and helps synchronize sequence numbers.

TCP Header Structure

Field Size (bits) Description
Source port 16 Sending port number
Destination port 16 Receiver port number
Sequence number 32 Position of the first byte in the stream
Acknowledgment number 32 Expected sequence number from the other side
Data offset 4 TCP header length
Flags 9 SYN, ACK, FIN, RST, PSH, URG, etc.
Receive window 16 How many bytes can be sent before acknowledgment is needed
Checksum 16 Error checking for header and data
Urgent pointer 16 Used with the URG flag
Options (optional) variable E.g., MSS, window scaling

Flags used in TCP communication

  • SYN - start connection
  • ACK - acknowledge data
  • FIN - end connection
  • RST - immediately terminate connection
  • PSH - data should be delivered to the application immediately
  • URG - mark data as urgent

TCP guarantees and mechanisms

Sequencing and ordering

TCP numbers every data packet sent in the stream. This allows the receiver to arrange them in the correct order, even if packets arrive out of sequence.

Acknowledgments and retransmissions

If an acknowledgment (ACK) is not received within a certain time, the packet is retransmitted. This reliability mechanism minimizes data loss.

sequenceDiagram
    participant Client
    participant Server

    Client->>Server: FIN
    Server->>Client: ACK
    Note over Client,Server: Connection half-closed

    Server->>Client: FIN
    Client->>Server: ACK
    Note over Client,Server: Connection closed on both sides

Congestion control

TCP dynamically adjusts the data transmission rate based on network signals:

  • Slow start - at the beginning of a connection, TCP slowly increases the number of bytes in flight
  • Congestion avoidance - adjusts the transmission window when congestion is detected
  • Fast retransmit - retransmits lost packets without waiting for a timeout

Closing a connection

TCP connection closure also happens in steps:

  1. One side sends FIN
  2. The other side responds with ACK
  3. The other side sends FIN
  4. The first side responds with ACK

In some cases, closure can be one-sided (so-called half-close).

TCP vs UDP

Feature TCP UDP
Connection-oriented Yes No
Data ordering Guaranteed No guarantee
Retransmission Yes No
Use cases HTTP, SSH, FTP DNS, VoIP, streaming

How does it work in Linux?

We know how it works, but what does it look like in practice on Linux?

  • The kernel implements all TCP protocol logic from connection establishment (SYN, ACK, FIN), through retransmissions, congestion control, to connection closure

  • User processes (e.g., curl, ssh, nginx) use the socket interface, which lets them send and receive data via TCP, but they don’t handle the protocol itself the kernel of the operating system does that

Example workflow:

  1. The application calls connect() on a TCP socket
  2. The kernel initiates the 3-way handshake
  3. The kernel buffers data, manages TCP windows, and handles retransmissions
  4. The application receives data via read() or recv() it doesn’t see TCP mechanics, just a clean byte stream
  5. After communication ends, the application calls close() on the socket, which starts the connection closing process

Where is it?

TCP implementation is in the Linux kernel source code-specifically in the networking subsystem (net/ipv4/tcp.c, tcp_input.c, tcp_output.c, etc.)

You can check it out in the Linux sources, the code is available online, but you can also clone and browse it yourself:

git clone https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
cd linux/net/ipv4/

Summary

TCP is a solid, well-designed protocol. Understanding how it works helps not only with debugging connections but also with designing services that are scalable and resilient to network errors.